c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568

Analysis

max time kernel
125s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 09:52 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe
Size

219KB
MD5

105d0f2bcd9667e474c60be026298d6a
SHA1

589e7829ed8b371b1787c7952192fe13b257674a
SHA256

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568
SHA512

2937cffb77a20a075538eeac63132b3fbcc326dcbd24f7ea020814b07eaad77ae9b8597399880a400cf78e0ed223123477b6a55acec0372f93a940c0c006dec6
SSDEEP

3072:42RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhh9K0KT:40KgGwHqwOOELha+sm2D2+UhngNHK46p

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 11 IoCs

pid	Process
4900	avg_antivirus_free_setup_x64.exe
216	instup.exe
1676	instup.exe
3436	aswOfferTool.exe
2292	aswOfferTool.exe
452	aswOfferTool.exe
3056	aswOfferTool.exe
1656	aswOfferTool.exe
4680	aswOfferTool.exe
3376	aswOfferTool.exe
4412	aswOfferTool.exe

Loads dropped DLL 13 IoCs

pid	Process
3336	c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe
216	instup.exe
216	instup.exe
216	instup.exe
216	instup.exe
1676	instup.exe
1676	instup.exe
1676	instup.exe
1676	instup.exe
452	aswOfferTool.exe
1656	aswOfferTool.exe
3376	aswOfferTool.exe
4412	aswOfferTool.exe

Checks for any installed AV software in registry 1 TTPs 6 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avg_antivirus_free_setup_x64.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\avast! Antivirus	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avg_antivirus_free_setup_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avg_antivirus_free_setup_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avg_antivirus_free_setup_x64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "14"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: aswOfferTool.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-d08.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "14"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "12"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "40"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: avbugreport_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "25"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: offertool_x64_ais-d08.vpx"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "25"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "60"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Main = "0"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Checking install conditions"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: servers.def.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "15"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "74"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: instup_x64_ais-d08.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "93"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "12"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "70"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "57"	avg_antivirus_free_setup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "DNS resolving"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "51"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "73"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "77"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "35"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Main = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: prod-pgm.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "27"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "87"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "4"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "61"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "62"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "54"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: offertool_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "30"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "46"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Extracting file: sbr.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "45"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "67"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: sbr_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x64_ais-d08.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Description = "Updating package: avdump_x86_ais"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\SfxInstProgress = "78"	avg_antivirus_free_setup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "35"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "78"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_UpdateSetup_Syncer = "95"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvgPersistentStorage\InstupProgress_Installation_Syncer = "100"	instup.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4900	avg_antivirus_free_setup_x64.exe
4900	avg_antivirus_free_setup_x64.exe
1676	instup.exe
1676	instup.exe
1676	instup.exe
1676	instup.exe
1676	instup.exe
1676	instup.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: 32	4900	avg_antivirus_free_setup_x64.exe
Token: SeDebugPrivilege	216	instup.exe
Token: 32	216	instup.exe
Token: SeDebugPrivilege	1676	instup.exe
Token: 32	1676	instup.exe
Token: SeDebugPrivilege	3056	aswOfferTool.exe
Token: SeImpersonatePrivilege	3056	aswOfferTool.exe
Token: SeDebugPrivilege	4680	aswOfferTool.exe
Token: SeImpersonatePrivilege	4680	aswOfferTool.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
216	instup.exe
1676	instup.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 4900	3336	c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe	91
PID 3336 wrote to memory of 4900	3336	c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe	91
PID 4900 wrote to memory of 216	4900	avg_antivirus_free_setup_x64.exe	92
PID 4900 wrote to memory of 216	4900	avg_antivirus_free_setup_x64.exe	92
PID 216 wrote to memory of 1676	216	instup.exe	93
PID 216 wrote to memory of 1676	216	instup.exe	93
PID 1676 wrote to memory of 3436	1676	instup.exe	94
PID 1676 wrote to memory of 3436	1676	instup.exe	94
PID 1676 wrote to memory of 3436	1676	instup.exe	94
PID 1676 wrote to memory of 2292	1676	instup.exe	95
PID 1676 wrote to memory of 2292	1676	instup.exe	95
PID 1676 wrote to memory of 2292	1676	instup.exe	95
PID 1676 wrote to memory of 452	1676	instup.exe	96
PID 1676 wrote to memory of 452	1676	instup.exe	96
PID 1676 wrote to memory of 452	1676	instup.exe	96
PID 1676 wrote to memory of 3056	1676	instup.exe	97
PID 1676 wrote to memory of 3056	1676	instup.exe	97
PID 1676 wrote to memory of 3056	1676	instup.exe	97
PID 1676 wrote to memory of 4680	1676	instup.exe	100
PID 1676 wrote to memory of 4680	1676	instup.exe	100
PID 1676 wrote to memory of 4680	1676	instup.exe	100
PID 1676 wrote to memory of 4412	1676	instup.exe	102
PID 1676 wrote to memory of 4412	1676	instup.exe	102
PID 1676 wrote to memory of 4412	1676	instup.exe	102

C:\Users\Admin\AppData\Local\Temp\c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe
"C:\Users\Admin\AppData\Local\Temp\c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Windows\Temp\asw.eecc863cc3decc7b\avg_antivirus_free_setup_x64.exe
  "C:\Windows\Temp\asw.eecc863cc3decc7b\avg_antivirus_free_setup_x64.exe" /cookie:mmm_bav_tst_007_402_f /ga_clientid:0d7835ce-cfbc-44fd-a61d-d83a60311cc8 /edat_dir:C:\Windows\Temp\asw.eecc863cc3decc7b
  2⤵
  - Executes dropped EXE
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4900
- - C:\Windows\Temp\asw.bfabaa787f845146\instup.exe
    "C:\Windows\Temp\asw.bfabaa787f845146\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.bfabaa787f845146 /edition:15 /prod:ais /stub_context:2c64507b-b59f-4dfd-839b-8d41d68a8629:9994552 /guid:84c21b69-27f1-47fc-9d8f-99820cf029ac /ga_clientid:0d7835ce-cfbc-44fd-a61d-d83a60311cc8 /cookie:mmm_bav_tst_007_402_f /ga_clientid:0d7835ce-cfbc-44fd-a61d-d83a60311cc8 /edat_dir:C:\Windows\Temp\asw.eecc863cc3decc7b
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:216
  - - C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\instup.exe
      "C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.bfabaa787f845146 /edition:15 /prod:ais /stub_context:2c64507b-b59f-4dfd-839b-8d41d68a8629:9994552 /guid:84c21b69-27f1-47fc-9d8f-99820cf029ac /ga_clientid:0d7835ce-cfbc-44fd-a61d-d83a60311cc8 /cookie:mmm_bav_tst_007_402_f /edat_dir:C:\Windows\Temp\asw.eecc863cc3decc7b /online_installer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks for any installed AV software in registry
      Writes to the Master Boot Record (MBR)
      Checks processor information in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1676
    - - C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe" -checkGToolbar -elevated
        5⤵
        Executes dropped EXE
        
        PID:3436
    - - C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe" /check_secure_browser
        5⤵
        Executes dropped EXE
        
        PID:2292
    - - C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:452
    - - C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3056
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1656
    - - C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4680
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3376
    - - C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3852,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:8
1⤵
PID:212

Network

DNS

iavs9x.avg.u.avcdn.net

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

Remote address:

8.8.8.8:53

Request

iavs9x.avg.u.avcdn.net

IN A

Response

iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.81

a117.dscd.akamai.net

IN A

23.73.139.56
DNS

v7event.stats.avast.com

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avast.com

IN A

Response

v7event.stats.avast.com

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
POST

http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

Remote address:

34.117.223.223:80

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
User-Agent: AVG Microstub/2.1
Content-Length: 268
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Wed, 12 Jun 2024 09:52:48 GMT
Via: 1.1 google
POST

http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

Remote address:

34.117.223.223:80

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
User-Agent: AVG Microstub/2.1
Content-Length: 282
Host: v7event.stats.avast.com

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Wed, 12 Jun 2024 09:52:56 GMT
Via: 1.1 google
POST

http://www.google-analytics.com/collect

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

Remote address:

216.58.213.14:80

Request

POST /collect HTTP/1.1
Connection: Keep-Alive
User-Agent: AVG Microstub/2.1
Content-Length: 140
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Date: Wed, 12 Jun 2024 09:52:48 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
POST

http://www.google-analytics.com/collect

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

Remote address:

216.58.213.14:80

Request

POST /collect HTTP/1.1
Connection: Keep-Alive
User-Agent: AVG Microstub/2.1
Content-Length: 143
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Date: Wed, 12 Jun 2024 09:52:56 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=11FA1080E0D46C351EFA041CE16F6D59; domain=.bing.com; expires=Mon, 07-Jul-2025 09:52:49 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7C9357C56F284550BD9053D36F4EA157 Ref B: LON04EDGE0817 Ref C: 2024-06-12T09:52:49Z
date: Wed, 12 Jun 2024 09:52:48 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=11FA1080E0D46C351EFA041CE16F6D59; _EDGE_S=SID=13BDB94A741660500C60ADD675106191

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=r9IEIpgE4xysX4mNPR6qqI7uEd-BcFoGXc0ES3xHVbs; domain=.bing.com; expires=Mon, 07-Jul-2025 09:52:49 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 71677715AAAF4BFC9FFD346051CE94A7 Ref B: LON04EDGE0817 Ref C: 2024-06-12T09:52:49Z
date: Wed, 12 Jun 2024 09:52:49 GMT
GET

https://www.bing.com/aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

Remote address:

88.221.83.218:443

Request

GET /aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=11FA1080E0D46C351EFA041CE16F6D59

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F449249089C49F69F5D574589AA018A Ref B: LON212050701033 Ref C: 2024-06-12T09:52:49Z
content-length: 0
date: Wed, 12 Jun 2024 09:52:49 GMT
set-cookie: _EDGE_S=SID=13BDB94A741660500C60ADD675106191; path=/; httponly; domain=bing.com
set-cookie: MUIDB=11FA1080E0D46C351EFA041CE16F6D59; path=/; httponly; expires=Mon, 07-Jul-2025 09:52:49 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.d653dd58.1718185969.6419a7f
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f14�H
DNS

223.223.117.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

223.223.117.34.in-addr.arpa

IN PTR

Response

223.223.117.34.in-addr.arpa

IN PTR

22322311734bcgoogleusercontentcom
DNS

81.139.73.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

81.139.73.23.in-addr.arpa

IN PTR

Response

81.139.73.23.in-addr.arpa

IN PTR

a23-73-139-81deploystaticakamaitechnologiescom
DNS

71.31.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.31.126.40.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

218.83.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

218.83.221.88.in-addr.arpa

IN PTR

Response

218.83.221.88.in-addr.arpa

IN PTR

a88-221-83-218deploystaticakamaitechnologiescom
GET

http://iavs9x.avg.u.avcdn.net/avg/iavs9x/avg_antivirus_free_setup_x64.exe

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

Remote address:

