ab8ec4bd9d4783e076c8bda3f9e0dba984e4ebdb494df6871f9c647a444699cd

Analysis

max time kernel
142s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 12:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avast_free_antivirus_setup_online.exe
Size

257KB
MD5

8356d4c424f871c71a8911dce65bea34
SHA1

489cf2c7e0b7a90355534be8b68d01ff2d60122f
SHA256

ab8ec4bd9d4783e076c8bda3f9e0dba984e4ebdb494df6871f9c647a444699cd
SHA512

77fc21b27c47b53afd0b448c11288ddaa891f99b6678b24f5cf005dde87a901b06c1fc3656eabbc8e1b07993ad646b38d33b1749b7ca14d885cd6cad0fa3d5ff
SSDEEP

3072:42RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhOn+T7:40KgGwHqwOOELha+sm2D2+Uhngufw

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks for any installed AV software in registry 1 TTPs 51 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key opened	\Registry\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online.exe
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Executes dropped EXE 11 IoCs

pid	Process
2408	avast_free_antivirus_setup_online_x64.exe
4388	instup.exe
1432	instup.exe
752	aswOfferTool.exe
3592	aswOfferTool.exe
4668	aswOfferTool.exe
3152	aswOfferTool.exe
1956	aswOfferTool.exe
2564	aswOfferTool.exe
2184	aswOfferTool.exe
4184	aswOfferTool.exe

Loads dropped DLL 13 IoCs

pid	Process
4016	avast_free_antivirus_setup_online.exe
4388	instup.exe
4388	instup.exe
4388	instup.exe
4388	instup.exe
1432	instup.exe
1432	instup.exe
1432	instup.exe
1432	instup.exe
4668	aswOfferTool.exe
1956	aswOfferTool.exe
2184	aswOfferTool.exe
4184	aswOfferTool.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "22"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "10"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "44"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "99"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: offertool_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Replacing files"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "36"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "55"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "57"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "60"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "6"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "29"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "46"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "25"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "62"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "66"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "78"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "67"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "76"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "34"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "53"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "80"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "95"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: sbr_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "100"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "30"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "69"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "91"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: offertool_x64_ais-a1b.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvBugReport.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "54"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "61"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "92"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "20"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "26"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "32"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "77"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "50"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "37"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-a1b.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: servers.def.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "65"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-a1b.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x86_ais-a1b.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instup_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "90"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "52"	instup.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2408	avast_free_antivirus_setup_online_x64.exe
2408	avast_free_antivirus_setup_online_x64.exe
1432	instup.exe
1432	instup.exe
1432	instup.exe
1432	instup.exe
1432	instup.exe
1432	instup.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: 32	2408	avast_free_antivirus_setup_online_x64.exe
Token: SeDebugPrivilege	4388	instup.exe
Token: 32	4388	instup.exe
Token: SeDebugPrivilege	1432	instup.exe
Token: 32	1432	instup.exe
Token: SeDebugPrivilege	3152	aswOfferTool.exe
Token: SeImpersonatePrivilege	3152	aswOfferTool.exe
Token: SeDebugPrivilege	2564	aswOfferTool.exe
Token: SeImpersonatePrivilege	2564	aswOfferTool.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4388	instup.exe
1432	instup.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 2408	4016	avast_free_antivirus_setup_online.exe	87
PID 4016 wrote to memory of 2408	4016	avast_free_antivirus_setup_online.exe	87
PID 2408 wrote to memory of 4388	2408	avast_free_antivirus_setup_online_x64.exe	90
PID 2408 wrote to memory of 4388	2408	avast_free_antivirus_setup_online_x64.exe	90
PID 4388 wrote to memory of 1432	4388	instup.exe	95
PID 4388 wrote to memory of 1432	4388	instup.exe	95
PID 1432 wrote to memory of 752	1432	instup.exe	96
PID 1432 wrote to memory of 752	1432	instup.exe	96
PID 1432 wrote to memory of 752	1432	instup.exe	96
PID 1432 wrote to memory of 3592	1432	instup.exe	97
PID 1432 wrote to memory of 3592	1432	instup.exe	97
PID 1432 wrote to memory of 3592	1432	instup.exe	97
PID 1432 wrote to memory of 4668	1432	instup.exe	98
PID 1432 wrote to memory of 4668	1432	instup.exe	98
PID 1432 wrote to memory of 4668	1432	instup.exe	98
PID 1432 wrote to memory of 3152	1432	instup.exe	99
PID 1432 wrote to memory of 3152	1432	instup.exe	99
PID 1432 wrote to memory of 3152	1432	instup.exe	99
PID 1432 wrote to memory of 2564	1432	instup.exe	102
PID 1432 wrote to memory of 2564	1432	instup.exe	102
PID 1432 wrote to memory of 2564	1432	instup.exe	102
PID 1432 wrote to memory of 4184	1432	instup.exe	104
PID 1432 wrote to memory of 4184	1432	instup.exe	104
PID 1432 wrote to memory of 4184	1432	instup.exe	104

C:\Users\Admin\AppData\Local\Temp\avast_free_antivirus_setup_online.exe
"C:\Users\Admin\AppData\Local\Temp\avast_free_antivirus_setup_online.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Windows\Temp\asw.b78032b754ceede6\avast_free_antivirus_setup_online_x64.exe
  "C:\Windows\Temp\asw.b78032b754ceede6\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_012_999_a7i_m /ga_clientid:632ca97e-596e-4789-bc30-dc37daa8088b /edat_dir:C:\Windows\Temp\asw.b78032b754ceede6
  2⤵
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Windows\Temp\asw.defc4a2d8969f754\instup.exe
    "C:\Windows\Temp\asw.defc4a2d8969f754\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.defc4a2d8969f754 /edition:1 /prod:ais /guid:befa3776-92c3-463e-abf8-d81806c314e7 /ga_clientid:632ca97e-596e-4789-bc30-dc37daa8088b /cookie:mmm_ava_012_999_a7i_m /ga_clientid:632ca97e-596e-4789-bc30-dc37daa8088b /edat_dir:C:\Windows\Temp\asw.b78032b754ceede6
    3⤵
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4388
  - - C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\instup.exe
      "C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.defc4a2d8969f754 /edition:1 /prod:ais /guid:befa3776-92c3-463e-abf8-d81806c314e7 /ga_clientid:632ca97e-596e-4789-bc30-dc37daa8088b /cookie:mmm_ava_012_999_a7i_m /edat_dir:C:\Windows\Temp\asw.b78032b754ceede6 /online_installer
      4⤵
      Checks for any installed AV software in registry
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1432
    - - C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe" -checkGToolbar -elevated
        5⤵
        Executes dropped EXE
        
        PID:752
    - - C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe" /check_secure_browser
        5⤵
        Executes dropped EXE
        
        PID:3592
    - - C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4668
    - - C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3152
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1956
    - - C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2564
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2184
    - - C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4184

Network

DNS

iavs9x.u.avcdn.net

avast_free_antivirus_setup_online.exe

Remote address:

8.8.8.8:53

Request

iavs9x.u.avcdn.net

IN A

Response

iavs9x.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

v7event.stats.avast.com

avast_free_antivirus_setup_online_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avast.com

IN A

Response

v7event.stats.avast.com

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
POST

http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online.exe

Remote address:

34.117.223.223:80

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
User-Agent: Avast Microstub/2.1
Content-Length: 267
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:48:50 GMT
Via: 1.1 google
POST

http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online.exe

Remote address:

34.117.223.223:80

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
User-Agent: Avast Microstub/2.1
Content-Length: 281
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:48:57 GMT
Via: 1.1 google
POST

http://www.google-analytics.com/collect

avast_free_antivirus_setup_online.exe

Remote address:

172.217.23.206:80

Request

POST /collect HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast Microstub/2.1
Content-Length: 140
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Date: Mon, 16 Oct 2023 03:48:50 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
POST

http://www.google-analytics.com/collect

avast_free_antivirus_setup_online.exe

Remote address:

172.217.23.206:80

Request

POST /collect HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast Microstub/2.1
Content-Length: 143
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Date: Mon, 16 Oct 2023 03:48:57 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

64.175.53.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.175.53.84.in-addr.arpa

IN PTR

Response

64.175.53.84.in-addr.arpa

IN PTR

a84-53-175-64deploystaticakamaitechnologiescom
DNS

223.223.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.223.117.34.in-addr.arpa

IN PTR

Response

223.223.117.34.in-addr.arpa

IN PTR

22322311734bcgoogleusercontentcom
DNS

206.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.217.172.in-addr.arpa

IN PTR

Response

206.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f141e100net

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f14�I

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f206�I
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
GET

http://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe

avast_free_antivirus_setup_online.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/avast_free_antivirus_setup_online_x64.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: avast! Antivirus (instup)
Host: iavs9x.u.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Last-Modified: Tue, 19 Sep 2023 16:56:22 GMT
ETag: "6509d2b6-9ef938"
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Content-Type: application/octet-stream
Content-Length: 10418488
Accept-Ranges: bytes
Cache-Control: max-age=49
Expires: Mon, 16 Oct 2023 03:49:45 GMT
Date: Mon, 16 Oct 2023 03:48:56 GMT
Connection: keep-alive
DNS

108.211.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

108.211.229.192.in-addr.arpa

IN PTR

Response
DNS

68.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

68.32.126.40.in-addr.arpa

IN PTR

Response
GET

http://www.google-analytics.com/collect?aiid=mmm_ava_012_999_a7i_m&an=Free&av=23.9.8494&cd=stub-extended&cd3=Online&cid=befa3776-92c3-463e-abf8-d81806c314e7&dt=Installation&t=screenview&tid=UA-58120669-3&v=1

avast_free_antivirus_setup_online_x64.exe

Remote address:

172.217.23.206:80

Request

GET /collect?aiid=mmm_ava_012_999_a7i_m&an=Free&av=23.9.8494&cd=stub-extended&cd3=Online&cid=befa3776-92c3-463e-abf8-d81806c314e7&dt=Installation&t=screenview&tid=UA-58120669-3&v=1 HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast SFX/1.0
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Sun, 15 Oct 2023 13:57:07 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 49915
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
DNS

analytics.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

analytics.ff.avast.com

IN A

Response

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
POST

https://analytics.ff.avast.com/v4/receive/json/70

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /v4/receive/json/70 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
User-Agent: Avast SimpleHttp/3.0
Content-Length: 602
Host: analytics.ff.avast.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 16 Oct 2023 03:49:02 GMT
Content-Type: application/json
Content-Length: 19
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:02 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:02 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:02 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:03 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:04 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:05 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:07 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

avast_free_antivirus_setup_online_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: 9gD7Pc8hmcOzF2XQquJ2LA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 391
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:08 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

shepherd.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.ff.avast.com

IN A

Response

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com

shepherd-gcp.ff.avast.com

IN A

34.160.176.28
DNS

shepherd.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.ff.avast.com

IN AAAA

Response

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com
DNS

shepherd.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.ff.avast.com

IN A

Response

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com

shepherd-gcp.ff.avast.com

IN A

34.160.176.28
POST

https://shepherd.ff.avast.com/

instup.exe

Remote address:

34.160.176.28:443

Request

POST / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Host: shepherd.ff.avast.com
User-Agent: Avast Antivirus
Content-Length: 271

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 16 Oct 2023 03:49:08 GMT
Content-Type: text/plain
Content-Length: 29110
AB-Tests: 9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:c
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
Config-Id: 5
Config-Name: Avast-Windows-AV-Consumer_websocket-testing_ipm_6363_chrome_offer_setup_free_free_production-new-installs_version-18.6-and-higher_production_quic-sni-block-release_v2017_hns-pre-scan-enabled-countries_phone-support-tile_avast-18-r7-and-18-r8_fs-and-idp-integration_cef-settings-off_opening-browser-onboarding_old-smartscan_alpha-new-installs_ipm_6513_open_ui_c_test-akamai_test-pam-no-master-password_v18.5-and-higher_cleanup-premium-installation_release---iavs9x-only_version-19.1-and-older-faf7cc8f8bb291a9a8ecacd08ba69384b3eb896842c81a37f2c3dc6a898ba5b0
Config-Version: 4801
Segments: websocket testing,ipm_6363_chrome_offer_setup_free,free,production new installs,version 18.6 and higher,production,quic sni block release,v2017,hns pre-scan enabled countries,phone support tile,avast 18 r7 and 18 r8,fs and idp integration,cef settings off,opening browser onboarding,old smartscan,alpha new installs,ipm_6513_open_ui_c,test akamai,test pam no master password,v18.5 and higher,cleanup premium installation,release - iavs9x only,version 19.1 and older
TTL: 86400
TTL-Spread: 43200
Via: 1.1 google
Alt-Svc: clear
DNS

28.176.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.176.160.34.in-addr.arpa

IN PTR

Response

28.176.160.34.in-addr.arpa

IN PTR

2817616034bcgoogleusercontentcom
DNS

b8003600.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b8003600.iavs9x.u.avast.com

IN A

Response

b8003600.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

g1928587.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

g1928587.iavs9x.u.avast.com

IN A

Response

r9319236.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

l4691727.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.iavs9x.u.avast.com

IN A

Response

l4691727.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

r9319236.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r9319236.iavs9x.u.avast.com

IN A

Response

g1928587.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

s1843811.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

s1843811.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

s1843811.iavs9x.u.avast.com

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

23.36.245.4
DNS

b8003600.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b8003600.iavs9x.u.avast.com

IN A

Response

b8003600.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

g1928587.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

g1928587.iavs9x.u.avast.com

IN A

Response

g1928587.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

l4691727.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.iavs9x.u.avast.com

IN A

Response

l4691727.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

r9319236.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r9319236.iavs9x.u.avast.com

IN A

Response

r9319236.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

23.36.245.4
DNS

s1843811.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

s1843811.iavs9x.u.avast.com

IN A

Response

s1843811.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

b8003600.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b8003600.iavs9x.u.avast.com

IN AAAA

Response

b8003600.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

g1928587.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

g1928587.iavs9x.u.avast.com

IN AAAA

Response

g1928587.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

l4691727.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.iavs9x.u.avast.com

IN AAAA

Response

l4691727.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

r9319236.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r9319236.iavs9x.u.avast.com

IN AAAA

Response

r9319236.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:282::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:29a::240d
DNS

s1843811.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

s1843811.iavs9x.u.avast.com

IN AAAA

Response

s1843811.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

b8003600.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b8003600.iavs9x.u.avast.com

IN AAAA

Response

b8003600.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533
DNS

g1928587.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

g1928587.iavs9x.u.avast.com

IN AAAA

Response

g1928587.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

l4691727.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.iavs9x.u.avast.com

IN AAAA

Response

l4691727.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

r9319236.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r9319236.iavs9x.u.avast.com

IN AAAA

Response

r9319236.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:29a::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:282::240d
DNS

s1843811.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

s1843811.iavs9x.u.avast.com

IN AAAA
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

s1843811.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.4.4:53

Request

s1843811.iavs9x.u.avast.com

IN AAAA
GET

http://r9319236.iavs9x.u.avast.com/iavs9x/servers.def.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/servers.def.vpx HTTP/1.1
Host: r9319236.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 19 Sep 2023 16:55:58 GMT
ETag: "6509d29e-995"
Server: nginx
Content-Type: application/octet-stream
Content-Length: 2453
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=51
Expires: Mon, 16 Oct 2023 03:50:03 GMT
Date: Mon, 16 Oct 2023 03:49:12 GMT
Connection: keep-alive
GET

http://s1843811.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/prod-pgm.vpx HTTP/1.1
Host: s1843811.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 19 Sep 2023 16:56:00 GMT
ETag: "6509d2a0-23c"
Server: nginx
Content-Type: application/octet-stream
Content-Length: 572
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=12
Expires: Mon, 16 Oct 2023 03:49:25 GMT
Date: Mon, 16 Oct 2023 03:49:13 GMT
Connection: keep-alive
DNS

126.179.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

126.179.238.8.in-addr.arpa

IN PTR

Response
DNS

4.4.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.4.8.8.in-addr.arpa

IN PTR

Response

4.4.8.8.in-addr.arpa

IN PTR

dnsgoogle
GET

http://s1843811.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-a1b.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/avbugreport_x64_ais-a1b.vpx HTTP/1.1
Host: s1843811.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 1458125
Last-Modified: Tue, 19 Sep 2023 16:52:43 GMT
ETag: "6509d1db-163fcd"
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1205
Expires: Mon, 16 Oct 2023 04:09:18 GMT
Date: Mon, 16 Oct 2023 03:49:13 GMT
Connection: keep-alive
GET

http://s1843811.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-a1b.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/avdump_x64_ais-a1b.vpx HTTP/1.1
Host: s1843811.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 399416
Last-Modified: Tue, 19 Sep 2023 16:52:42 GMT
ETag: "6509d1da-61838"
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=3304
Expires: Mon, 16 Oct 2023 04:44:18 GMT
Date: Mon, 16 Oct 2023 03:49:14 GMT
Connection: keep-alive
GET

http://s1843811.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-a1b.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/avdump_x86_ais-a1b.vpx HTTP/1.1
Host: s1843811.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 19 Sep 2023 16:52:40 GMT
ETag: "6509d1d8-58c44"
Server: nginx
Content-Type: application/octet-stream
Content-Length: 363588
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1192
Expires: Mon, 16 Oct 2023 04:09:06 GMT
Date: Mon, 16 Oct 2023 03:49:14 GMT
Connection: keep-alive
GET

http://s1843811.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-a1b.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/offertool_x64_ais-a1b.vpx HTTP/1.1
Host: s1843811.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 19 Sep 2023 16:52:42 GMT
ETag: "6509d1da-d274b"
Server: nginx
Content-Type: application/octet-stream
Content-Length: 862027
Access-Control-Allow-Origin: *
X-Cache-Status: REVALIDATED
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=618
Expires: Mon, 16 Oct 2023 03:59:33 GMT
Date: Mon, 16 Oct 2023 03:49:15 GMT
Connection: keep-alive
GET

http://s1843811.iavs9x.u.avast.com/iavs9x/sbr_x64_ais-a1b.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/sbr_x64_ais-a1b.vpx HTTP/1.1
Host: s1843811.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 19 Sep 2023 16:52:44 GMT
ETag: "6509d1dc-2d8d"
Server: nginx
Content-Type: application/octet-stream
Content-Length: 11661
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=8
Expires: Mon, 16 Oct 2023 03:49:24 GMT
Date: Mon, 16 Oct 2023 03:49:16 GMT
Connection: keep-alive
DNS

b7210692.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b7210692.iavs9x.u.avast.com

IN A

Response

t1024579.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

f3461309.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

f3461309.iavs9x.u.avast.com

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

23.36.245.4
DNS

r0965026.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r0965026.iavs9x.u.avast.com

IN A

Response

z4055813.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

f3461309.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

t1024579.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

t1024579.iavs9x.u.avast.com

IN A

Response

r0965026.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

z4055813.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

z4055813.iavs9x.u.avast.com

IN A

Response

b7210692.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

b7210692.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b7210692.iavs9x.u.avast.com

IN A

Response

b7210692.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.64

a117.dscd.akamai.net

IN A

84.53.175.137
DNS

f3461309.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

f3461309.iavs9x.u.avast.com

IN A

Response

f3461309.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

r0965026.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r0965026.iavs9x.u.avast.com

IN A

Response

r0965026.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

23.36.245.4
DNS

t1024579.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

t1024579.iavs9x.u.avast.com

IN A

Response

t1024579.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

z4055813.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

z4055813.iavs9x.u.avast.com

IN A

Response

z4055813.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

84.53.175.137

a117.dscd.akamai.net

IN A

84.53.175.64
DNS

b7210692.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b7210692.iavs9x.u.avast.com

IN AAAA

Response

b7210692.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

f3461309.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

f3461309.iavs9x.u.avast.com

IN AAAA

Response

f3461309.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

r0965026.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r0965026.iavs9x.u.avast.com

IN AAAA

Response

r0965026.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

t1024579.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

t1024579.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

t1024579.iavs9x.u.avast.com

IN AAAA

Response

z4055813.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

z4055813.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

z4055813.iavs9x.u.avast.com

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:29a::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:282::240d
DNS

b7210692.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

b7210692.iavs9x.u.avast.com

IN AAAA

Response

b7210692.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533
DNS

f3461309.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

f3461309.iavs9x.u.avast.com

IN AAAA

Response

f3461309.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

r0965026.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

r0965026.iavs9x.u.avast.com

IN AAAA

Response

r0965026.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:282::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:29a::240d
DNS

t1024579.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

t1024579.iavs9x.u.avast.com

IN AAAA

Response

t1024579.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
DNS

z4055813.iavs9x.u.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

z4055813.iavs9x.u.avast.com

IN AAAA

Response

z4055813.iavs9x.u.avast.com

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6533

a117.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6522
GET

http://b7210692.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx

instup.exe

Remote address:

84.53.175.64:80

Request

GET /iavs9x/prod-pgm.vpx HTTP/1.1
Host: b7210692.iavs9x.u.avast.com
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Last-Modified: Tue, 19 Sep 2023 16:56:00 GMT
ETag: "6509d2a0-23c"
Server: nginx
Content-Type: application/octet-stream
Content-Length: 572
Access-Control-Allow-Origin: *
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=5
Expires: Mon, 16 Oct 2023 03:49:25 GMT
Date: Mon, 16 Oct 2023 03:49:20 GMT
Connection: keep-alive
DNS

c3978047.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

c3978047.vps18tiny.u.avcdn.net

IN A

Response

l7814800.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

l4691727.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.vps18tiny.u.avcdn.net

IN A

Response

n8283613.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

l7814800.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l7814800.vps18tiny.u.avcdn.net

IN A

Response

c3978047.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.35

a27.dscd.akamai.net

IN A

84.53.175.50
DNS

n8283613.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n8283613.vps18tiny.u.avcdn.net

IN A

Response

l4691727.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.35

a27.dscd.akamai.net

IN A

84.53.175.50
DNS

r4427608.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

r4427608.vps18tiny.u.avcdn.net

IN A

Response

r4427608.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

s-vps18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-vps18tiny.avcdn.net

IN A

Response

s-vps18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

23.36.245.4
DNS

c3978047.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

c3978047.vps18tiny.u.avcdn.net

IN A

Response

c3978047.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

l4691727.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.vps18tiny.u.avcdn.net