23.73.139.81:80

Request

GET /avg/iavs9x/avg_antivirus_free_setup_x64.exe HTTP/1.1
Connection: Keep-Alive
User-Agent: avast! Antivirus (instup)
Host: iavs9x.avg.u.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 9994552
Last-Modified: Tue, 28 May 2024 09:46:18 GMT
ETag: "6655a7ea-988138"
Access-Control-Allow-Origin: *
x-cache-status: HIT
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1
Expires: Wed, 12 Jun 2024 09:52:55 GMT
Date: Wed, 12 Jun 2024 09:52:54 GMT
Connection: keep-alive
DNS

v7event.stats.avcdn.net

avg_antivirus_free_setup_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avcdn.net

IN A

Response

v7event.stats.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

analytics.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

analytics.avcdn.net

IN A

Response

analytics.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
GET

http://www.google-analytics.com/collect?aiid=mmm_bav_tst_007_402_f&an=Avg%20Free&av=24.5.9153&cd=stub-extended&cd3=Online&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dt=Installation&t=screenview&tid=UA-58120669-4&v=1

avg_antivirus_free_setup_x64.exe

Remote address:

216.58.213.14:80

Request

GET /collect?aiid=mmm_bav_tst_007_402_f&an=Avg%20Free&av=24.5.9153&cd=stub-extended&cd3=Online&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dt=Installation&t=screenview&tid=UA-58120669-4&v=1 HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast SFX/1.0
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Tue, 11 Jun 2024 21:07:49 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 45907
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
POST

https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

avg_antivirus_free_setup_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: cBw7ZB3ReqgC5NBacIuGvA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 382
Host: v7event.stats.avcdn.net

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Wed, 12 Jun 2024 09:52:57 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

avg_antivirus_free_setup_x64.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Connection: Keep-Alive
Content-Type: iavs4/stats
Content-MD5: cBw7ZB3ReqgC5NBacIuGvA==
User-Agent: Avast SimpleHttp/3.0
Content-Length: 382
Host: v7event.stats.avcdn.net

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Wed, 12 Jun 2024 09:52:57 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.avcdn.net/v4/receive/json/70

avg_antivirus_free_setup_x64.exe

Remote address:

34.117.223.223:443

Request

POST /v4/receive/json/70 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
User-Agent: Avast SimpleHttp/3.0
Content-Length: 595
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 12 Jun 2024 09:52:57 GMT
Content-Type: application/json
Content-Length: 19
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

shepherd.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.avcdn.net

IN A

Response

shepherd.avcdn.net

IN CNAME

shepherd.ff.avast.com

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com

shepherd-gcp.ff.avast.com

IN A

34.160.176.28
DNS

shepherd.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.avcdn.net

IN AAAA

Response

shepherd.avcdn.net

IN CNAME

shepherd.ff.avast.com

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com
DNS

shepherd.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.avcdn.net

IN A

Response

shepherd.avcdn.net

IN CNAME

shepherd.ff.avast.com

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com

shepherd-gcp.ff.avast.com

IN A

34.160.176.28
POST

https://shepherd.avcdn.net/

instup.exe

Remote address:

34.160.176.28:443

Request

POST / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Host: shepherd.avcdn.net
User-Agent: Avast Antivirus
Content-Length: 267

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 12 Jun 2024 09:52:58 GMT
Content-Type: text/plain
Content-Length: 19354
AB-Tests: dfc58839-be72-45b0-b5e8-6c31c27f4a30:A,oa-7820-v1-fake-blatny:a
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
Config-Id: 9
Config-Name: AVG-Windows-AV-Consumer_websocket-testing_release-20-percent-userbase_ipm_6363_chrome_offer_setup_free_avg-free_version-18.6-and-higher_windows-8-and-higher_avg-free-and-release_uk-gb_production_product-version-older-than-24.4_quic-sni-block-release_pap-before-20.2_avg-r18-7-and-r18-8-and-older_new-installation_versions-older-than-23.1_opening-browser-onboarding_ipm_6513_open_ui_a_v19.2-and-older-6dab41b0c2b07742937620ff69fddadb9ad6d67d36fd14ee001d72f894358198
Config-Version: 2089
Segments: websocket testing,release 20 percent userbase,ipm_6363_chrome_offer_setup_free,avg free,version 18.6 and higher,windows 8 and higher,avg free and release,uk gb,production,product version older than 24.4,quic sni block release,pap before 20.2,avg r18 7 and r18 8 and older,new installation,versions older than 23.1,opening browser onboarding,ipm_6513_open_ui_a,v19.2 and older
TTL: 86400
TTL-Spread: 43200
Via: 1.1 google
Alt-Svc: clear
DNS

28.176.160.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.176.160.34.in-addr.arpa

IN PTR

Response

28.176.160.34.in-addr.arpa

IN PTR

2817616034bcgoogleusercontentcom
DNS

b0017156.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

b0017156.iavs9x.avg.u.avcdn.net

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

104.120.141.25
DNS

g5856219.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

g5856219.iavs9x.avg.u.avcdn.net

IN A

Response

l9346865.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.81

a117.dscd.akamai.net

IN A

23.73.139.56
DNS

l9346865.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9346865.iavs9x.avg.u.avcdn.net

IN A

Response

g5856219.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

l9518228.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9518228.iavs9x.avg.u.avcdn.net

IN A

Response

b0017156.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

l9518228.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.81

a117.dscd.akamai.net

IN A

23.73.139.56
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN A

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

b0017156.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

b0017156.iavs9x.avg.u.avcdn.net

IN A

Response

b0017156.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

g5856219.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

g5856219.iavs9x.avg.u.avcdn.net

IN A

Response

g5856219.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

l9346865.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9346865.iavs9x.avg.u.avcdn.net

IN A

Response

l9346865.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

l9518228.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9518228.iavs9x.avg.u.avcdn.net

IN A

Response

l9518228.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

104.120.141.25
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN A

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

b0017156.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

b0017156.iavs9x.avg.u.avcdn.net

IN AAAA

Response

b0017156.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007
DNS

g5856219.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

g5856219.iavs9x.avg.u.avcdn.net

IN AAAA

Response

g5856219.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

l9346865.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9346865.iavs9x.avg.u.avcdn.net

IN AAAA

Response

l9346865.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

l9518228.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9518228.iavs9x.avg.u.avcdn.net

IN AAAA

Response

l9518228.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:19d::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:182::240d
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN AAAA

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007
DNS

b0017156.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

b0017156.iavs9x.avg.u.avcdn.net

IN AAAA

Response

b0017156.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007
DNS

g5856219.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

g5856219.iavs9x.avg.u.avcdn.net

IN AAAA

Response

g5856219.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

l9346865.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9346865.iavs9x.avg.u.avcdn.net

IN AAAA

Response

l9346865.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

l9518228.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l9518228.iavs9x.avg.u.avcdn.net

IN AAAA

Response

l9518228.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:182::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:19d::240d
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN AAAA

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
GET

http://s9788044.iavs9x.avg.u.avcdn.net/avg/iavs9x/servers.def.vpx

instup.exe

Remote address:

23.73.139.81:80

Request

GET /avg/iavs9x/servers.def.vpx HTTP/1.1
Host: s9788044.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 1389
Last-Modified: Tue, 28 May 2024 09:45:54 GMT
ETag: "6655a7d2-56d"
Access-Control-Allow-Origin: *
x-cache-status: HIT
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=49
Expires: Wed, 12 Jun 2024 09:53:50 GMT
Date: Wed, 12 Jun 2024 09:53:01 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/prod-pgm.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 572
Last-Modified: Tue, 28 May 2024 09:45:56 GMT
ETag: "6655a7d4-23c"
Access-Control-Allow-Origin: *
x-cache-status: HIT
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=33
Expires: Wed, 12 Jun 2024 09:53:34 GMT
Date: Wed, 12 Jun 2024 09:53:01 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avbugreport_x64_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/avbugreport_x64_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 1447794
Last-Modified: Tue, 28 May 2024 09:42:03 GMT
ETag: "6655a6eb-161772"
Access-Control-Allow-Origin: *
x-cache-status: MISS
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1640
Expires: Wed, 12 Jun 2024 10:20:22 GMT
Date: Wed, 12 Jun 2024 09:53:02 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avdump_x64_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/avdump_x64_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 1012134
Last-Modified: Tue, 28 May 2024 09:42:02 GMT
ETag: "6655a6ea-f71a6"
Access-Control-Allow-Origin: *
x-cache-status: MISS
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1685
Expires: Wed, 12 Jun 2024 10:21:07 GMT
Date: Wed, 12 Jun 2024 09:53:02 GMT
Connection: keep-alive
DNS

56.139.73.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.139.73.23.in-addr.arpa

IN PTR

Response

56.139.73.23.in-addr.arpa

IN PTR

a23-73-139-56deploystaticakamaitechnologiescom
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avdump_x86_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/avdump_x86_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 931935
Last-Modified: Tue, 28 May 2024 09:42:00 GMT
ETag: "6655a6e8-e385f"
Access-Control-Allow-Origin: *
x-cache-status: MISS
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1726
Expires: Wed, 12 Jun 2024 10:21:49 GMT
Date: Wed, 12 Jun 2024 09:53:03 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/instcont_x64_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/instcont_x64_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 1029003
Last-Modified: Tue, 28 May 2024 09:42:02 GMT
ETag: "6655a6ea-fb38b"
Access-Control-Allow-Origin: *
x-cache-status: HIT
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1647
Expires: Wed, 12 Jun 2024 10:20:30 GMT
Date: Wed, 12 Jun 2024 09:53:03 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/instup_x64_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/instup_x64_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 5643604
Last-Modified: Tue, 28 May 2024 09:42:08 GMT
ETag: "6655a6f0-561d54"
Access-Control-Allow-Origin: *
x-cache-status: MISS
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=2687
Expires: Wed, 12 Jun 2024 10:37:51 GMT
Date: Wed, 12 Jun 2024 09:53:04 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/offertool_x64_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/offertool_x64_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 923096
Last-Modified: Tue, 28 May 2024 09:42:02 GMT
ETag: "6655a6ea-e15d8"
Access-Control-Allow-Origin: *
x-cache-status: REVALIDATED
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=2654
Expires: Wed, 12 Jun 2024 10:37:19 GMT
Date: Wed, 12 Jun 2024 09:53:05 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/sbr_x64_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/sbr_x64_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 11708
Last-Modified: Tue, 28 May 2024 09:42:04 GMT
ETag: "6655a6ec-2dbc"
Access-Control-Allow-Origin: *
x-cache-status: REVALIDATED
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1684
Expires: Wed, 12 Jun 2024 10:21:10 GMT
Date: Wed, 12 Jun 2024 09:53:06 GMT
Connection: keep-alive
GET

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/setgui_x64_ais-d08.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/setgui_x64_ais-d08.vpx HTTP/1.1
Host: l9346865.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 1427509
Last-Modified: Tue, 28 May 2024 09:42:02 GMT
ETag: "6655a6ea-15c835"
Access-Control-Allow-Origin: *
x-cache-status: REVALIDATED
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=1664
Expires: Wed, 12 Jun 2024 10:20:50 GMT
Date: Wed, 12 Jun 2024 09:53:06 GMT
Connection: keep-alive
DNS

f4973661.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

f4973661.iavs9x.avg.u.avcdn.net

IN A

Response

f4973661.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

k6951768.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

k6951768.iavs9x.avg.u.avcdn.net

IN A

Response

y1284511.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

l8318517.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l8318517.iavs9x.avg.u.avcdn.net

IN A

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

104.120.141.25
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN A

Response

l8318517.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

y1284511.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y1284511.iavs9x.avg.u.avcdn.net

IN A

Response

k6951768.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

f4973661.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

f4973661.iavs9x.avg.u.avcdn.net

IN A

Response

f4973661.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.81

a117.dscd.akamai.net

IN A

23.73.139.56
DNS

k6951768.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

k6951768.iavs9x.avg.u.avcdn.net

IN A

Response

k6951768.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

l8318517.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l8318517.iavs9x.avg.u.avcdn.net

IN A

Response

l8318517.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN A

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

104.120.141.25
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN A

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

y1284511.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y1284511.iavs9x.avg.u.avcdn.net

IN A

Response

y1284511.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN A

23.73.139.56

a117.dscd.akamai.net

IN A

23.73.139.81
DNS

f4973661.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

f4973661.iavs9x.avg.u.avcdn.net

IN AAAA

Response

f4973661.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

k6951768.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

k6951768.iavs9x.avg.u.avcdn.net

IN AAAA

Response

l8318517.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007
DNS

l8318517.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l8318517.iavs9x.avg.u.avcdn.net

IN AAAA

Response

y1284511.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:19d::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:182::240d
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN AAAA

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

y1284511.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y1284511.iavs9x.avg.u.avcdn.net

IN AAAA

Response

k6951768.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

f4973661.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

f4973661.iavs9x.avg.u.avcdn.net

IN AAAA

Response

f4973661.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

k6951768.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

k6951768.iavs9x.avg.u.avcdn.net

IN AAAA

Response

k6951768.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

l8318517.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

l8318517.iavs9x.avg.u.avcdn.net

IN AAAA

Response

l8318517.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

s-iavs9x.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-iavs9x.avcdn.net

IN AAAA

Response

s-iavs9x.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:19d::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:182::240d
DNS

s9788044.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.iavs9x.avg.u.avcdn.net

IN AAAA

Response

s9788044.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
DNS

y1284511.iavs9x.avg.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y1284511.iavs9x.avg.u.avcdn.net

IN AAAA

Response

y1284511.iavs9x.avg.u.avcdn.net

IN CNAME

iavs9x4.u.avcdn.net.edgesuite.net

iavs9x4.u.avcdn.net.edgesuite.net

IN CNAME

a117.dscd.akamai.net

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9007

a117.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:902b
GET

http://k6951768.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx

instup.exe

Remote address:

23.73.139.56:80

Request

GET /avg/iavs9x/prod-pgm.vpx HTTP/1.1
Host: k6951768.iavs9x.avg.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 572
Last-Modified: Tue, 28 May 2024 09:45:56 GMT
ETag: "6655a7d4-23c"
Access-Control-Allow-Origin: *
x-cache-status: HIT
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=25
Expires: Wed, 12 Jun 2024 09:53:34 GMT
Date: Wed, 12 Jun 2024 09:53:09 GMT
Connection: keep-alive
DNS

d9217321.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

d9217321.avi18tiny.u.avcdn.net

IN A

Response

n3338300.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

n3338300.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n3338300.avi18tiny.u.avcdn.net

IN A

Response

s-avi18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

104.120.141.25
DNS

s-avi18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-avi18tiny.avcdn.net

IN A

Response

d9217321.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.43

a27.dscd.akamai.net

IN A

23.73.139.50
DNS

s9788044.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.avi18tiny.u.avcdn.net

IN A

Response

x1281465.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

x1281465.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

x1281465.avi18tiny.u.avcdn.net

IN A

Response

s9788044.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.43

a27.dscd.akamai.net

IN A

23.73.139.50
DNS

y7637820.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y7637820.avi18tiny.u.avcdn.net

IN A

Response

y7637820.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

d9217321.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

d9217321.avi18tiny.u.avcdn.net

IN A

Response

d9217321.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

n3338300.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n3338300.avi18tiny.u.avcdn.net

IN A

Response

n3338300.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

s-avi18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-avi18tiny.avcdn.net

IN A

Response

s-avi18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN A

104.120.141.25
DNS

s9788044.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.avi18tiny.u.avcdn.net

IN A

Response

s9788044.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

x1281465.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

x1281465.avi18tiny.u.avcdn.net

IN A

Response

x1281465.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

y7637820.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y7637820.avi18tiny.u.avcdn.net

IN A

Response

y7637820.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN A

23.73.139.50

a27.dscd.akamai.net

IN A

23.73.139.43
DNS

d9217321.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

d9217321.avi18tiny.u.avcdn.net

IN AAAA

Response

y7637820.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
DNS

n3338300.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n3338300.avi18tiny.u.avcdn.net

IN AAAA

Response

x1281465.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
DNS

s-avi18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-avi18tiny.avcdn.net

IN AAAA

Response

s9788044.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027
DNS

s9788044.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.avi18tiny.u.avcdn.net

IN AAAA

Response

d9217321.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027
DNS

x1281465.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

x1281465.avi18tiny.u.avcdn.net

IN AAAA

Response

n3338300.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
DNS

y7637820.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y7637820.avi18tiny.u.avcdn.net

IN AAAA

Response

s-avi18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:19d::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:182::240d
DNS

d9217321.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

d9217321.avi18tiny.u.avcdn.net

IN AAAA

Response

d9217321.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
DNS

n3338300.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

n3338300.avi18tiny.u.avcdn.net

IN AAAA

Response

n3338300.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
DNS

s-avi18tiny.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s-avi18tiny.avcdn.net

IN AAAA

Response

s-avi18tiny.avcdn.net

IN CNAME

fallbackupdates.avcdn.net.edgekey.net

fallbackupdates.avcdn.net.edgekey.net

IN CNAME

e9229.dscd.akamaiedge.net

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:182::240d

e9229.dscd.akamaiedge.net

IN AAAA

2a02:26f0:5700:19d::240d
DNS

s9788044.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

s9788044.avi18tiny.u.avcdn.net

IN AAAA

Response

s9788044.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
DNS

x1281465.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

x1281465.avi18tiny.u.avcdn.net

IN AAAA

Response

x1281465.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
DNS

y7637820.avi18tiny.u.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

y7637820.avi18tiny.u.avcdn.net

IN AAAA

Response

y7637820.avi18tiny.u.avcdn.net

IN CNAME

u4.avcdn.net.edgesuite.net

u4.avcdn.net.edgesuite.net

IN CNAME

a27.dscd.akamai.net

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:9027

a27.dscd.akamai.net

IN AAAA

2a02:26f0:1780:5::216:901f
GET

http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/prod-vps.vpx

instup.exe

Remote address:

23.73.139.50:80

Request

GET /avi18tiny/prod-vps.vpx HTTP/1.1
Host: x1281465.avi18tiny.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 340
Last-Modified: Wed, 12 Jun 2024 07:27:03 GMT
ETag: "66694dc7-154"
Access-Control-Allow-Origin: *
x-cache-status: REVALIDATED
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=60
Expires: Wed, 12 Jun 2024 09:54:09 GMT
Date: Wed, 12 Jun 2024 09:53:09 GMT
Connection: keep-alive
GET

http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/part-jrog2-79.vpx

instup.exe

Remote address:

23.73.139.50:80

Request

GET /avi18tiny/part-jrog2-79.vpx HTTP/1.1
Host: x1281465.avi18tiny.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 211
Last-Modified: Wed, 12 Jun 2024 07:27:01 GMT
ETag: "66694dc5-d3"
Access-Control-Allow-Origin: *
x-cache-status: MISS
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=3220
Expires: Wed, 12 Jun 2024 10:46:49 GMT
Date: Wed, 12 Jun 2024 09:53:09 GMT
Connection: keep-alive
GET

http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/part-vps_windows-24061199.vpx

instup.exe

Remote address:

23.73.139.50:80

Request

GET /avi18tiny/part-vps_windows-24061199.vpx HTTP/1.1
Host: x1281465.avi18tiny.u.avcdn.net
Accept: */*
User-Agent: avast! Antivirus (instup)

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: application/octet-stream
Content-Length: 7408
Last-Modified: Wed, 12 Jun 2024 07:27:02 GMT
ETag: "66694dc6-1cf0"
Access-Control-Allow-Origin: *
x-cache-status: MISS
x-origin-cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=2746
Expires: Wed, 12 Jun 2024 10:38:56 GMT
Date: Wed, 12 Jun 2024 09:53:10 GMT
Connection: keep-alive
DNS

shepherd.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

shepherd.avcdn.net

IN AAAA

Response

shepherd.avcdn.net

IN CNAME

shepherd.ff.avast.com

shepherd.ff.avast.com

IN CNAME

shepherd-gcp.ff.avast.com
POST

https://shepherd.avcdn.net/

instup.exe

Remote address:

34.160.176.28:443

Request

POST / HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
Host: shepherd.avcdn.net
User-Agent: Avast Antivirus
Content-Length: 219

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 12 Jun 2024 09:53:10 GMT
Content-Type: text/plain
Content-Length: 25592
AB-Tests: 921ba9e1-e8ab-4473-8916-6d120da28b76:B,AV-32666-v2-fake:a,dfc58839-be72-45b0-b5e8-6c31c27f4a30:A,oa-7820-v1-fake-blatny:a
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
Config-Id: 9
Config-Name: AVG-Windows-AV-Consumer_email-signatures_webshield-tls-processes---stage-1_release-20-percent-userbase_asb-and-chrome-since-21.2_version-23.2-and-higher-not-in-fr-de_avg-free_disabled-extensions-sideloading_21.10-and-newer_version-19.1-and-higher-in-gb_us_ca_nz_au_ipm_4932_opm_pus_fullscale_previous-version_version-18.6-and-higher_windows-8-and-higher_icarus-migration_avg-free-and-release_uk-gb_production_webshield.quic.block---fraction-test-setup_quic-sni-block-release_quic-on_emailscanner-ignored-processes_ipm-bau-v23.1-and-higher_version-20.5-and-higher_useopenidwebauth_streaming-updates-globalflags_devicewatcheron_version-20.9-and-higher_pups-in-avg---rollout_winre-bts_avg-forrelease-and-beta-24.4_smartscan-free-win10-antivirus_aosstorelink_enableddwm_enablehns3_performator_avg-r24-4---r24-5_fs-and-idp-integration_cef-91_cefsettings-on_new-installation_opening-browser-onboarding_opm_burger_tracking_limitation_productversion-higher-23.2-and-country-not-in-fr-de_multidetection_ipm_6515_6516_vps_sites_test_b_ipm_6513_open_ui_a-3d4b04f301b1ff8b358c89a2ba8f12f0826d032b4371ee7c5e238e1863fea24a
Config-Version: 2089
Segments: email signatures,webshield tls processes - stage 1,release 20 percent userbase,asb and chrome since 21.2,version 23.2 and higher not in fr de,avg free,disabled extensions sideloading,21.10 and newer,version 19.1 and higher in gb_us_ca_nz_au,ipm_4932_opm_pus_fullscale,previous version,version 18.6 and higher,windows 8 and higher,icarus migration,avg free and release,uk gb,production,webshield.quic.block - fraction test setup,quic sni block release,quic on,emailscanner ignored processes,ipm bau v23.1 and higher,version 20.5 and higher,useopenidwebauth,streaming updates globalflags,devicewatcheron,version 20.9 and higher,pups in avg - rollout,winre bts,avg forrelease and beta 24.4,smartscan free win10 antivirus,aosstorelink,enableddwm,enablehns3,performator,avg r24 4 - r24 5,fs and idp integration,cef 91,cefsettings on,new installation,opening browser onboarding,opm_burger_tracking_limitation,productversion higher 23.2 and country not in fr de,multidetection,ipm_6515_6516_vps_sites_test_b,ipm_6513_open_ui_a
TTL: 60
TTL-Spread: 43200
Via: 1.1 google
Alt-Svc: clear
DNS