IN A

Response

l4691727.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

l7814800.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l7814800.vps18tiny.u.avcdn.net

IN A

Response

l7814800.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

n8283613.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n8283613.vps18tiny.u.avcdn.net

IN A

Response

n8283613.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

r4427608.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

r4427608.vps18tiny.u.avcdn.net

IN A

Response

r4427608.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

84.53.175.50

a27.dscd.akamai.net

IN A

84.53.175.35
DNS

s-vps18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-vps18tiny.avcdn.net

IN A

Response

s-vps18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

23.36.245.4
DNS

c3978047.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

c3978047.vps18tiny.u.avcdn.net

IN AAAA

Response

n8283613.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

l4691727.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.vps18tiny.u.avcdn.net

IN AAAA

Response

l4691727.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

l7814800.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l7814800.vps18tiny.u.avcdn.net

IN AAAA

Response

l7814800.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

n8283613.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n8283613.vps18tiny.u.avcdn.net

IN AAAA

Response

c3978047.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

r4427608.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

r4427608.vps18tiny.u.avcdn.net

IN AAAA

Response

r4427608.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a
DNS

s-vps18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-vps18tiny.avcdn.net

IN AAAA

Response

s-vps18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:29a::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:282::240d
DNS

c3978047.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

c3978047.vps18tiny.u.avcdn.net

IN AAAA

Response

c3978047.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

l4691727.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l4691727.vps18tiny.u.avcdn.net

IN AAAA

Response

l4691727.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

l7814800.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l7814800.vps18tiny.u.avcdn.net

IN AAAA

Response

l7814800.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

n8283613.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n8283613.vps18tiny.u.avcdn.net

IN AAAA

Response

n8283613.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530
DNS

r4427608.vps18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

r4427608.vps18tiny.u.avcdn.net

IN AAAA

Response

r4427608.vps18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:6530

a27.dscd.akamai.net

IN AAAA

2a02:26f0:fe00::5c7a:651a
DNS

s-vps18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-vps18tiny.avcdn.net

IN AAAA

Response

s-vps18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:29a::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:fe00:282::240d
GET

http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpx

instup.exe

Remote address:

84.53.175.50:80

Request

GET /vps18tiny/prod-vps.vpx HTTP/1.1
Host: l7814800.vps18tiny.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 340
Last-Modified: Sun, 15 Oct 2023 07:50:44 GMT
ETag: "652b99d4-154"
Access-Control-Allow-Origin: *
X-Cache-Status: REVALIDATED
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=57
Expires: Mon, 16 Oct 2023 03:50:19 GMT
Date: Mon, 16 Oct 2023 03:49:22 GMT
Connection: keep-alive
GET

http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/part-jrog2-7d.vpx

instup.exe

Remote address:

84.53.175.50:80

Request

GET /vps18tiny/part-jrog2-7d.vpx HTTP/1.1
Host: l7814800.vps18tiny.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 211
Last-Modified: Sun, 15 Oct 2023 07:50:42 GMT
ETag: "652b99d2-d3"
Access-Control-Allow-Origin: *
X-Cache-Status: REVALIDATED
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=2289
Expires: Mon, 16 Oct 2023 04:27:31 GMT
Date: Mon, 16 Oct 2023 03:49:22 GMT
Connection: keep-alive
GET

http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/part-vps_windows-23101499.vpx

instup.exe

Remote address:

84.53.175.50:80

Request

GET /vps18tiny/part-vps_windows-23101499.vpx HTTP/1.1
Host: l7814800.vps18tiny.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 7274
Last-Modified: Sun, 15 Oct 2023 07:50:43 GMT
ETag: "652b99d3-1c6a"
Access-Control-Allow-Origin: *
X-Cache-Status: REVALIDATED
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1409
Expires: Mon, 16 Oct 2023 04:12:52 GMT
Date: Mon, 16 Oct 2023 03:49:23 GMT
Connection: keep-alive
DNS

shepherd.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.ff.avast.com

IN AAAA

Response

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com
POST

https://shepherd.ff.avast.com/

instup.exe

Remote address:

34.160.176.28:443

Request

POST / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Host: shepherd.ff.avast.com
User-Agent: Avast Antivirus
Content-Length: 223

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 16 Oct 2023 03:49:23 GMT
Content-Type: text/plain
Content-Length: 32224
AB-Tests: 19fa92d7-cec3-489b-9f86-f88a9780902e:A,2a38b33e-2944-40ef-a1df-c417feb3f742:B,9c39bb00-0319-40bf-b991-5c9ed9d0a85b:C,oa-7466-v0:c
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
Config-Id: 5
Config-Name: Avast-Windows-AV-Consumer_websocket-testing_email-signatures_ipm_6363_chrome_offer_setup_free_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_free_production-new-installs_disabled-aos-sideloading_webshield-tls-processes---release_v19.1-and-higher-free_ipm_4932_opm_pus_fullscale_version-18.6-and-higher_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release_quic-on_versions--22.1-and-higher_previous-version_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_v2017_globalflags---streamproduction-_devicewatcheron_hns-pre-scan-enabled-countries_version-20.9-and-higher_pups-in-avast-rollout_winre-bts_smartscanfreetrail_smartscan-free---antivirus---win10---ab-test_aosstorelink_enableddwm_enablehns3_performator_phone-support-tile_avast-22-r6---23-r9_version-20.1-plus_fs-and-idp-integration_cef-72.3_v19.1-and-higher-off_opening-browser-onboarding_smartscan-free---antivirus---win10_opm_burger_tracking_limitation_multidetection_alpha-new-installs_ipm_6515_6516_vps_sites_test_b_ipm_5258_campaign_toaster_reach_test_a_ipm_6513_open_ui_c_a1-migration-button_test-akamai_test-pam-no-master-password_v18.5-and-higher_installation-telemetry_cleanup-premium-installation_release---iavs9x-only_newuninstallsurvey-1ca23c6d51dea1984b5181ddf7592ecc2428413bd1f91a61d95c8f7cce93bf50
Config-Version: 4801
Segments: websocket testing,email signatures,ipm_6363_chrome_offer_setup_free,asb and chrome since 21.2,version 23.2 and higher not in fr de,free,production new installs,disabled aos sideloading,webshield tls processes - release,v19.1 and higher free,ipm_4932_opm_pus_fullscale,version 18.6 and higher,production,webshield.quic.block - fraction test setup,quic sni block release,quic on,versions 22.1 and higher,previous version,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,v2017,globalflags - streamproduction ,devicewatcheron,hns pre-scan enabled countries,version 20.9 and higher,pups in avast rollout,winre bts,smartscanfreetrail,smartscan free - antivirus - win10 - ab test,aosstorelink,enableddwm,enablehns3,performator,phone support tile,avast 22 r6 - 23 r9,version 20.1 plus,fs and idp integration,cef 72.3,v19.1 and higher off,opening browser onboarding,smartscan free - antivirus - win10,opm_burger_tracking_limitation,multidetection,alpha new installs,ipm_6515_6516_vps_sites_test_b,ipm_5258_campaign_toaster_reach_test_a,ipm_6513_open_ui_c,a1 migration button,test akamai,test pam no master password,v18.5 and higher,installation telemetry,cleanup premium installation,release - iavs9x only,newuninstallsurvey
TTL: 86400
TTL-Spread: 43200
Via: 1.1 google
Alt-Svc: clear
DNS

50.175.53.84.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.175.53.84.in-addr.arpa

IN PTR

Response

50.175.53.84.in-addr.arpa

IN PTR

a84-53-175-50deploystaticakamaitechnologiescom
DNS

v7event.stats.avast.com

avast_free_antivirus_setup_online_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avast.com

IN A

Response

v7event.stats.avast.com

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

v7event.stats.avast.com

avast_free_antivirus_setup_online_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avast.com

IN A

Response

v7event.stats.avast.com

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

v7event.stats.avast.com

avast_free_antivirus_setup_online_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avast.com

IN AAAA

Response

v7event.stats.avast.com

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com
DNS

v7event.stats.avast.com

avast_free_antivirus_setup_online_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avast.com

IN AAAA

Response

v7event.stats.avast.com

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com
DNS

v7event.stats.avast.com

avast_free_antivirus_setup_online_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avast.com

IN A

Response

v7event.stats.avast.com

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
POST

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

instup.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Host: v7event.stats.avast.com
User-Agent: avast! Antivirus
Accept: */*
Content-MD5: L7lvir9JlGJ5e0xZfDE9Sw==
Content-Type: iavs4/stats
Content-Length: 326

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Mon, 16 Oct 2023 03:49:27 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.ff.avast.com/v4/receive/json/70

instup.exe

Remote address:

34.117.223.223:443

Request

POST /v4/receive/json/70 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
User-Agent: Avast SimpleHttp/3.0
Content-Length: 492
Host: analytics.ff.avast.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 16 Oct 2023 03:49:27 GMT
Content-Type: application/json
Content-Length: 19
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.ff.avast.com/receive3

instup.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
Content-Encoding: gzip
User-Agent: Avast Antivirus
Content-Length: 577
Host: analytics.ff.avast.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 16 Oct 2023 03:50:25 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

ssl.google-analytics.com

instup.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.179.200
POST

https://ssl.google-analytics.com/collect

instup.exe

Remote address:

142.250.179.200:443

Request

POST /collect HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast Antivirus
Content-Length: 423
Host: ssl.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Date: Mon, 16 Oct 2023 03:49:30 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

200.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.179.250.142.in-addr.arpa

IN PTR

Response

200.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f81e100net
DNS

ipm.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

ipm.avcdn.net

IN A

Response

ipm.avcdn.net

IN CNAME

ipm-provider.ff.avast.com

ipm-provider.ff.avast.com

IN CNAME

ipm-gcp-prod.ff.avast.com

ipm-gcp-prod.ff.avast.com

IN A

34.111.24.1
DNS

ipm.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

ipm.avcdn.net

IN A

Response

ipm.avcdn.net

IN CNAME

ipm-provider.ff.avast.com

ipm-provider.ff.avast.com

IN CNAME

ipm-gcp-prod.ff.avast.com

ipm-gcp-prod.ff.avast.com

IN A

34.111.24.1
GET

https://ipm.avcdn.net/?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=iavs9x&p_lan=1033&p_lng=en&p_vep=23&p_ves=9&p_vbd=6082&p_cnm=RYHSSIAS&p_hid=befa3776-92c3-463e-abf8-d81806c314e7&p_bld=mmm_ava_012_999_a7i_m&p_adp=0000&p_midex=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0

instup.exe

Remote address:

34.111.24.1:443

Request

GET /?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=iavs9x&p_lan=1033&p_lng=en&p_vep=23&p_ves=9&p_vbd=6082&p_cnm=RYHSSIAS&p_hid=befa3776-92c3-463e-abf8-d81806c314e7&p_bld=mmm_ava_012_999_a7i_m&p_adp=0000&p_midex=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: ipm.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 16 Oct 2023 03:49:31 GMT
Content-Type: text/html
Content-Length: 27368
IPM-Asset-URL--266817469: https://ipmcdn.avast.com/images/banner/img_secure-browser-v2.png
IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Identifier: fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html
ETag: W/e7010d18
Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1697428171; Max-Age=1728000; Expires=Sun, 05 Nov 2023 03:49:31 GMT; Secure; SameSite=None
Set-Cookie: ScreenName_76=fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html; Max-Age=3888000; Expires=Thu, 30 Nov 2023 03:49:31 GMT; Secure; SameSite=None
Set-Cookie: ClientId=f21a655c-290c-4516-9cfd-cc727b9b921f; Max-Age=63072000; Expires=Wed, 15 Oct 2025 03:49:31 GMT; Secure; SameSite=None
Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1697428171; Max-Age=1728000; Expires=Sun, 05 Nov 2023 03:49:31 GMT; Secure; SameSite=None
Set-Cookie: ScreenName_76=fa/en-ww/setup-avast-offer_nitro-secure-browser_variant-a.html; Max-Age=3888000; Expires=Thu, 30 Nov 2023 03:49:31 GMT; Secure; SameSite=None
Set-Cookie: ClientId=f21a655c-290c-4516-9cfd-cc727b9b921f; Max-Age=63072000; Expires=Wed, 15 Oct 2025 03:49:31 GMT; Secure; SameSite=None
Via: 1.1 google
Alt-Svc: clear
DNS

1.24.111.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.24.111.34.in-addr.arpa

IN PTR

Response

1.24.111.34.in-addr.arpa

IN PTR

12411134bcgoogleusercontentcom
DNS

ipmcdn.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

ipmcdn.avast.com

IN A

Response

ipmcdn.avast.com

IN CNAME

ipmcdn.avast.com.edgekey.net

ipmcdn.avast.com.edgekey.net

IN CNAME

e13223.dscd.akamaiedge.net

e13223.dscd.akamaiedge.net

IN A

23.207.111.75
DNS

analytics.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

analytics.ff.avast.com

IN A

Response

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

ssl.google-analytics.com

instup.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.179.200
GET

https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22befa3776-92c3-463e-abf8-d81806c314e7%22%2C%22hwid%22%3A%22F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2223.9.6082.mmm_ava_012_999_a7i_m%22%2C%22build%22%3A6082%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avast-offer_nitro-secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D

instup.exe

Remote address:

34.117.223.223:443

Request

GET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22befa3776-92c3-463e-abf8-d81806c314e7%22%2C%22hwid%22%3A%22F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2223.9.6082.mmm_ava_012_999_a7i_m%22%2C%22build%22%3A6082%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avast-offer_nitro-secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: analytics.ff.avast.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Mon, 16 Oct 2023 03:49:34 GMT
Content-Type: application/json
Content-Length: 19
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ssl.google-analytics.com/collect?v=1&tid=UA-58120669-2&cid=befa3776-92c3-463e-abf8-d81806c314e7&dh=ipm.avcdn.net&dp=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&z=1958476639&uid=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&ds=ipm2&dt=setup-avast-offer_nitro-secure-browser_variant-a.html&ul=en-us&cd5=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&cd101=0&cd102=23&cd103=9&cd104=6082&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=18&cd153=0&cd170=setup_free_intro&cd2=FAV-0&cd3=23.9.6082.mmm_ava_012_999_a7i_m&cd4=Free%20Program%20%7C%20Registered%20%7C%2076&cd12=en-ww&cd20=mmm_ava_012_999_a7i_m&cd27=befa3776-92c3-463e-abf8-d81806c314e7&cd41=befa3776-92c3-463e-abf8-d81806c314e7&cd154=1&cd155=24&cd175=bfd03b3c-7bc7-42b0-ba46-054d79423271&cd176=bfd03b3c-7bc7-42b0-ba46-054d79423271

instup.exe

Remote address:

142.250.179.200:443

Request

GET /collect?v=1&tid=UA-58120669-2&cid=befa3776-92c3-463e-abf8-d81806c314e7&dh=ipm.avcdn.net&dp=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&z=1958476639&uid=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&ds=ipm2&dt=setup-avast-offer_nitro-secure-browser_variant-a.html&ul=en-us&cd5=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&cd101=0&cd102=23&cd103=9&cd104=6082&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=18&cd153=0&cd170=setup_free_intro&cd2=FAV-0&cd3=23.9.6082.mmm_ava_012_999_a7i_m&cd4=Free%20Program%20%7C%20Registered%20%7C%2076&cd12=en-ww&cd20=mmm_ava_012_999_a7i_m&cd27=befa3776-92c3-463e-abf8-d81806c314e7&cd41=befa3776-92c3-463e-abf8-d81806c314e7&cd154=1&cd155=24&cd175=bfd03b3c-7bc7-42b0-ba46-054d79423271&cd176=bfd03b3c-7bc7-42b0-ba46-054d79423271 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: ssl.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Sun, 15 Oct 2023 21:48:25 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 21669
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

ipmcdn.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

ipmcdn.avast.com

IN A

Response

ipmcdn.avast.com

IN CNAME

ipmcdn.avast.com.edgekey.net

ipmcdn.avast.com.edgekey.net

IN CNAME

e13223.dscd.akamaiedge.net

e13223.dscd.akamaiedge.net

IN A

23.207.111.75
GET

https://ipmcdn.avast.com/images/banner/img_secure-browser-v2.png

instup.exe

Remote address:

23.207.111.75:443

Request

GET /images/banner/img_secure-browser-v2.png HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: ipmcdn.avast.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: image/png
Content-Length: 28199
Last-Modified: Thu, 17 Dec 2020 10:43:38 GMT
ETag: "5fdb365a-6e27"
X-Cache-Status: HIT
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=3601
Expires: Mon, 16 Oct 2023 04:49:35 GMT
Date: Mon, 16 Oct 2023 03:49:34 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
DNS

75.111.207.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.111.207.23.in-addr.arpa

IN PTR

Response

75.111.207.23.in-addr.arpa

IN PTR

a23-207-111-75deploystaticakamaitechnologiescom
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

252.15.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

252.15.104.51.in-addr.arpa

IN PTR

Response

34.117.223.223:80

http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

http

avast_free_antivirus_setup_online.exe

1.3kB
484 B
10
7

HTTP Request

POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204
84.53.175.64:443

iavs9x.u.avcdn.net

tls

avast_free_antivirus_setup_online.exe

719 B
4.2kB
9
9
172.217.23.206:80

http://www.google-analytics.com/collect

http

avast_free_antivirus_setup_online.exe

997 B
1.1kB
10
7

HTTP Request

POST http://www.google-analytics.com/collect

HTTP Response

200

HTTP Request

POST http://www.google-analytics.com/collect

HTTP Response

200
84.53.175.64:443

iavs9x.u.avcdn.net

tls

avast_free_antivirus_setup_online.exe

673 B
4.2kB
8
9
84.53.175.64:443

iavs9x.u.avcdn.net

tls

avast_free_antivirus_setup_online.exe

673 B
4.2kB
8
9
84.53.175.64:443

iavs9x.u.avcdn.net

tls

avast_free_antivirus_setup_online.exe

673 B
4.2kB
8
9
84.53.175.64:443

iavs9x.u.avcdn.net

tls

avast_free_antivirus_setup_online.exe

673 B
4.2kB
8
9
84.53.175.64:80

http://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe

http

avast_free_antivirus_setup_online.exe

196.3kB
10.7MB
4042
7666

HTTP Request

GET http://iavs9x.u.avcdn.net/iavs9x/avast_free_antivirus_setup_online_x64.exe

HTTP Response

200
172.217.23.206:80

http://www.google-analytics.com/collect?aiid=mmm_ava_012_999_a7i_m&an=Free&av=23.9.8494&cd=stub-extended&cd3=Online&cid=befa3776-92c3-463e-abf8-d81806c314e7&dt=Installation&t=screenview&tid=UA-58120669-3&v=1

http

avast_free_antivirus_setup_online_x64.exe

552 B
601 B
6
4

HTTP Request

GET http://www.google-analytics.com/collect?aiid=mmm_ava_012_999_a7i_m&an=Free&av=23.9.8494&cd=stub-extended&cd3=Online&cid=befa3776-92c3-463e-abf8-d81806c314e7&dt=Installation&t=screenview&tid=UA-58120669-3&v=1

HTTP Response

200
34.117.223.223:443

https://analytics.ff.avast.com/v4/receive/json/70

tls, http

avast_free_antivirus_setup_online_x64.exe

1.6kB
5.8kB
11
10

HTTP Request

POST https://analytics.ff.avast.com/v4/receive/json/70

HTTP Response

200
34.117.223.223:443

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

tls, http

avast_free_antivirus_setup_online_x64.exe

7.0kB
7.6kB
32
24

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204
34.160.176.28:443

https://shepherd.ff.avast.com/

tls, http

instup.exe

1.9kB
37.7kB
24
36

HTTP Request

POST https://shepherd.ff.avast.com/

HTTP Response

200
84.53.175.64:80

http://r9319236.iavs9x.u.avast.com/iavs9x/servers.def.vpx

http

instup.exe

403 B
3.2kB
6
6

HTTP Request

GET http://r9319236.iavs9x.u.avast.com/iavs9x/servers.def.vpx

HTTP Response

200
84.53.175.64:80

http://s1843811.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx

http

instup.exe

354 B
1.2kB
5
4

HTTP Request

GET http://s1843811.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx

HTTP Response

200
84.53.175.64:80

http://s1843811.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-a1b.vpx

http

instup.exe

25.3kB
1.5MB
548
1085

HTTP Request

GET http://s1843811.iavs9x.u.avast.com/iavs9x/avbugreport_x64_ais-a1b.vpx

HTTP Response

200
84.53.175.64:80

http://s1843811.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-a1b.vpx

http

instup.exe

7.1kB
411.8kB
152
298

HTTP Request

GET http://s1843811.iavs9x.u.avast.com/iavs9x/avdump_x64_ais-a1b.vpx

HTTP Response

200
84.53.175.64:80

http://s1843811.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-a1b.vpx

http

instup.exe

6.5kB
374.9kB
139
271

HTTP Request

GET http://s1843811.iavs9x.u.avast.com/iavs9x/avdump_x86_ais-a1b.vpx

HTTP Response

200
84.53.175.64:80

http://s1843811.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-a1b.vpx

http

instup.exe

15.1kB
888.1kB
326
641

HTTP Request

GET http://s1843811.iavs9x.u.avast.com/iavs9x/offertool_x64_ais-a1b.vpx

HTTP Response

200
84.53.175.64:80

http://s1843811.iavs9x.u.avast.com/iavs9x/sbr_x64_ais-a1b.vpx

http

instup.exe

545 B
12.6kB
9
12

HTTP Request

GET http://s1843811.iavs9x.u.avast.com/iavs9x/sbr_x64_ais-a1b.vpx

HTTP Response

200
84.53.175.64:80

http://b7210692.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx

http

instup.exe

354 B
1.2kB
5
4

HTTP Request

GET http://b7210692.iavs9x.u.avast.com/iavs9x/prod-pgm.vpx

HTTP Response

200
84.53.175.50:80

http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpx

http

instup.exe

360 B
969 B
5
4

HTTP Request

GET http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/prod-vps.vpx

HTTP Response

200
84.53.175.50:80

http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/part-jrog2-7d.vpx

http

instup.exe

365 B
841 B
5
4

HTTP Request

GET http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/part-jrog2-7d.vpx

HTTP Response

200
84.53.175.50:80

http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/part-vps_windows-23101499.vpx

http

instup.exe

515 B
8.1kB
8
9

HTTP Request

GET http://l7814800.vps18tiny.u.avcdn.net/vps18tiny/part-vps_windows-23101499.vpx