50.139.73.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.139.73.23.in-addr.arpa

IN PTR

Response

50.139.73.23.in-addr.arpa

IN PTR

a23-73-139-50deploystaticakamaitechnologiescom
DNS

v7event.stats.avcdn.net

avg_antivirus_free_setup_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avcdn.net

IN A

Response

v7event.stats.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

v7event.stats.avcdn.net

avg_antivirus_free_setup_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avcdn.net

IN A

Response

v7event.stats.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

v7event.stats.avcdn.net

avg_antivirus_free_setup_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avcdn.net

IN AAAA

Response

v7event.stats.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com
DNS

v7event.stats.avcdn.net

avg_antivirus_free_setup_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avcdn.net

IN AAAA

Response

v7event.stats.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com
DNS

v7event.stats.avcdn.net

avg_antivirus_free_setup_x64.exe

Remote address:

8.8.8.8:53

Request

v7event.stats.avcdn.net

IN A

Response

v7event.stats.avcdn.net

IN CNAME

analytics.ff.avast.com

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
POST

https://analytics.avcdn.net/v4/receive/json/70

instup.exe

Remote address:

34.117.223.223:443

Request

POST /v4/receive/json/70 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/json
User-Agent: Avast SimpleHttp/3.0
Content-Length: 494
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 12 Jun 2024 09:53:13 GMT
Content-Type: application/json
Content-Length: 19
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://analytics.avcdn.net/receive3

instup.exe

Remote address:

34.117.223.223:443

Request

POST /receive3 HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-enc-sb
Content-Encoding: gzip
User-Agent: Avast Antivirus
Content-Length: 559
Host: analytics.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 12 Jun 2024 09:54:12 GMT
Content-Type: application/octet-stream
Content-Length: 24
X-ASW-Receiver-Ack: processed
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
POST

https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

instup.exe

Remote address:

34.117.223.223:443

Request

POST /cgi-bin/iavsevents.cgi HTTP/1.1
Host: v7event.stats.avcdn.net
User-Agent: avast! Antivirus
Accept: */*
Content-MD5: Yjj7WLYosqFQU9Bu5rYR6w==
Content-Type: iavs4/stats
Content-Length: 327

Response

HTTP/1.1 204 No Content

Server: nginx
Date: Wed, 12 Jun 2024 09:53:13 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

ssl.google-analytics.com

instup.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.180.8
POST

https://ssl.google-analytics.com/collect

instup.exe

Remote address:

142.250.180.8:443

Request

POST /collect HTTP/1.1
Connection: Keep-Alive
User-Agent: Avast Antivirus
Content-Length: 439
Host: ssl.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Date: Wed, 12 Jun 2024 09:53:14 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

ipm.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

ipm.avcdn.net

IN A

Response

ipm.avcdn.net

IN CNAME

ipm-provider.ff.avast.com

ipm-provider.ff.avast.com

IN CNAME

ipm-gcp-prod.ff.avast.com

ipm-gcp-prod.ff.avast.com

IN A

34.111.24.1
DNS

ipm.avcdn.net

instup.exe

Remote address:

8.8.8.8:53

Request

ipm.avcdn.net

IN A

Response

ipm.avcdn.net

IN CNAME

ipm-provider.ff.avast.com

ipm-provider.ff.avast.com

IN CNAME

ipm-gcp-prod.ff.avast.com

ipm-gcp-prod.ff.avast.com

IN A

34.111.24.1
DNS

8.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.180.250.142.in-addr.arpa

IN PTR

Response

8.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f81e100net
GET

https://ipm.avcdn.net/?action=1&p_elm=76&p_pro=70&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=avg&p_lan=1033&p_lng=en&p_vep=24&p_ves=5&p_vbd=3336&p_cnm=PXHSTPPU&p_hid=84c21b69-27f1-47fc-9d8f-99820cf029ac&p_bld=mmm_bav_tst_007_402_f&p_adp=0000&p_midex=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0

instup.exe

Remote address:

34.111.24.1:443

Request

GET /?action=1&p_elm=76&p_pro=70&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=avg&p_lan=1033&p_lng=en&p_vep=24&p_ves=5&p_vbd=3336&p_cnm=PXHSTPPU&p_hid=84c21b69-27f1-47fc-9d8f-99820cf029ac&p_bld=mmm_bav_tst_007_402_f&p_adp=0000&p_midex=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: ipm.avcdn.net

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 12 Jun 2024 09:53:14 GMT
Content-Type: text/html
Content-Length: 27204
IPM-Asset-URL-659273231: https://ipmcdn.avast.com/images/banner/img-secure-browser-avg-v1.png
IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Identifier: avgfree/en-ww/setup-avg-offer_secure-browser_variant-a.html
ETag: W/87c5508a
Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1718185994; Max-Age=1728000; Expires=Tue, 02 Jul 2024 09:53:14 GMT; Secure; SameSite=None
Set-Cookie: ScreenName_76=avgfree/en-ww/setup-avg-offer_secure-browser_variant-a.html; Max-Age=3888000; Expires=Sat, 27 Jul 2024 09:53:14 GMT; Secure; SameSite=None
Set-Cookie: ClientId=59218e28-4f2e-4a9a-9c4b-0ab55991f817; Max-Age=63072000; Expires=Fri, 12 Jun 2026 09:53:14 GMT; Secure; SameSite=None
Set-Cookie: ViewCounter_ipm-10553-browser-offer-shared=1718185994; Max-Age=1728000; Expires=Tue, 02 Jul 2024 09:53:14 GMT; Secure; SameSite=None
Set-Cookie: ScreenName_76=avgfree/en-ww/setup-avg-offer_secure-browser_variant-a.html; Max-Age=3888000; Expires=Sat, 27 Jul 2024 09:53:14 GMT; Secure; SameSite=None
Set-Cookie: ClientId=59218e28-4f2e-4a9a-9c4b-0ab55991f817; Max-Age=63072000; Expires=Fri, 12 Jun 2026 09:53:14 GMT; Secure; SameSite=None
Via: 1.1 google
Alt-Svc: clear
DNS

ipmcdn.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

ipmcdn.avast.com

IN A

Response

ipmcdn.avast.com

IN CNAME

ipmcdn.avast.com.edgekey.net

ipmcdn.avast.com.edgekey.net

IN CNAME

e13223.dscd.akamaiedge.net

e13223.dscd.akamaiedge.net

IN A

2.22.15.85
DNS

analytics.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

analytics.ff.avast.com

IN A

Response

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
DNS

ssl.google-analytics.com

instup.exe

Remote address:

8.8.8.8:53

Request

ssl.google-analytics.com

IN A

Response

ssl.google-analytics.com

IN A

142.250.180.8
DNS

analytics.ff.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

analytics.ff.avast.com

IN A

Response

analytics.ff.avast.com

IN CNAME

analytics-prod-gcp.ff.avast.com

analytics-prod-gcp.ff.avast.com

IN A

34.117.223.223
GET

https://ssl.google-analytics.com/collect?v=1&tid=UA-16796122-3&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dh=ipm.avcdn.net&dp=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&z=58148334&uid=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&ds=ipm2&dt=setup-avg-offer_secure-browser_variant-a.html&ul=en-gb&cd5=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&cd101=70&cd102=24&cd103=5&cd104=3336&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=8&cd153=0&cd170=setup_paid_intro&cd2=AVGFREE-0&cd3=24.5.3336.mmm_bav_tst_007_402_f&cd4=Paid%20Program%20%7C%20Licensed%20%7C%2076&cd12=en-ww&cd20=mmm_bav_tst_007_402_f&cd27=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd41=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd154=1&cd155=7&cd175=cba425b2-9d98-4bda-9d73-3477f6e05b85&cd176=cba425b2-9d98-4bda-9d73-3477f6e05b85

instup.exe

Remote address:

142.250.180.8:443

Request

GET /collect?v=1&tid=UA-16796122-3&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dh=ipm.avcdn.net&dp=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&z=58148334&uid=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&ds=ipm2&dt=setup-avg-offer_secure-browser_variant-a.html&ul=en-gb&cd5=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&cd101=70&cd102=24&cd103=5&cd104=3336&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=8&cd153=0&cd170=setup_paid_intro&cd2=AVGFREE-0&cd3=24.5.3336.mmm_bav_tst_007_402_f&cd4=Paid%20Program%20%7C%20Licensed%20%7C%2076&cd12=en-ww&cd20=mmm_bav_tst_007_402_f&cd27=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd41=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd154=1&cd155=7&cd175=cba425b2-9d98-4bda-9d73-3477f6e05b85&cd176=cba425b2-9d98-4bda-9d73-3477f6e05b85 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: ssl.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Wed, 12 Jun 2024 09:05:03 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 2892
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

ipmcdn.avast.com

instup.exe

Remote address:

8.8.8.8:53

Request

ipmcdn.avast.com

IN A

Response

ipmcdn.avast.com

IN CNAME

ipmcdn.avast.com.edgekey.net

ipmcdn.avast.com.edgekey.net

IN CNAME

e13223.dscd.akamaiedge.net

e13223.dscd.akamaiedge.net

IN A

2.22.15.85
GET

https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%2284c21b69-27f1-47fc-9d8f-99820cf029ac%22%2C%22hwid%22%3A%22E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000%22%7D%2C%22product%22%3A%7B%22id%22%3A64%2C%22edition%22%3A15%2C%22lang%22%3A%22en-gb%22%2C%22version_app%22%3A%2224.5.3336.mmm_bav_tst_007_402_f%22%2C%22build%22%3A3336%2C%22ipm_product%22%3A70%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-gb%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avg-offer_secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D

instup.exe

Remote address:

34.117.223.223:443

Request

GET /v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%2284c21b69-27f1-47fc-9d8f-99820cf029ac%22%2C%22hwid%22%3A%22E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000%22%7D%2C%22product%22%3A%7B%22id%22%3A64%2C%22edition%22%3A15%2C%22lang%22%3A%22en-gb%22%2C%22version_app%22%3A%2224.5.3336.mmm_bav_tst_007_402_f%22%2C%22build%22%3A3336%2C%22ipm_product%22%3A70%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-gb%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avg-offer_secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: analytics.ff.avast.com

Response

HTTP/1.1 200 OK

Server: nginx
Date: Wed, 12 Jun 2024 09:53:15 GMT
Content-Type: application/json
Content-Length: 19
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://ipmcdn.avast.com/images/banner/img-secure-browser-avg-v1.png

instup.exe

Remote address:

2.22.15.85:443

Request

GET /images/banner/img-secure-browser-avg-v1.png HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: htmlayout 3.3; above-Windows-7; www.terrainformatica.com )
Host: ipmcdn.avast.com

Response

HTTP/1.1 200 OK

Server: nginx
Content-Type: image/png
Content-Length: 10878
Last-Modified: Thu, 17 Dec 2020 10:43:38 GMT
ETag: "5fdb365a-2a7e"
X-Cache-Status: REVALIDATED
X-Origin-Cache: vpsorigin-cache-re-prod-001.europe-west1-b.ppp-lopst-vpsorigin-10
Accept-Ranges: bytes
Cache-Control: max-age=3601
Expires: Wed, 12 Jun 2024 10:53:16 GMT
Date: Wed, 12 Jun 2024 09:53:15 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
DNS

1.24.111.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.24.111.34.in-addr.arpa

IN PTR

Response

1.24.111.34.in-addr.arpa

IN PTR

12411134bcgoogleusercontentcom
DNS

85.15.22.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.15.22.2.in-addr.arpa

IN PTR

Response

85.15.22.2.in-addr.arpa

IN PTR

a2-22-15-85deploystaticakamaitechnologiescom
DNS

29.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.243.111.52.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response

34.117.223.223:80

http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

http

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

1.3kB
484 B
10
7

HTTP Request

POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi

HTTP Response

204
216.58.213.14:80

http://www.google-analytics.com/collect

http

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

999 B
1.6kB
10
8

HTTP Request

POST http://www.google-analytics.com/collect

HTTP Response

200

HTTP Request

POST http://www.google-analytics.com/collect

HTTP Response

200
23.73.139.81:443

iavs9x.avg.u.avcdn.net

tls

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

677 B
4.2kB
8
9
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

tls, http2

2.5kB
9.0kB
20
17

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8TzD80AXHemFM0p5li3gwezVUCUyd_ACmPOlMBeKmGfAvja8shH-WCVcWeaeHQYyzr4hCcAKuQcU-NZrmI32uWiOF8z2pKTAaK39MmKoTbu3p0zGoxP8u8wxTUpBxuAtTcr0mon3uu3N7yibL0260Aup6YOQ8avurh0Kj5-Kd_keW7zuw%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC0zNjUtYmFzaWMtZmFxcyUzZk9DSUQlM2RjbW1sdWMyOWxxOQ%26rlid%3Dfaab1187f039144342cb77ef3b0a9d69&TIME=20240611T221026Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640&muid=8CE4F47C62C1CBA160834AA98427395E

HTTP Response

204
88.221.83.218:443

https://www.bing.com/aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

tls, http2

1.4kB
5.3kB
16
10

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=8d1e52730a014cfdbe18e33db04dd9d1&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T221026Z&adUnitId=11730597&localId=w:8CE4F47C-62C1-CBA1-6083-4AA98427395E&deviceId=6825835407638640

HTTP Response

200
23.73.139.81:443

iavs9x.avg.u.avcdn.net

tls

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

677 B
4.2kB
8
9
23.73.139.81:443

iavs9x.avg.u.avcdn.net

tls

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

677 B
4.2kB
8
9
23.73.139.81:443

iavs9x.avg.u.avcdn.net

tls

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

677 B
4.2kB
8
9
23.73.139.81:443

iavs9x.avg.u.avcdn.net

tls

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

677 B
4.2kB
8
9
23.73.139.81:80

http://iavs9x.avg.u.avcdn.net/avg/iavs9x/avg_antivirus_free_setup_x64.exe

http

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

403.2kB
10.8MB
6023
7726

HTTP Request

GET http://iavs9x.avg.u.avcdn.net/avg/iavs9x/avg_antivirus_free_setup_x64.exe

HTTP Response

200
216.58.213.14:80

http://www.google-analytics.com/collect?aiid=mmm_bav_tst_007_402_f&an=Avg%20Free&av=24.5.9153&cd=stub-extended&cd3=Online&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dt=Installation&t=screenview&tid=UA-58120669-4&v=1

http

avg_antivirus_free_setup_x64.exe

558 B
601 B
6
4

HTTP Request

GET http://www.google-analytics.com/collect?aiid=mmm_bav_tst_007_402_f&an=Avg%20Free&av=24.5.9153&cd=stub-extended&cd3=Online&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dt=Installation&t=screenview&tid=UA-58120669-4&v=1

HTTP Response

200
34.117.223.223:443

https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

tls, http

avg_antivirus_free_setup_x64.exe

2.2kB
5.9kB
14
12

HTTP Request

POST https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

HTTP Response

204

HTTP Request

POST https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

HTTP Response

204
34.117.223.223:443

https://analytics.avcdn.net/v4/receive/json/70

tls, http

avg_antivirus_free_setup_x64.exe

1.6kB
5.7kB
11
10

HTTP Request

POST https://analytics.avcdn.net/v4/receive/json/70

HTTP Response

200
34.160.176.28:443

https://shepherd.avcdn.net/

tls, http

instup.exe

1.6kB
26.9kB
18
26

HTTP Request

POST https://shepherd.avcdn.net/

HTTP Response

200
23.73.139.81:80

http://s9788044.iavs9x.avg.u.avcdn.net/avg/iavs9x/servers.def.vpx

http

instup.exe

411 B
2.1kB
6
5

HTTP Request

GET http://s9788044.iavs9x.avg.u.avcdn.net/avg/iavs9x/servers.def.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx

http

instup.exe

362 B
1.2kB
5
4

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avbugreport_x64_ais-d08.vpx

http

instup.exe

25.0kB
1.5MB
540
1073

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avbugreport_x64_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avdump_x64_ais-d08.vpx

http

instup.exe

17.6kB
1.0MB
380
754

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avdump_x64_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avdump_x86_ais-d08.vpx

http

instup.exe

16.3kB
960.2kB
351
696

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/avdump_x86_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/instcont_x64_ais-d08.vpx

http

instup.exe

17.9kB
1.1MB
387
768

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/instcont_x64_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/instup_x64_ais-d08.vpx

http

instup.exe

191.7kB
5.9MB
3126
4199

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/instup_x64_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/offertool_x64_ais-d08.vpx

http

instup.exe

16.2kB
951.2kB
349
691

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/offertool_x64_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/sbr_x64_ais-d08.vpx

http

instup.exe

553 B
12.7kB
9
12

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/sbr_x64_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/setgui_x64_ais-d08.vpx

http

instup.exe

24.7kB
1.5MB
534
1062

HTTP Request

GET http://l9346865.iavs9x.avg.u.avcdn.net/avg/iavs9x/setgui_x64_ais-d08.vpx

HTTP Response

200
23.73.139.56:80

http://k6951768.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx

http

instup.exe

362 B
1.2kB
5
4

HTTP Request

GET http://k6951768.iavs9x.avg.u.avcdn.net/avg/iavs9x/prod-pgm.vpx

HTTP Response

200
23.73.139.50:80

http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/prod-vps.vpx

http

instup.exe

360 B
969 B
5
4

HTTP Request

GET http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/prod-vps.vpx

HTTP Response

200
23.73.139.50:80

http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/part-jrog2-79.vpx

http

instup.exe

365 B
834 B
5
4

HTTP Request

GET http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/part-jrog2-79.vpx

HTTP Response

200
23.73.139.50:80

http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/part-vps_windows-24061199.vpx

http

instup.exe

515 B
8.2kB
8
9

HTTP Request

GET http://x1281465.avi18tiny.u.avcdn.net/avi18tiny/part-vps_windows-24061199.vpx

HTTP Response

200
34.160.176.28:443

https://shepherd.avcdn.net/

tls, http

instup.exe

1.7kB
34.7kB
21
31

HTTP Request

POST https://shepherd.avcdn.net/

HTTP Response

200
34.117.223.223:443

https://analytics.avcdn.net/receive3

tls, http

instup.exe

2.3kB
6.1kB
12
12

HTTP Request

POST https://analytics.avcdn.net/v4/receive/json/70

HTTP Response

200

HTTP Request

POST https://analytics.avcdn.net/receive3

HTTP Response

200
34.117.223.223:443

https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

tls, http

instup.exe

1.4kB
5.7kB
11
10

HTTP Request

POST https://v7event.stats.avcdn.net/cgi-bin/iavsevents.cgi

HTTP Response

204
142.250.180.8:443

https://ssl.google-analytics.com/collect

tls, http

instup.exe

1.4kB
6.0kB
11
10

HTTP Request

POST https://ssl.google-analytics.com/collect

HTTP Response

200
34.111.24.1:443

https://ipm.avcdn.net/?action=1&p_elm=76&p_pro=70&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=avg&p_lan=1033&p_lng=en&p_vep=24&p_ves=5&p_vbd=3336&p_cnm=PXHSTPPU&p_hid=84c21b69-27f1-47fc-9d8f-99820cf029ac&p_bld=mmm_bav_tst_007_402_f&p_adp=0000&p_midex=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0

tls, http

instup.exe

1.9kB
35.5kB
21
33

HTTP Request

GET https://ipm.avcdn.net/?action=1&p_elm=76&p_pro=70&p_osv=10.0&p_cpua=x64&p_lid=en-us&repoid=avg&p_lan=1033&p_lng=en&p_vep=24&p_ves=5&p_vbd=3336&p_cnm=PXHSTPPU&p_hid=84c21b69-27f1-47fc-9d8f-99820cf029ac&p_bld=mmm_bav_tst_007_402_f&p_adp=0000&p_midex=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&p_chs=5&p_chr=0&p_gccc=0&p_scr=intro&p_sbi=0&p_ram=8192&p_dpi=100&p_wndwidth=1010&p_wndheight=674&p_srid=0&p_pav=0