HTTP Response

200
34.160.176.28:443

https://shepherd.ff.avast.com/

tls, http

instup.exe

1.8kB
42.6kB
23
38

HTTP Request

POST https://shepherd.ff.avast.com/

HTTP Response

200
34.117.223.223:443

https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

tls, http

instup.exe

1.4kB
5.8kB
12
11

HTTP Request

POST https://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204
34.117.223.223:443

https://analytics.ff.avast.com/receive3

tls, http

instup.exe

2.4kB
6.1kB
12
11

HTTP Request

POST https://analytics.ff.avast.com/v4/receive/json/70

HTTP Response

200

HTTP Request

POST https://analytics.ff.avast.com/receive3

HTTP Response

200
142.250.179.200:443

https://ssl.google-analytics.com/collect

tls, http

instup.exe

1.3kB
5.7kB
9
9

HTTP Request

POST https://ssl.google-analytics.com/collect

HTTP Response

200
34.111.24.1:443

https://ipm.avcdn.net/?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=iavs9x&p_lan=1033&p_lng=en&p_vep=23&p_ves=9&p_vbd=6082&p_cnm=RYHSSIAS&p_hid=befa3776-92c3-463e-abf8-d81806c314e7&p_bld=mmm_ava_012_999_a7i_m&p_adp=0000&p_midex=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0

tls, http

instup.exe

1.9kB
36.0kB
21
35

HTTP Request

GET https://ipm.avcdn.net/?action=1&p_elm=76&p_pro=0&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=iavs9x&p_lan=1033&p_lng=en&p_vep=23&p_ves=9&p_vbd=6082&p_cnm=RYHSSIAS&p_hid=befa3776-92c3-463e-abf8-d81806c314e7&p_bld=mmm_ava_012_999_a7i_m&p_adp=0000&p_midex=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0

HTTP Response

200
34.117.223.223:443

https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22befa3776-92c3-463e-abf8-d81806c314e7%22%2C%22hwid%22%3A%22F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2223.9.6082.mmm_ava_012_999_a7i_m%22%2C%22build%22%3A6082%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avast-offer_nitro-secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D

tls, http

instup.exe

2.2kB
5.8kB
9
9

HTTP Request

GET https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%22befa3776-92c3-463e-abf8-d81806c314e7%22%2C%22hwid%22%3A%22F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0%22%7D%2C%22product%22%3A%7B%22id%22%3A1%2C%22edition%22%3A1%2C%22lang%22%3A%22en-us%22%2C%22version_app%22%3A%2223.9.6082.mmm_ava_012_999_a7i_m%22%2C%22build%22%3A6082%2C%22ipm_product%22%3A0%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-us%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22bfd03b3c-7bc7-42b0-ba46-054d79423271%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avast-offer_nitro-secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D

HTTP Response

200
142.250.179.200:443

https://ssl.google-analytics.com/collect?v=1&tid=UA-58120669-2&cid=befa3776-92c3-463e-abf8-d81806c314e7&dh=ipm.avcdn.net&dp=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&z=1958476639&uid=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&ds=ipm2&dt=setup-avast-offer_nitro-secure-browser_variant-a.html&ul=en-us&cd5=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&cd101=0&cd102=23&cd103=9&cd104=6082&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=18&cd153=0&cd170=setup_free_intro&cd2=FAV-0&cd3=23.9.6082.mmm_ava_012_999_a7i_m&cd4=Free%20Program%20%7C%20Registered%20%7C%2076&cd12=en-ww&cd20=mmm_ava_012_999_a7i_m&cd27=befa3776-92c3-463e-abf8-d81806c314e7&cd41=befa3776-92c3-463e-abf8-d81806c314e7&cd154=1&cd155=24&cd175=bfd03b3c-7bc7-42b0-ba46-054d79423271&cd176=bfd03b3c-7bc7-42b0-ba46-054d79423271

tls, http

instup.exe

2.0kB
5.7kB
8
8

HTTP Request

GET https://ssl.google-analytics.com/collect?v=1&tid=UA-58120669-2&cid=befa3776-92c3-463e-abf8-d81806c314e7&dh=ipm.avcdn.net&dp=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&z=1958476639&uid=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&ds=ipm2&dt=setup-avast-offer_nitro-secure-browser_variant-a.html&ul=en-us&cd5=fa%2Fen-us%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=fa%2Fen-ww%2Fsetup-avast-offer_nitro-secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=F5EA51DA667ECD6B5F2B9D06E4A3FC5239A707E5A9D81CB3284490AEDECFADD0&cd101=0&cd102=23&cd103=9&cd104=6082&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=18&cd153=0&cd170=setup_free_intro&cd2=FAV-0&cd3=23.9.6082.mmm_ava_012_999_a7i_m&cd4=Free%20Program%20%7C%20Registered%20%7C%2076&cd12=en-ww&cd20=mmm_ava_012_999_a7i_m&cd27=befa3776-92c3-463e-abf8-d81806c314e7&cd41=befa3776-92c3-463e-abf8-d81806c314e7&cd154=1&cd155=24&cd175=bfd03b3c-7bc7-42b0-ba46-054d79423271&cd176=bfd03b3c-7bc7-42b0-ba46-054d79423271

HTTP Response

200
23.207.111.75:443

https://ipmcdn.avast.com/images/banner/img_secure-browser-v2.png

tls, http

instup.exe

1.4kB
34.1kB
18
31

HTTP Request

GET https://ipmcdn.avast.com/images/banner/img_secure-browser-v2.png

HTTP Response

200

8.8.8.8:53

iavs9x.u.avcdn.net

dns

avast_free_antivirus_setup_online.exe

64 B
171 B
1
1

DNS Request

iavs9x.u.avcdn.net

DNS Response

84.53.175.64

84.53.175.137
8.8.8.8:53

v7event.stats.avast.com

dns

avast_free_antivirus_setup_online_x64.exe

69 B
145 B
1
1

DNS Request

v7event.stats.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

223.223.117.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

223.223.117.34.in-addr.arpa
8.8.8.8:53

64.175.53.84.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

64.175.53.84.in-addr.arpa
8.8.8.8:53

206.23.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.23.217.172.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

108.211.229.192.in-addr.arpa

dns

74 B
145 B
1
1

DNS Request

108.211.229.192.in-addr.arpa
8.8.8.8:53

68.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

68.32.126.40.in-addr.arpa
8.8.8.8:53

analytics.ff.avast.com

dns

instup.exe

68 B
117 B
1
1

DNS Request

analytics.ff.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

shepherd.ff.avast.com

dns

instup.exe

67 B
110 B
1
1

DNS Request

shepherd.ff.avast.com

DNS Response

34.160.176.28
8.8.8.8:53

shepherd.ff.avast.com

dns

instup.exe

67 B
159 B
1
1

DNS Request

shepherd.ff.avast.com
8.8.8.8:53

shepherd.ff.avast.com

dns

instup.exe

67 B
110 B
1
1

DNS Request

shepherd.ff.avast.com

DNS Response

34.160.176.28
8.8.8.8:53

28.176.160.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

28.176.160.34.in-addr.arpa
8.8.8.8:53

b8003600.iavs9x.u.avast.com

dns

instup.exe

429 B
1.1kB
6
6

DNS Request

b8003600.iavs9x.u.avast.com

DNS Request

g1928587.iavs9x.u.avast.com

DNS Request

l4691727.iavs9x.u.avast.com

DNS Request

r9319236.iavs9x.u.avast.com

DNS Request

s-iavs9x.avcdn.net

DNS Response

84.53.175.64

84.53.175.137

DNS Response

84.53.175.64

84.53.175.137

DNS Request

s1843811.iavs9x.u.avast.com

DNS Response

84.53.175.64

84.53.175.137

DNS Response

84.53.175.137

84.53.175.64

DNS Response

84.53.175.64

84.53.175.137

DNS Response

23.36.245.4
8.8.8.8:53

b8003600.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

b8003600.iavs9x.u.avast.com

DNS Response

84.53.175.137

84.53.175.64
8.8.8.8:53

g1928587.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

g1928587.iavs9x.u.avast.com

DNS Response

84.53.175.64

84.53.175.137
8.8.8.8:53

l4691727.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

l4691727.iavs9x.u.avast.com

DNS Response

84.53.175.137

84.53.175.64
8.8.8.8:53

r9319236.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

r9319236.iavs9x.u.avast.com

DNS Response

84.53.175.64

84.53.175.137
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
164 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

23.36.245.4
8.8.8.8:53

s1843811.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

s1843811.iavs9x.u.avast.com

DNS Response

84.53.175.137

84.53.175.64
8.8.8.8:53

b8003600.iavs9x.u.avast.com

dns

instup.exe

429 B
1.2kB
6
6

DNS Request

b8003600.iavs9x.u.avast.com

DNS Request

g1928587.iavs9x.u.avast.com

DNS Request

l4691727.iavs9x.u.avast.com

DNS Request

r9319236.iavs9x.u.avast.com

DNS Request

s-iavs9x.avcdn.net

DNS Request

s1843811.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00:282::240d

2a02:26f0:fe00:29a::240d

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522
8.8.8.8:53

b8003600.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

b8003600.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6522

2a02:26f0:fe00::5c7a:6533
8.8.8.8:53

g1928587.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

g1928587.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522
8.8.8.8:53

l4691727.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

l4691727.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522
8.8.8.8:53

r9319236.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

r9319236.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
204 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

2a02:26f0:fe00:29a::240d

2a02:26f0:fe00:282::240d
8.8.8.8:53

s1843811.iavs9x.u.avast.com

dns

instup.exe

73 B
1

DNS Request

s1843811.iavs9x.u.avast.com
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.4.4:53

s1843811.iavs9x.u.avast.com

dns

instup.exe

73 B
1

DNS Request

s1843811.iavs9x.u.avast.com
8.8.8.8:53

126.179.238.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

126.179.238.8.in-addr.arpa
8.8.8.8:53

4.4.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

4.4.8.8.in-addr.arpa
8.8.8.8:53

b7210692.iavs9x.u.avast.com

dns

instup.exe

429 B
1.1kB
6
6

DNS Request

b7210692.iavs9x.u.avast.com

DNS Request

f3461309.iavs9x.u.avast.com

DNS Request

r0965026.iavs9x.u.avast.com

DNS Request

s-iavs9x.avcdn.net

DNS Request

t1024579.iavs9x.u.avast.com

DNS Request

z4055813.iavs9x.u.avast.com

DNS Response

84.53.175.64

84.53.175.137

DNS Response

23.36.245.4

DNS Response

84.53.175.137

84.53.175.64

DNS Response

84.53.175.64

84.53.175.137

DNS Response

84.53.175.64

84.53.175.137

DNS Response

84.53.175.64

84.53.175.137
8.8.8.8:53

b7210692.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

b7210692.iavs9x.u.avast.com

DNS Response

84.53.175.64

84.53.175.137
8.8.8.8:53

f3461309.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

f3461309.iavs9x.u.avast.com

DNS Response

84.53.175.137

84.53.175.64
8.8.8.8:53

r0965026.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

r0965026.iavs9x.u.avast.com

DNS Response

84.53.175.137

84.53.175.64
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
164 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