HTTP Response

200
142.250.180.8:443

https://ssl.google-analytics.com/collect?v=1&tid=UA-16796122-3&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dh=ipm.avcdn.net&dp=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&z=58148334&uid=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&ds=ipm2&dt=setup-avg-offer_secure-browser_variant-a.html&ul=en-gb&cd5=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&cd101=70&cd102=24&cd103=5&cd104=3336&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=8&cd153=0&cd170=setup_paid_intro&cd2=AVGFREE-0&cd3=24.5.3336.mmm_bav_tst_007_402_f&cd4=Paid%20Program%20%7C%20Licensed%20%7C%2076&cd12=en-ww&cd20=mmm_bav_tst_007_402_f&cd27=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd41=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd154=1&cd155=7&cd175=cba425b2-9d98-4bda-9d73-3477f6e05b85&cd176=cba425b2-9d98-4bda-9d73-3477f6e05b85

tls, http

instup.exe

2.1kB
6.0kB
10
9

HTTP Request

GET https://ssl.google-analytics.com/collect?v=1&tid=UA-16796122-3&cid=84c21b69-27f1-47fc-9d8f-99820cf029ac&dh=ipm.avcdn.net&dp=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&z=58148334&uid=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&ds=ipm2&dt=setup-avg-offer_secure-browser_variant-a.html&ul=en-gb&cd5=avgfree%2Fen-gb%2Fsetup-avg-offer_secure-browser_variant-a.html&t=pageview&cg2=fn&cd1=fn&cd11=en&cd14=avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html&cd16=0&cd17=en-us&cd18=0&cd28=ipm.avcdn.net&cd100=E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000&cd101=70&cd102=24&cd103=5&cd104=3336&cd106=0&cd107=0&cd108=10.0&cd109=76&cd110=0&cd118=0&cd123=-1&cd127=8192&cd130=0&cd134=0&cd136=1&cd141=-1&cd142=0&cd148=8&cd153=0&cd170=setup_paid_intro&cd2=AVGFREE-0&cd3=24.5.3336.mmm_bav_tst_007_402_f&cd4=Paid%20Program%20%7C%20Licensed%20%7C%2076&cd12=en-ww&cd20=mmm_bav_tst_007_402_f&cd27=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd41=84c21b69-27f1-47fc-9d8f-99820cf029ac&cd154=1&cd155=7&cd175=cba425b2-9d98-4bda-9d73-3477f6e05b85&cd176=cba425b2-9d98-4bda-9d73-3477f6e05b85

HTTP Response

200
34.117.223.223:443

https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%2284c21b69-27f1-47fc-9d8f-99820cf029ac%22%2C%22hwid%22%3A%22E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000%22%7D%2C%22product%22%3A%7B%22id%22%3A64%2C%22edition%22%3A15%2C%22lang%22%3A%22en-gb%22%2C%22version_app%22%3A%2224.5.3336.mmm_bav_tst_007_402_f%22%2C%22build%22%3A3336%2C%22ipm_product%22%3A70%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-gb%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avg-offer_secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D

tls, http

instup.exe

2.3kB
5.7kB
11
10

HTTP Request

GET https://analytics.ff.avast.com/v4/receive/get/json/10?data=%7B%22record%22%3A%5B%7B%22event%22%3A%7B%22type%22%3A10%2C%22subtype%22%3A2%2C%22request_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22identity%22%3A%7B%22guid%22%3A%2284c21b69-27f1-47fc-9d8f-99820cf029ac%22%2C%22hwid%22%3A%22E7AE39FA5EEE477481DC83EE66F9242B00000000000000000000000000000000%22%7D%2C%22product%22%3A%7B%22id%22%3A64%2C%22edition%22%3A15%2C%22lang%22%3A%22en-gb%22%2C%22version_app%22%3A%2224.5.3336.mmm_bav_tst_007_402_f%22%2C%22build%22%3A3336%2C%22ipm_product%22%3A70%7D%2C%22platform%22%3A%7B%22version%22%3A%2210.0%22%2C%22lang%22%3A%22en-gb%22%7D%2C%22license%22%3A%7B%22subscription_mode%22%3Afalse%2C%22stack%22%3A%22STACK_AVAST%22%2C%22gen_license%22%3A%7B%7D%7D%2C%22shepherd%22%3A%7B%7D%2C%22ab_test%22%3A%7B%7D%2C%22ipm%22%3A%7B%22common%22%3A%7B%22element%22%3A76%2C%22license_type%22%3A%22STANDARD%22%2C%22licensing_stage%22%3A%22LICENSED%22%2C%22customer_segment%22%3A%22FN%22%2C%22flow_id%22%3A%22cba425b2-9d98-4bda-9d73-3477f6e05b85%22%7D%2C%22content%22%3A%7B%22content_identifier%22%3A%22avgfree%2Fen-ww%2Fsetup-avg-offer_secure-browser_variant-a.html%22%2C%22content_type%22%3A%22SCREEN%22%2C%22screen_language%22%3A%22en%22%2C%22screen_name%22%3A%22setup-avg-offer_secure-browser_variant-a%22%7D%2C%22action%22%3A%7B%7D%7D%7D%5D%7D

HTTP Response

200
2.22.15.85:443

https://ipmcdn.avast.com/images/banner/img-secure-browser-avg-v1.png

tls, http

instup.exe

1.2kB
16.2kB
14
17

HTTP Request

GET https://ipmcdn.avast.com/images/banner/img-secure-browser-avg-v1.png

HTTP Response

200

8.8.8.8:53

iavs9x.avg.u.avcdn.net

dns

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

68 B
175 B
1
1

DNS Request

iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.81

23.73.139.56
8.8.8.8:53

v7event.stats.avast.com

dns

c4df16d335825ebfeaa2f812681a27032bd7e1e7ccaf0e6cad4cda6f25d40568.exe

69 B
145 B
1
1

DNS Request

v7event.stats.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

223.223.117.34.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

223.223.117.34.in-addr.arpa
8.8.8.8:53

81.139.73.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

81.139.73.23.in-addr.arpa
8.8.8.8:53

71.31.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

71.31.126.40.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

218.83.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

218.83.221.88.in-addr.arpa
8.8.8.8:53

v7event.stats.avcdn.net

dns

avg_antivirus_free_setup_x64.exe

69 B
154 B
1
1

DNS Request

v7event.stats.avcdn.net

DNS Response

34.117.223.223
8.8.8.8:53

analytics.avcdn.net

dns

instup.exe

65 B
150 B
1
1

DNS Request

analytics.avcdn.net

DNS Response

34.117.223.223
8.8.8.8:53

shepherd.avcdn.net

dns

instup.exe

64 B
142 B
1
1

DNS Request

shepherd.avcdn.net

DNS Response

34.160.176.28
8.8.8.8:53

shepherd.avcdn.net

dns

instup.exe

64 B
188 B
1
1

DNS Request

shepherd.avcdn.net
8.8.8.8:53

shepherd.avcdn.net

dns

instup.exe

64 B
142 B
1
1

DNS Request

shepherd.avcdn.net

DNS Response

34.160.176.28
8.8.8.8:53

28.176.160.34.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

28.176.160.34.in-addr.arpa
8.8.8.8:53

b0017156.iavs9x.avg.u.avcdn.net

dns

instup.exe

515 B
1.1kB
6
6

DNS Request

b0017156.iavs9x.avg.u.avcdn.net

DNS Request

g5856219.iavs9x.avg.u.avcdn.net

DNS Request

l9346865.iavs9x.avg.u.avcdn.net

DNS Request

l9518228.iavs9x.avg.u.avcdn.net

DNS Request

s-iavs9x.avcdn.net

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Response

104.120.141.25

DNS Response

23.73.139.81

23.73.139.56

DNS Response

23.73.139.56

23.73.139.81

DNS Response

23.73.139.56

23.73.139.81

DNS Response

23.73.139.81

23.73.139.56

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

b0017156.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

b0017156.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

g5856219.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

g5856219.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

l9346865.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

l9346865.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

l9518228.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

l9518228.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
164 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

104.120.141.25
8.8.8.8:53

s9788044.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

b0017156.iavs9x.avg.u.avcdn.net

dns

instup.exe

515 B
1.3kB
6
6

DNS Request

b0017156.iavs9x.avg.u.avcdn.net

DNS Request

g5856219.iavs9x.avg.u.avcdn.net

DNS Request

l9346865.iavs9x.avg.u.avcdn.net

DNS Request

l9518228.iavs9x.avg.u.avcdn.net

DNS Request

s-iavs9x.avcdn.net

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:902b

2a02:26f0:1780:5::216:9007

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b

DNS Response

2a02:26f0:1780:5::216:902b

2a02:26f0:1780:5::216:9007

DNS Response

2a02:26f0:5700:19d::240d

2a02:26f0:5700:182::240d

DNS Response

2a02:26f0:1780:5::216:902b

2a02:26f0:1780:5::216:9007
8.8.8.8:53

b0017156.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

b0017156.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:902b

2a02:26f0:1780:5::216:9007
8.8.8.8:53

g5856219.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

g5856219.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

l9346865.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

l9346865.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

l9518228.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

l9518228.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:902b

2a02:26f0:1780:5::216:9007
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
204 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

2a02:26f0:5700:182::240d

2a02:26f0:5700:19d::240d
8.8.8.8:53

s9788044.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

56.139.73.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

56.139.73.23.in-addr.arpa
8.8.8.8:53

f4973661.iavs9x.avg.u.avcdn.net

dns

instup.exe

515 B
1.1kB
6
6

DNS Request

f4973661.iavs9x.avg.u.avcdn.net

DNS Request

k6951768.iavs9x.avg.u.avcdn.net

DNS Request

l8318517.iavs9x.avg.u.avcdn.net

DNS Request

s-iavs9x.avcdn.net

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Request

y1284511.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81

DNS Response

23.73.139.56

23.73.139.81

DNS Response

23.73.139.56

23.73.139.81

DNS Response

104.120.141.25

DNS Response

23.73.139.56

23.73.139.81

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

f4973661.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

f4973661.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.81

23.73.139.56
8.8.8.8:53

k6951768.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

k6951768.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

l8318517.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

l8318517.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
164 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

104.120.141.25
8.8.8.8:53

s9788044.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

y1284511.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
184 B
1
1

DNS Request

y1284511.iavs9x.avg.u.avcdn.net

DNS Response

23.73.139.56

23.73.139.81
8.8.8.8:53

f4973661.iavs9x.avg.u.avcdn.net

dns

instup.exe

515 B
1.3kB
6
6

DNS Request

f4973661.iavs9x.avg.u.avcdn.net

DNS Request

k6951768.iavs9x.avg.u.avcdn.net

DNS Request

l8318517.iavs9x.avg.u.avcdn.net

DNS Request

s-iavs9x.avcdn.net

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Request

y1284511.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b

DNS Response

2a02:26f0:1780:5::216:902b

2a02:26f0:1780:5::216:9007

DNS Response

2a02:26f0:1780:5::216:902b

2a02:26f0:1780:5::216:9007

DNS Response

2a02:26f0:5700:19d::240d

2a02:26f0:5700:182::240d

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

f4973661.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

f4973661.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

k6951768.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

k6951768.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

l8318517.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

l8318517.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

s-iavs9x.avcdn.net

dns

instup.exe

64 B
204 B
1
1

DNS Request

s-iavs9x.avcdn.net

DNS Response

2a02:26f0:5700:19d::240d

2a02:26f0:5700:182::240d
8.8.8.8:53

s9788044.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

s9788044.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

y1284511.iavs9x.avg.u.avcdn.net

dns

instup.exe

77 B
208 B
1
1

DNS Request

y1284511.iavs9x.avg.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9007

2a02:26f0:1780:5::216:902b
8.8.8.8:53

d9217321.avi18tiny.u.avcdn.net

dns

instup.exe

513 B
1.1kB
6
6

DNS Request

d9217321.avi18tiny.u.avcdn.net

DNS Request

n3338300.avi18tiny.u.avcdn.net

DNS Request

s-avi18tiny.avcdn.net

DNS Request

s9788044.avi18tiny.u.avcdn.net

DNS Request

x1281465.avi18tiny.u.avcdn.net

DNS Request

y7637820.avi18tiny.u.avcdn.net

DNS Response

23.73.139.50

23.73.139.43

DNS Response

104.120.141.25

DNS Response

23.73.139.43

23.73.139.50

DNS Response

23.73.139.50

23.73.139.43

DNS Response

23.73.139.43

23.73.139.50

DNS Response

23.73.139.50

23.73.139.43
8.8.8.8:53

d9217321.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

d9217321.avi18tiny.u.avcdn.net

DNS Response

23.73.139.50

23.73.139.43
8.8.8.8:53

n3338300.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

n3338300.avi18tiny.u.avcdn.net

DNS Response

23.73.139.50

23.73.139.43
8.8.8.8:53

s-avi18tiny.avcdn.net

dns

instup.exe

67 B
167 B
1
1

DNS Request

s-avi18tiny.avcdn.net

DNS Response

104.120.141.25
8.8.8.8:53

s9788044.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

s9788044.avi18tiny.u.avcdn.net

DNS Response

23.73.139.50

23.73.139.43
8.8.8.8:53

x1281465.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

x1281465.avi18tiny.u.avcdn.net

DNS Response

23.73.139.50

23.73.139.43
8.8.8.8:53

y7637820.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
175 B
1
1

DNS Request

y7637820.avi18tiny.u.avcdn.net

DNS Response

23.73.139.50

23.73.139.43
8.8.8.8:53

d9217321.avi18tiny.u.avcdn.net

dns

instup.exe

513 B
1.3kB
6
6

DNS Request

d9217321.avi18tiny.u.avcdn.net

DNS Request

n3338300.avi18tiny.u.avcdn.net

DNS Request

s-avi18tiny.avcdn.net

DNS Request

s9788044.avi18tiny.u.avcdn.net

DNS Request

x1281465.avi18tiny.u.avcdn.net

DNS Request

y7637820.avi18tiny.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f

DNS Response

2a02:26f0:1780:5::216:901f

2a02:26f0:1780:5::216:9027

DNS Response

2a02:26f0:1780:5::216:901f

2a02:26f0:1780:5::216:9027

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f

DNS Response

2a02:26f0:5700:19d::240d

2a02:26f0:5700:182::240d
8.8.8.8:53

d9217321.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

d9217321.avi18tiny.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f
8.8.8.8:53

n3338300.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

n3338300.avi18tiny.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f
8.8.8.8:53

s-avi18tiny.avcdn.net

dns

instup.exe

67 B
207 B
1
1

DNS Request

s-avi18tiny.avcdn.net

DNS Response

2a02:26f0:5700:182::240d

2a02:26f0:5700:19d::240d
8.8.8.8:53

s9788044.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

s9788044.avi18tiny.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f
8.8.8.8:53

x1281465.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

x1281465.avi18tiny.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f
8.8.8.8:53

y7637820.avi18tiny.u.avcdn.net

dns

instup.exe

76 B
199 B
1
1

DNS Request

y7637820.avi18tiny.u.avcdn.net

DNS Response

2a02:26f0:1780:5::216:9027

2a02:26f0:1780:5::216:901f
8.8.8.8:53

shepherd.avcdn.net

dns

instup.exe

64 B
188 B
1
1

DNS Request

shepherd.avcdn.net
8.8.8.8:53

50.139.73.23.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

50.139.73.23.in-addr.arpa
8.8.8.8:53

v7event.stats.avcdn.net

dns

avg_antivirus_free_setup_x64.exe

80 B
165 B
1
1

DNS Request

v7event.stats.avcdn.net

DNS Response

34.117.223.223
8.8.8.8:53

v7event.stats.avcdn.net

dns

avg_antivirus_free_setup_x64.exe

69 B
154 B
1
1

DNS Request

v7event.stats.avcdn.net

DNS Response

34.117.223.223
8.8.8.8:53

v7event.stats.avcdn.net

dns

avg_antivirus_free_setup_x64.exe

80 B
211 B
1
1

DNS Request

v7event.stats.avcdn.net
8.8.8.8:53

v7event.stats.avcdn.net

dns

avg_antivirus_free_setup_x64.exe

69 B
200 B
1
1

DNS Request

v7event.stats.avcdn.net
8.8.8.8:53

v7event.stats.avcdn.net

dns

avg_antivirus_free_setup_x64.exe

80 B
165 B
1
1

DNS Request

v7event.stats.avcdn.net

DNS Response

34.117.223.223
8.8.8.8:53

ssl.google-analytics.com

dns

instup.exe

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.180.8
8.8.8.8:53

ipm.avcdn.net

dns

instup.exe

59 B
141 B
1
1

DNS Request

ipm.avcdn.net

DNS Response

34.111.24.1
8.8.8.8:53

ipm.avcdn.net

dns

instup.exe

59 B
141 B
1
1

DNS Request

ipm.avcdn.net

DNS Response

34.111.24.1
8.8.8.8:53

8.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

8.180.250.142.in-addr.arpa
8.8.8.8:53

ipmcdn.avast.com

dns

instup.exe

62 B
157 B
1
1

DNS Request

ipmcdn.avast.com

DNS Response

2.22.15.85
8.8.8.8:53

analytics.ff.avast.com

dns

instup.exe

68 B
117 B
1
1

DNS Request

analytics.ff.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

ssl.google-analytics.com

dns

instup.exe

70 B
86 B
1
1

DNS Request

ssl.google-analytics.com

DNS Response

142.250.180.8
8.8.8.8:53

analytics.ff.avast.com

dns

instup.exe

68 B
117 B
1
1

DNS Request

analytics.ff.avast.com

DNS Response

34.117.223.223
8.8.8.8:53

ipmcdn.avast.com

dns

instup.exe

62 B
157 B
1
1

DNS Request

ipmcdn.avast.com

DNS Response

2.22.15.85
8.8.8.8:53

1.24.111.34.in-addr.arpa

dns

70 B
120 B
1
1

DNS Request

1.24.111.34.in-addr.arpa
8.8.8.8:53

85.15.22.2.in-addr.arpa

dns

69 B
131 B
1
1

DNS Request

85.15.22.2.in-addr.arpa
8.8.8.8:53

29.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

29.243.111.52.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log

Filesize
26KB

MD5
d45fc9c860b24cad904d651f5ea35a3f

SHA1
d8233a1c7e773d8cb7994806b0e4c4c986e8ab31

SHA256
0098443dc5f5242035e0eaa1e418c70e8832a2f2cd29cbd581da647d5378ab91

SHA512
407a64457a9297ac8b28c7ad48b3b7055a59afebe6a9c6580dd5b3bfe8049bfe27f099ead3e6fae3c5519483aa23bc80fb427e9f23914bf54d3469acdc030ed0

Download Submit
C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\Setup.log

Filesize
1KB

MD5
471b11eea34e4bb95854aae00bc898d2

SHA1
8c6278a3fbe04ce7bbd05f640447cce3c19225c2

SHA256
8380145f8e604813c75ba11cbd919ed18af3b87307949d448d70936d8e332888

SHA512
78a3bed138b7a14dc82769cd1f94ae42d4598a85ed8b67057d0cc0e43b1cedd4279e63fdf0495340fc9f372594f359e6cc1afcc91647364c782cdd432675704a

Download Submit
C:\ProgramData\AVG\Persistent Data\Antivirus\Logs\event_manager.log

Filesize
281B

MD5
622db09c358517b5b342c31ed2b65df1

SHA1
2c38476954751df44e54bbed724ac2203e3e5df3

SHA256
4571cc909151ddb0a590acabd3faa672a0dcd8c49ecc4e1b0ec0f16eea095166

SHA512
24335ea4bf1221a6c2d792817aa60707668f4be6a5da47c7c2be744b19ae0f8eafd630f95447c27918d75d8d4a76f54dfadb94e5d88665a83e16cc9baa41f7fb

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\HTMLayout.dll

Filesize
4.0MB

MD5
4cc6efda014cc654142c97cd09175e37

SHA1
9ff80f73eb8aa9563ee04f3857fedbb4167a9a2a

SHA256
0ffd67c501dd1778c35830465f07f2390e318a485e0b22e437404b0a9d4b5ad2

SHA512
064ceb07ef2a8a5db7d07a3ee58df07008efd642f12960c7dce837f533876199c0773a4b9861cf7907487b7fb2a96d6a1efdcc854855fd9246198ca438cab751

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\Instup.dll

Filesize
18.1MB

MD5
e9134948a4db2642f9bfaaf157a18bd0

SHA1
98249d941c196e9ee01f5d77713f13a12fff87f4

SHA256
67721cd04b1866888a97c1027e6d6ca5805b08124b724a31ff9931f9f3e28b2a

SHA512
629b39736755e9a9987a74aa9dab6aec94be061a3c70c140ce98d4eb9ca3575ccc02380990a023f3fbc1f49d56518f1dc9345fd8c7fe3b9cfbf7eb9c80187995

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\Instup.exe

Filesize
3.6MB

MD5
cb33ee6145c1dfad640103e1bc8b00e9

SHA1
e68405536c9501a5f7617636db734a7e7bfdb61c

SHA256
068bd9cd5dc944ff9030bdf3e31638408314e54861b93cdaf8c3c905a8005cac

SHA512
31608dc1d295c91d012fd4634494b182c6d4b70c255036cbd0f71ace56fbc1a69f8358b8799d2db21e0bea1010ad79dee774b6049bf31dd513042b460722508b

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\asw7bf102b3a7467094.tmp

Filesize
19KB

MD5
ebd5c38aa827d9777dcde81e2a037b6f

SHA1
740eee39569863c6baa780e7d82c848c92abe0c1

SHA256
7fd358eddcef6756f315fec2bfad52286402f7194104fcfd3dcec7d588597025

SHA512
fc22fff31b6e84297af9769b84142960e45bf9d8b71e9039e3829be9c671fc173dd47c88c25807f3e7bca0b87f842de500f5227e21ed312bfae2e89d0b65ff0d

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\New_18050d08\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\aswaf95038bd6ce18a5.ini

Filesize
1KB

MD5
2f4301ac41da3c8c865bcf0a2686246d

SHA1
fe799dedf9d99c05e79e54539ca8c0e853f4cf91

SHA256
584591ed817da7b6addff5b70ab11508288eab29c06e48f7d61d7fd861e5594b

SHA512
8717af385c54f98d6ca9f8a054d6eed0a99608dbbf943d1d24007ee3ebc589e563d69e799e0c11e822e7328501739dd52752b0902c4982229387ba45df50d3cb

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\avbugreport_x64_ais-d08.vpx

Filesize
4.7MB

MD5
ebc2e21a31af7ba94c3a70db0caf23ad

SHA1
36a25c19c6becbcf8e1c959458867f59cab774a3

SHA256
b1819bf1551be44e0f293f6b6ead1841aacb63ca3a9d90f1a31c9cb52f648c6e

SHA512
e777fd82cf1d782e73dc8796c57ecb9be4ed09256af456190ae0e414de651226c3eb616ae4ec1c245e55934843dd85485e0594c0125e013c47b48d89fff5f739