23.36.245.4
8.8.8.8:53

t1024579.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

t1024579.iavs9x.u.avast.com

DNS Response

84.53.175.137

84.53.175.64
8.8.8.8:53

z4055813.iavs9x.u.avast.com

dns

instup.exe

73 B
183 B
1
1

DNS Request

z4055813.iavs9x.u.avast.com

DNS Response

84.53.175.137

84.53.175.64
8.8.8.8:53

b7210692.iavs9x.u.avast.com

dns

instup.exe

429 B
1.2kB
6
6

DNS Request

b7210692.iavs9x.u.avast.com

DNS Request

f3461309.iavs9x.u.avast.com

DNS Request

r0965026.iavs9x.u.avast.com

DNS Request

s-iavs9x.avcdn.net

DNS Request

t1024579.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Request

z4055813.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522

DNS Response

2a02:26f0:fe00:29a::240d

2a02:26f0:fe00:282::240d
8.8.8.8:53

b7210692.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

b7210692.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6522

2a02:26f0:fe00::5c7a:6533
8.8.8.8:53

f3461309.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

f3461309.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522
8.8.8.8:53

r0965026.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

r0965026.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6522

2a02:26f0:fe00::5c7a:6533
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
204 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

2a02:26f0:fe00:282::240d

2a02:26f0:fe00:29a::240d
8.8.8.8:53

t1024579.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

t1024579.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522
8.8.8.8:53

z4055813.iavs9x.u.avast.com

dns

instup.exe

73 B
207 B
1
1

DNS Request

z4055813.iavs9x.u.avast.com

DNS Response

2a02:26f0:fe00::5c7a:6533

2a02:26f0:fe00::5c7a:6522
8.8.8.8:53

c3978047.vps18tiny.u.avcdn.net

dns

instup.exe

447 B
1.0kB
6
6

DNS Request

c3978047.vps18tiny.u.avcdn.net

DNS Request

l4691727.vps18tiny.u.avcdn.net

DNS Request

l7814800.vps18tiny.u.avcdn.net

DNS Request

n8283613.vps18tiny.u.avcdn.net

DNS Request

r4427608.vps18tiny.u.avcdn.net

DNS Request

s-vps18tiny.avcdn.net

DNS Response

84.53.175.50

84.53.175.35

DNS Response

84.53.175.50

84.53.175.35

DNS Response

84.53.175.35

84.53.175.50

DNS Response

84.53.175.35

84.53.175.50

DNS Response

84.53.175.50

84.53.175.35

DNS Response

23.36.245.4
8.8.8.8:53

c3978047.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

c3978047.vps18tiny.u.avcdn.net

DNS Response

84.53.175.50

84.53.175.35
8.8.8.8:53

l4691727.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

l4691727.vps18tiny.u.avcdn.net

DNS Response

84.53.175.50

84.53.175.35
8.8.8.8:53

l7814800.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

l7814800.vps18tiny.u.avcdn.net

DNS Response

84.53.175.50

84.53.175.35
8.8.8.8:53

n8283613.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

n8283613.vps18tiny.u.avcdn.net

DNS Response

84.53.175.50

84.53.175.35
8.8.8.8:53

r4427608.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

r4427608.vps18tiny.u.avcdn.net

DNS Response

84.53.175.50

84.53.175.35
8.8.8.8:53

s-vps18tiny.avcdn.net

dns

instup.exe

67 B
167 B
1
1

DNS Request

s-vps18tiny.avcdn.net

DNS Response

23.36.245.4
8.8.8.8:53

c3978047.vps18tiny.u.avcdn.net

dns

instup.exe

447 B
1.2kB
6
6

DNS Request

c3978047.vps18tiny.u.avcdn.net

DNS Request

l4691727.vps18tiny.u.avcdn.net

DNS Request

l7814800.vps18tiny.u.avcdn.net

DNS Request

n8283613.vps18tiny.u.avcdn.net

DNS Request

r4427608.vps18tiny.u.avcdn.net

DNS Request

s-vps18tiny.avcdn.net

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530

DNS Response

2a02:26f0:fe00::5c7a:6530

2a02:26f0:fe00::5c7a:651a

DNS Response

2a02:26f0:fe00:29a::240d

2a02:26f0:fe00:282::240d
8.8.8.8:53

c3978047.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

c3978047.vps18tiny.u.avcdn.net

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530
8.8.8.8:53

l4691727.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

l4691727.vps18tiny.u.avcdn.net

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530
8.8.8.8:53

l7814800.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

l7814800.vps18tiny.u.avcdn.net

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530
8.8.8.8:53

n8283613.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

n8283613.vps18tiny.u.avcdn.net

DNS Response

2a02:26f0:fe00::5c7a:651a

2a02:26f0:fe00::5c7a:6530
8.8.8.8:53

r4427608.vps18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

r4427608.vps18tiny.u.avcdn.net

DNS Response

2a02:26f0:fe00::5c7a:6530

2a02:26f0:fe00::5c7a:651a
8.8.8.8:53

s-vps18tiny.avcdn.net

dns

instup.exe

67 B
207 B
1
1

DNS Request

s-vps18tiny.avcdn.net

DNS Response

2a02:26f0:fe00:29a::240d

2a02:26f0:fe00:282::240d
8.8.8.8:53

shepherd.ff.avast.com

dns

instup.exe

67 B
159 B
1
1

DNS Request

shepherd.ff.avast.com
8.8.8.8:53

50.175.53.84.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

50.175.53.84.in-addr.arpa
8.8.8.8:53

v7event.stats.avast.com

dns

avast_free_antivirus_setup_online_x64.exe

69 B
145 B
1
1

DNS Request

v7event.stats.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

v7event.stats.avast.com

dns

avast_free_antivirus_setup_online_x64.exe

69 B
145 B
1
1

DNS Request

v7event.stats.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

v7event.stats.avast.com

dns

avast_free_antivirus_setup_online_x64.exe

69 B
194 B
1
1

DNS Request

v7event.stats.avast.com
8.8.8.8:53

v7event.stats.avast.com

dns

avast_free_antivirus_setup_online_x64.exe

69 B
194 B
1
1

DNS Request

v7event.stats.avast.com
8.8.8.8:53

v7event.stats.avast.com

dns

avast_free_antivirus_setup_online_x64.exe

69 B
145 B
1
1

DNS Request

v7event.stats.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

ssl.google-analytics.com

dns

instup.exe

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.179.200
8.8.8.8:53

200.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

200.179.250.142.in-addr.arpa
8.8.8.8:53

ipm.avcdn.net

dns

instup.exe

59 B
141 B
1
1

DNS Request

ipm.avcdn.net

DNS Response

34.111.24.1
8.8.8.8:53

ipm.avcdn.net

dns

instup.exe

59 B
141 B
1
1

DNS Request

ipm.avcdn.net

DNS Response

34.111.24.1
8.8.8.8:53

1.24.111.34.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.24.111.34.in-addr.arpa
8.8.8.8:53

ipmcdn.avast.com

dns

instup.exe

62 B
157 B
1
1

DNS Request

ipmcdn.avast.com

DNS Response

23.207.111.75
8.8.8.8:53

analytics.ff.avast.com

dns

instup.exe

68 B
117 B
1
1

DNS Request

analytics.ff.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

ssl.google-analytics.com

dns

instup.exe

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.179.200
8.8.8.8:53

ipmcdn.avast.com

dns

instup.exe

62 B
157 B
1
1

DNS Request

ipmcdn.avast.com

DNS Response

23.207.111.75
8.8.8.8:53

75.111.207.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

75.111.207.23.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

252.15.104.51.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

252.15.104.51.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

Filesize
27KB

MD5
711b923aa33e084e475d027886d052c6

SHA1
51d91d1876c7ff6ef3b5407b2f7957446c4988fb

SHA256
b1fb03a5a41ab3c7441139e094cd062e45477b613b8972fbac330e84f057a00f

SHA512
114600e5f8c1b981a4197d8db2044e2611d75644bd5f8909fc061856b03621039ea3c29dde6c85282aa3efbfaecfb1a8b47c99dd17f3b7c6be4245f1e791688f

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

Filesize
2KB

MD5
ef6de234bfd8de3fd5f969daef77ba97

SHA1
92e035cd799201f62e57b47203e660a010a4a745

SHA256
152261b77a097a4c8e2290193bda31a86e3af1a2372281171563383f3e24e117

SHA512
c9ed92ec98538b610727b9a9bfafc0332dc90712a15545af31aa2746685a0b26393e87672f704f90bd845e0eb71838aefbba0e6c7f0d38a660e4fc54ddc81c15

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

Filesize
142B

MD5
16712089ae0e7a8302eef0cfbda87abe

SHA1
fc13476016682402ea4aed1cf0d2c22e73d9da22

SHA256
fb8efcca8623552f8161c3c77d873b67e1fb6dcf3bc1bc0950e95e459bf299eb

SHA512
5ae61e1863b40ef51cb63ab3221994b79ce5c88c62af03b519ea7f18f8ceef1408237b576f81df9b26bd0d9c4c183e4cacd9b0bdb92bff9c7289a274b74b9fe1

Download Submit
C:\Users\Public\Documents\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Users\Public\Documents\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.b78032b754ceede6\avast_free_antivirus_setup_online_x64.exe

Filesize
9.9MB

MD5
0a9c8a91718657b5f89163128dc1cc1e

SHA1
40b9ea2d13eb6be1840c332d6e02e632061d2207

SHA256
a23ef9bd8e028faf3c419a007916a06fe41a93e6c273db3e52a4ae4d76b24dc2

SHA512
175b1d4cd748ec5abd998f3b4b5eb5682799cb1e416b88f43cbeba7306f6a0e00ca16b222a62d6ae3d3961fe778e83c31ea17216efe09f8a518a58717e491530

Download Submit
C:\Windows\Temp\asw.b78032b754ceede6\avast_free_antivirus_setup_online_x64.exe

Filesize
9.9MB

MD5
0a9c8a91718657b5f89163128dc1cc1e

SHA1
40b9ea2d13eb6be1840c332d6e02e632061d2207

SHA256
a23ef9bd8e028faf3c419a007916a06fe41a93e6c273db3e52a4ae4d76b24dc2

SHA512
175b1d4cd748ec5abd998f3b4b5eb5682799cb1e416b88f43cbeba7306f6a0e00ca16b222a62d6ae3d3961fe778e83c31ea17216efe09f8a518a58717e491530

Download Submit
C:\Windows\Temp\asw.b78032b754ceede6\avast_free_antivirus_setup_online_x64.exe

Filesize
9.9MB

MD5
0a9c8a91718657b5f89163128dc1cc1e

SHA1
40b9ea2d13eb6be1840c332d6e02e632061d2207

SHA256
a23ef9bd8e028faf3c419a007916a06fe41a93e6c273db3e52a4ae4d76b24dc2

SHA512
175b1d4cd748ec5abd998f3b4b5eb5682799cb1e416b88f43cbeba7306f6a0e00ca16b222a62d6ae3d3961fe778e83c31ea17216efe09f8a518a58717e491530

Download Submit
C:\Windows\Temp\asw.b78032b754ceede6\ecoo.edat

Filesize
21B

MD5
3667000a1ef99a2fa95d2ad6232deb6c

SHA1
2d9e6b6fe10054eb91a2c5a5d641f3088d308ed7

SHA256
a9faf10057b799209f3a5c81fe8798b1142968c0df9711488f67d43168255270

SHA512
f29421649be776edca063ed4e882f378c7a902335aa99e2955f40951e6fb82057aab53f044bd84e31071c40f86130cd0079107f3b267902170b89d72431fb928

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\HTMLayout.dll

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\HTMLayout.dll

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\HTMLayout.dll

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\Instup.dll

Filesize
21.8MB

MD5
56a08ab0739891737166b9ec5ba091d5

SHA1
824f9fb3a5e30d74b00e2c07aa4233e07c315d34

SHA256
f426ea1266d3eff2cd772ced53c0b497085bf01bec84333ab3b166a18f728814

SHA512
fec29de61d15410dfc4f6a38cd6edacb33853fede8c03b2b3ed56ee5c1ee70fb578f5cb8c93b3d21b103dca5b590225846abdc8906fe7292d455df26f30288f9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\Instup.dll

Filesize
21.8MB

MD5
56a08ab0739891737166b9ec5ba091d5

SHA1
824f9fb3a5e30d74b00e2c07aa4233e07c315d34

SHA256
f426ea1266d3eff2cd772ced53c0b497085bf01bec84333ab3b166a18f728814

SHA512
fec29de61d15410dfc4f6a38cd6edacb33853fede8c03b2b3ed56ee5c1ee70fb578f5cb8c93b3d21b103dca5b590225846abdc8906fe7292d455df26f30288f9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\Instup.exe

Filesize
3.7MB

MD5
90b5ab7fe78f31bb5fcc415a3674154d

SHA1
699120b13af9f37bc20eac7825073d20523d9415

SHA256
85a8c3126f58aa24d673a74215b365fbf0c4c2c6ed1b484711ac0be3fa1d2310

SHA512
acfafe685a8698cc4fc7fa8390d4bdbcda1b8a15d80c942587d8ddb926712e186bd7c2bab956793ba4bf454413e8cf311b2773fdddb51cc3d071a4e11e4e0023

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\Instup.exe

Filesize
3.7MB

MD5
90b5ab7fe78f31bb5fcc415a3674154d

SHA1
699120b13af9f37bc20eac7825073d20523d9415

SHA256
85a8c3126f58aa24d673a74215b365fbf0c4c2c6ed1b484711ac0be3fa1d2310

SHA512
acfafe685a8698cc4fc7fa8390d4bdbcda1b8a15d80c942587d8ddb926712e186bd7c2bab956793ba4bf454413e8cf311b2773fdddb51cc3d071a4e11e4e0023

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\HTMLayout.dll

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\HTMLayout.dll

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\HTMLayout.dll

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\Instup.dll

Filesize
21.8MB

MD5
56a08ab0739891737166b9ec5ba091d5

SHA1
824f9fb3a5e30d74b00e2c07aa4233e07c315d34

SHA256
f426ea1266d3eff2cd772ced53c0b497085bf01bec84333ab3b166a18f728814

SHA512
fec29de61d15410dfc4f6a38cd6edacb33853fede8c03b2b3ed56ee5c1ee70fb578f5cb8c93b3d21b103dca5b590225846abdc8906fe7292d455df26f30288f9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\aswOfferTool.exe

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\instup.dll

Filesize
21.8MB

MD5
56a08ab0739891737166b9ec5ba091d5

SHA1
824f9fb3a5e30d74b00e2c07aa4233e07c315d34

SHA256
f426ea1266d3eff2cd772ced53c0b497085bf01bec84333ab3b166a18f728814

SHA512
fec29de61d15410dfc4f6a38cd6edacb33853fede8c03b2b3ed56ee5c1ee70fb578f5cb8c93b3d21b103dca5b590225846abdc8906fe7292d455df26f30288f9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\New_170917c2\instup.exe

Filesize
3.7MB

MD5
90b5ab7fe78f31bb5fcc415a3674154d

SHA1
699120b13af9f37bc20eac7825073d20523d9415

SHA256
85a8c3126f58aa24d673a74215b365fbf0c4c2c6ed1b484711ac0be3fa1d2310

SHA512
acfafe685a8698cc4fc7fa8390d4bdbcda1b8a15d80c942587d8ddb926712e186bd7c2bab956793ba4bf454413e8cf311b2773fdddb51cc3d071a4e11e4e0023

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\asw0d86a7d34dc6a90e.ini

Filesize
1KB

MD5
69db1bba68002517087bbb86f736d8eb

SHA1
a7647c762f486ccfe8f044e506bf4997521cc198

SHA256
b6eec422994fe7f9965241c2ef8a78d394ade470fe3996643b0ad0fe1b219a7b

SHA512
cc4fb64a87575cbd5353e34457bfb1980cb40ee5ab07a5d14a4dfcdae2a03e54d28d1566f7a0298dee7891448c467caebbe8f3d42506f9a0aa88224210481655

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\aswad18eca10e49652b.ini

Filesize
776B

MD5
6cde672bb4beb29dd6ef1308b4c2176f

SHA1
5dae1ab21315ff71e51b7249416e9ae3072b4469

SHA256
80b5e0604e0a0f10626732df52aa500c15a1ddee163cff2a56680b682d5608b5

SHA512
e11e343772b9bd82b778930d4ea17c0868e9851bfadd0e0b447a3209bedf511bf5b29577c278676035bc2326fb55cd519f83f33e0ee05b20a203aa53a94c4b6b

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\avbugreport_x64_ais-a1b.vpx

Filesize
4.7MB

MD5
eef7137170fe8be552c2243d17c90df2

SHA1
d1f0e14b23310c5346df4f1a5318672c6bc822e1

SHA256
f29ce91481cf72f286833e477dba63fc31b0cfd63748de2ee4048cc3dc63e447

SHA512
4664fae2c8deb390a62559034a6d039220339f99008945eb297434f9d34aa3c766a9fa53f9f05d8267a80883f18bed1e7b8417c01c1b1cf482d5f7bfd7b003b4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\avdump_x64_ais-a1b.vpx

Filesize
1.0MB

MD5
44fc156d02d396f15b47d82d8f244054

SHA1
9771391b9d2894980fa051807a108d63f7b58408

SHA256
0aeec57e3a32c367e4eb38b8ef95d7eb40f2479a802e4446ceadde91505cee12

SHA512
c0f56f6e31368ea68fe40c14027a2f36d55f47f3c05099b532bc765b0cb4c85b366bad4205d028773ba8e372f440c63487b677417aa0bc7a5a9646d867127a6a

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\config.def

Filesize
27KB

MD5
2074f100cce201f50090e7e5b944cd31

SHA1
403c13c646e4b5687fbda4804760415db8408057

SHA256
c285188d5e3af454764ba67ba1eb9105e0f3bf7f1e6cd64c55f044f96c36cbb9

SHA512
c2b17740b4c60cf6c70ff636795a6f962d429555aa53e850cf671bcdca8a677c9f66494d644bdf37d657ce70ae667b1947d0eb15aeb29eb67e8f3dab749ce9db

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\config.def

Filesize
28KB

MD5
62d8e447aa9f79d608746f2e50ebb07c

SHA1
8609a26d8dd57e7e0574c337db7903d006e3b775

SHA256
33e4caba64240cb2c463abfceab9b81a18dd93474db0353d7a37f07fac147db8

SHA512
274abc476dbaba806d62b5f54007e3bc8d254b3babd88533b838f1983c01bd0372fb2c419a040b610b36d2e0ab3a4dc0a03e0ed6bdd7c8388c62147fc0d6e285

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\config.def

Filesize
28KB

MD5
62d8e447aa9f79d608746f2e50ebb07c

SHA1
8609a26d8dd57e7e0574c337db7903d006e3b775

SHA256
33e4caba64240cb2c463abfceab9b81a18dd93474db0353d7a37f07fac147db8

SHA512
274abc476dbaba806d62b5f54007e3bc8d254b3babd88533b838f1983c01bd0372fb2c419a040b610b36d2e0ab3a4dc0a03e0ed6bdd7c8388c62147fc0d6e285

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\config.def

Filesize
31KB

MD5
bc77dcfe940b4173e864dd6199f77165

SHA1
e0158d07c0c8a1f9fa8fddd57ae35dbc1839e218

SHA256
f2d3464cdbac2d65b68e4e02fbde6a7d6c1c6e7ee0b11aabc75ed45cce004994

SHA512
11de3ca4c03c59da0c11c20ac35f78e028f47c40589056c7c9b7674fe109b6cf9e117828de06b77f93e2ef9be8104eef9077644e9320fd1f1f3280127f1a43f9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\config.ini

Filesize
776B

MD5
6cde672bb4beb29dd6ef1308b4c2176f

SHA1
5dae1ab21315ff71e51b7249416e9ae3072b4469

SHA256
80b5e0604e0a0f10626732df52aa500c15a1ddee163cff2a56680b682d5608b5

SHA512
e11e343772b9bd82b778930d4ea17c0868e9851bfadd0e0b447a3209bedf511bf5b29577c278676035bc2326fb55cd519f83f33e0ee05b20a203aa53a94c4b6b

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\instcont_x64_ais-a1b.vpx

Filesize
3.7MB

MD5
90b5ab7fe78f31bb5fcc415a3674154d

SHA1
699120b13af9f37bc20eac7825073d20523d9415

SHA256
85a8c3126f58aa24d673a74215b365fbf0c4c2c6ed1b484711ac0be3fa1d2310

SHA512
acfafe685a8698cc4fc7fa8390d4bdbcda1b8a15d80c942587d8ddb926712e186bd7c2bab956793ba4bf454413e8cf311b2773fdddb51cc3d071a4e11e4e0023

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\instup_x64_ais-a1b.vpx

Filesize
21.8MB

MD5
56a08ab0739891737166b9ec5ba091d5

SHA1
824f9fb3a5e30d74b00e2c07aa4233e07c315d34

SHA256
f426ea1266d3eff2cd772ced53c0b497085bf01bec84333ab3b166a18f728814

SHA512
fec29de61d15410dfc4f6a38cd6edacb33853fede8c03b2b3ed56ee5c1ee70fb578f5cb8c93b3d21b103dca5b590225846abdc8906fe7292d455df26f30288f9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\instup_x64_ais-a1b.vpx

Filesize
21.8MB

MD5
56a08ab0739891737166b9ec5ba091d5

SHA1
824f9fb3a5e30d74b00e2c07aa4233e07c315d34

SHA256
f426ea1266d3eff2cd772ced53c0b497085bf01bec84333ab3b166a18f728814

SHA512
fec29de61d15410dfc4f6a38cd6edacb33853fede8c03b2b3ed56ee5c1ee70fb578f5cb8c93b3d21b103dca5b590225846abdc8906fe7292d455df26f30288f9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\offertool_x64_ais-a1b.vpx

Filesize
2.1MB

MD5
808150479511e3360d5cac3b35f6fcf2

SHA1
ae388884d4e0ac073ebc2e43be108fd8641815a7

SHA256
775bfcf98018f7eb9c968f68e087678999a79b159a2288e46508f9f2d95bd16b

SHA512
e6231b4e510630ac71d9e716f723856441257c3405a82f0bc8d8a9ac13cb314309088a17b0f299db8e584b53a6bed86886ec549dc8ff037af0e603104c11c1c4

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\part-jrog2-7d.vpx

Filesize
211B

MD5
6f7e8a4ecb72c523bd7d31df00b1c585

SHA1
b956ecf1ab8c33049431b5cb0046d5696ec03df2

SHA256
694fa232383f1bfa1de3de6f0607ec7f24412f669f72010e8427c0e711ab7343

SHA512
e6c9f1b7164d84687679f5b0e9af635dd15e73ce36c52cb0db79c2a92890c06073fefc3e627972e47675eb1ee10ad50c88bd7d0f50a4a7317fbab681decd15d2

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\part-prg_ais-170917c2.vpx

Filesize
74KB

MD5
3b7c2d6294a969884c1c12e56e4c1f57

SHA1
d6a3f896f59c20eb1baac8c4a182ad2ae6e28c75

SHA256
c5ba83d753f9f49b491ef717742c6532b755c2adaffda6729915ff071ce09103

SHA512
789bd8559dd9127cccd2336a0194f7a0783c9f43b3c0eb4f14050ff9fa177255eb9ea7d948ea6429cb46c8cb8545efbd2de7813091f899508c33c4812e39a2e7

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\part-setup_ais-170917c2.vpx

Filesize
4KB

MD5
2425758177a1b2cd2e7023f9079ec16e

SHA1
43d73471ca4d4b2d431ff16228a3c807e8282161

SHA256
550e2a2e26e56b7a91dbc0a1b79dbfdb7ff5dbf4125531a0740021881b3a54b5

SHA512
cd15624b5fae17f6c4beb2d4971f0f56f4f67514bdd52a3da3333d918379b8a9fca3a79978ee1f3d59fe635d2e45aec3fd2fa9746909b335a01f11d409d806f2

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\part-vps_windows-23101499.vpx

Filesize
7KB

MD5
967d79775dee23a78cf524ffffdb8f9e

SHA1
5763819c8828c1dbf2962deef3977b2995bce415

SHA256
38dc9e2587216f5050beee21c425784bd775dec4cb93bbc6ba3089b53dc7d2db

SHA512
b0bbfddfc46d449faca2978dc5313c34f17b7f80f8840881de4eb27fe8cca8e860c9c849f87a1314178cec29a71db33802d0faf5d5b772d61c7147413b8479fc

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\prod-pgm.vpx

Filesize
572B

MD5
8d19380d13ddb276d6d4916f9249de30

SHA1
38c6debfc34017ce1b516b16d7087219e1a3d9f3

SHA256
c223bac4d0607cb1e1f3f93df59d77a761bf6a70158fbd58031fb19baa30162e

SHA512
b0b0070caddd5ea3187511c0aa2784b1db2dad0bd1be2f579bdee53d6ea95919e484c4cb1c71edf90772b06a4d32a344dbcdd288d15d346e4bb7356b4b5931b1

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\prod-vps.vpx

Filesize
343B

MD5
3006eb2f30a8893079d2d218e549550c

SHA1
cc149ce8d492be0e2c6a8198f415ce25f88e4d6e

SHA256
f2d4915124c274cbb02f3ef7449da92e0b8719b6c51bc847557c3c32670f144c

SHA512
6070ade5a4d1a78110010769a3c14867cde8d42e9d4a16d4e09d56e66d0f49fc10bcbaf561caf748ea1f5cdeca0424eaad94f6645735593616d7500131ff746c

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\prod-vps.vpx

Filesize
340B

MD5
be1c2d7f944e5ccb922232b23572d4f1

SHA1
e1380119aacf97794c53d22d3d85c509d511692d

SHA256
50f2b2d80b778393c8ae598db47853701a2a998c388620a7c715dde12cd721c1

SHA512
2b8d4fbcb499097d1b2851e31e6209e1fca0e0492c686cf0afa6b3e7324aa5b8906b40d2fe38bf008f71f0e399116a90075db68fc84d0e06505115c48994d2d9

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\sbr_x64_ais-a1b.vpx

Filesize
19KB

MD5
4a2e4d82a3540d5419297f74f2cc7806

SHA1
80997fc93c2f9ae7376f793f9af81b84f0a22d64

SHA256
97c310431444bed0b3ed0c1633f14644ede471a375ba2406a58fff4b1f105625

SHA512
950b575128d4b9abd50d43b91783f10491219222b3d1c8376ec98e384ff134f5eba314447926402b78c9fb7b36a5645d14b28843631227ad27956e85eb3c57e8

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\servers.def

Filesize
29KB

MD5
fdd67548f6593a9a9df47db471e3407e

SHA1
a2e35bfc90e0a70a41b3ac7bbe24e2937b1ec09f

SHA256
4f24b85f4c97a5485bf7c4460e4c195fa4b4f1da5816d1e8adb814dd0aa7b575

SHA512
93884d6acfbe2f2408d677ddb3a70a72a316e5432d09bd0eb9b9be128d1add409050df3be29d2e5e6a6e632a841fcec83bcd5f783700af99e6bb411e6aef8f8f

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\servers.def

Filesize
29KB

MD5
fdd67548f6593a9a9df47db471e3407e

SHA1
a2e35bfc90e0a70a41b3ac7bbe24e2937b1ec09f

SHA256
4f24b85f4c97a5485bf7c4460e4c195fa4b4f1da5816d1e8adb814dd0aa7b575

SHA512
93884d6acfbe2f2408d677ddb3a70a72a316e5432d09bd0eb9b9be128d1add409050df3be29d2e5e6a6e632a841fcec83bcd5f783700af99e6bb411e6aef8f8f

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\servers.def.lkg

Filesize
29KB

MD5
fdd67548f6593a9a9df47db471e3407e

SHA1
a2e35bfc90e0a70a41b3ac7bbe24e2937b1ec09f

SHA256
4f24b85f4c97a5485bf7c4460e4c195fa4b4f1da5816d1e8adb814dd0aa7b575

SHA512
93884d6acfbe2f2408d677ddb3a70a72a316e5432d09bd0eb9b9be128d1add409050df3be29d2e5e6a6e632a841fcec83bcd5f783700af99e6bb411e6aef8f8f

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\servers.def.vpx

Filesize
2KB

MD5
af0fb774d3aae25e6d199706bc660fdd

SHA1
9c5b215b3e06961b54cc6143fad697e810df8c82

SHA256
eb563fbd0f5bfeb09902c4db5788fba04582959ce6662af2a83aa7eea69e420c

SHA512
81bb03edb92e7ff0d2b998335ab8a89563bf19be3f785d6992b00feb89f3b1b64bbc6f9cfd02b25b9dec0fda12c2dfc181d9dd91ea366ad79b1a5bc8ada9dea1

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\setgui_x64_ais-a1b.vpx

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\setgui_x64_ais-a1b.vpx

Filesize
4.0MB

MD5
6df77a49e9109f05f049cc490ddac43b

SHA1
f1d1353c14095159ddadd6f28da7f809fe23544d

SHA256
9d73c0193ea260725f53540757991e80a6874c855e9d726d4b9f000a5e47cce7

SHA512
31d59716cac574ecddc05d54217ab8c6ff4020fbef0e11089462f1146ae82ea2b04d3f694989617455b3e1e260494779332c21857fa354b9b92de4ba9ade5646

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\setup.def

Filesize
38KB

MD5
1afab016deb47c3cb268f666d78e9c65

SHA1
ab7dc546e16de1ff0952b256bb399eb6a1aa0c4c

SHA256
76daaa15b418f8eeac9ba8cf5b1ca17fd6c78fd23dc6937e7c4ce5fbf6aaf25c

SHA512
062676a297c5aea97efe46cb3117c64dc0a586bd3525cdcaf93a74de2adf4006a1e4b0d3977f8cbb27f09d4085c3aa930925bbae6204ec077a255de881bd37a6

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\uat64.dll

Filesize
29KB

MD5
e77f9f6241a53fee7ca7095859a4986a

SHA1
29820936035fb68b8b29c1be08341fae18cac14e

SHA256
6649da55038c59d0f831e370b477a008546be2ceb125fa1de568238ad35899b8

SHA512
087fc5aff4fffa3c2ef789303e2b90c5dd4372d67fb8aa872813f7ab1a0d6b33ffd19ffd4448414efeecfacbc7b6bcd0fc7ff69edc0604b1a1b5c498ed0c99e6

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\uat64.dll

Filesize
29KB

MD5
e77f9f6241a53fee7ca7095859a4986a

SHA1
29820936035fb68b8b29c1be08341fae18cac14e

SHA256
6649da55038c59d0f831e370b477a008546be2ceb125fa1de568238ad35899b8

SHA512
087fc5aff4fffa3c2ef789303e2b90c5dd4372d67fb8aa872813f7ab1a0d6b33ffd19ffd4448414efeecfacbc7b6bcd0fc7ff69edc0604b1a1b5c498ed0c99e6

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\uat64.dll

Filesize
29KB

MD5
e77f9f6241a53fee7ca7095859a4986a

SHA1
29820936035fb68b8b29c1be08341fae18cac14e

SHA256
6649da55038c59d0f831e370b477a008546be2ceb125fa1de568238ad35899b8

SHA512
087fc5aff4fffa3c2ef789303e2b90c5dd4372d67fb8aa872813f7ab1a0d6b33ffd19ffd4448414efeecfacbc7b6bcd0fc7ff69edc0604b1a1b5c498ed0c99e6

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\uat64.dll

Filesize
29KB

MD5
e77f9f6241a53fee7ca7095859a4986a

SHA1
29820936035fb68b8b29c1be08341fae18cac14e

SHA256
6649da55038c59d0f831e370b477a008546be2ceb125fa1de568238ad35899b8

SHA512
087fc5aff4fffa3c2ef789303e2b90c5dd4372d67fb8aa872813f7ab1a0d6b33ffd19ffd4448414efeecfacbc7b6bcd0fc7ff69edc0604b1a1b5c498ed0c99e6

Download Submit
C:\Windows\Temp\asw.defc4a2d8969f754\uat64.vpx

Filesize
16KB

MD5
fb78e1d04ead991718b60800fe65b3a4

SHA1
d5038ad11b32fcbb568333bd7f2512ef92162c1c

SHA256
6ece666c17e4cd2be075d75078b57545162bc970af4c19c41d9c34569b3f8ea3

SHA512
39e9baa63e276752366338cfd1a977b2a999d37aa008a286e90fdf23495173f16e4b3c6ac875787afd79ec418433587164090fc43672d1e856628b6388dd433c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request