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\avdump_x64_ais-d08.vpx

Filesize
3.3MB

MD5
c339cfe0485edefebae496b088d41221

SHA1
684e4fa30a601ef645293cc5a8b008bbc03b9483

SHA256
55ebd9dc7c26877a51e11722d3ea17f1afdf39a30aeda07ef6804659c34e54c4

SHA512
c78b4735ed9184219f95a461e97a47d95b60f353ded28d692a72f9c3db2ead081b700731c8b673e8a1ca969519281d8e73cef449d5bb6bcfd282fcd2261f4a5d

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\config.def

Filesize
18KB

MD5
b86dd14aadb9e34d004ad39a4693ced0

SHA1
1cb7775cee3e4106b2ddba89a0ccdc9dd547c521

SHA256
b64d1d23aef5cdeeb2279216a00c931b201bce90407c9cbff3a7ef2742873878

SHA512
03cb9215521da45e1df7b926fad7b0afd5ee001944c475a90c8646d7621d0d062267a682e102d81da0b5204ed215ec6ba4c7646d9340d71b0cb77ca12ddef0c1

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\config.def

Filesize
18KB

MD5
0b575a6d40715ef6b6437f3d651365ec

SHA1
22c0e7f738cadb4e9287ce8b0ff75dd6781fc0a0

SHA256
4b442e9da01b6ba0e1f53afedbdbc6aea667cb1fde4b47f5a4cb871102ee2423

SHA512
bab5777b2a14edcc927d9a2feeaae3f76d4d670ab1ef4685cfe1f1432c3f058dcaf0c4b1b3c697c1e20698087d80eb549cf92ede68638cd2bf48b53a73a26782

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\config.def

Filesize
24KB

MD5
209f5135ae4c7e8ff1f1948876c5ee32

SHA1
8c009e6864e653320b8cc62e65d890788d9a7fd7

SHA256
ee62e0b16dc86b89f4c4801c531124190b2853c3333983289ef1d9b8ffd41eb3

SHA512
01551c424195fb3cb1dbb014096c1b9c042ee196f90dfdb5d26a7130578978f161d7b84c71d73f1daa4fb6554d9802570c4bf8953d29d5f88eb9e486766e98ea

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\config.ini

Filesize
696B

MD5
49e06bf9341fd92a249159483627845d

SHA1
d23b7e1f861cedca0b1212935b5328fee3cabafb

SHA256
feceb79022e6100df56347a6c86b1aab254bbe156f9dfc2002c013bf7b7e8ae8

SHA512
99c7c4430fbec3d82b1c22d2a413d2d1a905ccdad4c03bb85a760b66e0d8f7ddba82db2f8463f100fc661a1a4dddc7a37ac08b77b5f9a4592315244fcb978df9

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\offertool_x64_ais-d08.vpx

Filesize
2.3MB

MD5
993a67fbd5162510a2b0f3fba05bad33

SHA1
3c76258240a04c05341e611f55bef10341e34ff3

SHA256
0b7c3caa31928131ce0e1ca570aa72e20a98dda13e4ca0c59f31cc677d8e8c6e

SHA512
44a335d3db00fa9148066a5f2d2a9f5250d7df2315d132ab2798b02e2d21b700525a00be91d960e1564a6ffc0ee95347f0df9ffc27a10cf807d5a926ab5154a3

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\part-jrog2-79.vpx

Filesize
211B

MD5
aa442786f758e5ad442aea88d6cf6124

SHA1
6c464722d20d261a155e2c5f6105cd8a4f0e5c21

SHA256
ba1333f2355a7660001410efc8ae3e0b49d1600806272050883980889d6e250b

SHA512
add459ffec8fa3883a56a64fb0a34bf0c99fbda9e296e30911f2fee313626a68ba3e1d56671615b6250a9adfa8a6e07e76a86dab234500a03c60a07556a50e1f

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\part-prg_ais-18050d08.vpx

Filesize
73KB

MD5
d264bf74d7ffcbad341d9fcefa4893bb

SHA1
c7e9a0972524fa573825865c46eb6728d3e219e0

SHA256
4b01a68078d7e1af1c0197baddbbb1ef4d3cbf13f71e8b9df766f88b4e6d8025

SHA512
afbfdf6fdeb5dc427340de691726e79cb5bcc41bd488c557c684efe3f26d83a17f1118cc50bd64541a9a839d3dd4329a72a9423e65d3e9cdcfbd14003f1e0dc3

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\part-setup_ais-18050d08.vpx

Filesize
4KB

MD5
0344288a18997069003d84c226a168f9

SHA1
0fe47920601834e620737ad321fbb24d38c7ee94

SHA256
675bd92f752a51bd7d9797895252b3130095a06d7d5db8f221ab6251735ead8d

SHA512
b1680ef42d7e2e56fbb124c91da27f15e6c946450c7d03d95b937c3cde80dbc2260e11926578075df255058c2307058429fd2f7307fc0a105c775a9b8aa82429

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\part-vps_windows-24061199.vpx

Filesize
7KB

MD5
91760dd268918f34d5035b70231c6662

SHA1
c244a869726ab00bc674ea81970ddc739f240426

SHA256
60cbcb938b4d06ec162bb2379fe94f0f22cac8927ea5740cb52260809c5ef50a

SHA512
30f015fc4cb040e617caff7545290b7add9ce500a2bf10a72d53eed64b0972754e4a5dc1296b50b06f286a473950b21c3bec9fadbe9733942d59542ec19175d6

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\prod-pgm.vpx

Filesize
572B

MD5
6d08ac0131cac7a2f9f2ea5d9d0b0cc6

SHA1
25983c1419089c6a7570963dda2d06e022b3b36d

SHA256
846f9f2f624c8a1f001a4bd7c7ca3158c8c79cb11fa6d474cfdf8e48d0238a3f

SHA512
753890f34fc1a925177a594c8bc5e19dc509fb8b32c1eef429496c5d19421200bdd75879c529981823340718bee82dafdf3f262a9ecf65de9ef03d12a1684b2c

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\prod-vps.vpx

Filesize
343B

MD5
b516373c4f4f0bd98bbbcd71b4022e4d

SHA1
fb2ccdcbec8ddcd91f35fd762dd86a5b2cb8e062

SHA256
52e06087d9c0968150bc5d3b06895e3ab9b69aebea20e0328434b703aa242099

SHA512
b1ef7ffd12b104a3caf8676c95285693c2af057537df0e87a292cea51bddf34be3ff00adae1337ecede93a8de9bb9ee71c464920f9f54c7bf3236d74aae98469

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\prod-vps.vpx

Filesize
340B

MD5
a6aa5195417c52019dac2ea520161d70

SHA1
3867f26e50214fbef5698dcea3840ba6c35ab23b

SHA256
b5992d7f4f9cfbd8c06d0b40110f296e70a7b804e581553d120d22146efdfc92

SHA512
6986e715d9adf1142d965f0b8d0ec99915537015cb95ea14b9565f0aab3f2fde6c36ef06d760c8c32e0ad452419edcce0695eee5397f97afed3a28e75f25fc50

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\servers.def

Filesize
27KB

MD5
2b62fb1ecd174c7e951f2b8af502c1c0

SHA1
90744a9355dd5b74d2ecc7ee34fccbeca1c18f1b

SHA256
1fc616dd97e72451eda1324979f65df6af823aaaee1c83e5c2c3f3308cd26a67

SHA512
0f14fbab88469ed19cde8d54ad74276ae4b03a783bf99def2d0f4d655a6ff86a35aa7ce4e8a7dcb936c70789efc4714b9bf1b317e485a6a44f150be6792cd7a0

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\servers.def.vpx

Filesize
1KB

MD5
ca027a5ef5f6d21d7e42855fa4db4120

SHA1
eee669fe1c3cabd5f96c65ac992e4851f8eca9da

SHA256
e1b5e5122457b19ad5175b0b372d6d0b55813503827ad1d84c26f23b8506a66d

SHA512
8dcd63d2406f6f7e67053342553345bb372401a8dda64e1b41e937df7359a8e4c0afa9705d8fbb953aeed403d54bcd6a5d5bddf7ca1d6c43f1da37020bdda491

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\setup.def

Filesize
38KB

MD5
49474897d267894daa13e9dcb168793d

SHA1
10331de148bb89ecc6e1af25bd3b0a862dd2b4eb

SHA256
0b9aedce74468150c054d27649dad8f98109e537a581649be6668a13cd29e6a7

SHA512
687dfcfdff27d8be7fa2b7a277a6bd269bf719ca12bf5e7f38643582785032cb8b0e11c04180736dfa56c2b10a12e10c10e50427ceacf6d6332125ebf65eb9da

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\uat64.dll

Filesize
29KB

MD5
c53dc6d8050e08d12939b95e2f5c53dc

SHA1
01f3fd1a4c730cad939d243e6bb8f9fe8f1e0138

SHA256
5a690ef46a5c889adbad580b773a6025040426ee11d3817927dd1e77698e8ece

SHA512
75ec453cfa12a071322877db4244746de6ecec779c4f267cb3b9729437f3e0a90ffa2fe1d42e5baf05c159c8c6ef6c71bc7e258044162e5fcbaad10a9e93d84a

Download Submit
C:\Windows\Temp\asw.bfabaa787f845146\uat64.vpx

Filesize
16KB

MD5
bd33707a5e0b6cc434fbaa32e69cb30a

SHA1
34ddc8fbda6acef9e07de571d4c00e65e3c09958

SHA256
bf60d1aa67abc73f927e1544ba8b66a79ec9143caedb15e1d94d023be6aba036

SHA512
02b78b7796e55e245d00ae5b94ae767c6c7da480ec609e84b1a4deafb5f6dbb8f15ad5947b3db421048e17d46419b2149ef23aa369ce42288d3bb5817a0863de

Download Submit
C:\Windows\Temp\asw.eecc863cc3decc7b\avg_antivirus_free_setup_x64.exe

Filesize
9.5MB

MD5
72c1cad77d7a37f6eed6606b00b22738

SHA1
1883d039f42ead5318de8f5f37b61bad4b61fa72

SHA256
47cee4d44e8fe27f3229fa751c11259227a00b605d6a42e2cb066f100a9049c3

SHA512
87104f2cf47683f113398e71b795fbeadd6835b5d333e1aedf22e7d3afec7de3e138cbc949947235ff4892489caaf219405832df91885084e361806ac22d0209

Download Submit
C:\Windows\Temp\asw.eecc863cc3decc7b\ecoo.edat

Filesize
21B

MD5
b7a649f519bca7f8e5186aaea02b48c9

SHA1
9a1e5074bbea1693659a70c85ef8f66e20a97422

SHA256
d9defeae2cfb91b2871eaf62bcdc2b0e2390de6ba02343407dd658e37f75f543

SHA512
dc033fc80e06b5013f85f5bda1927421f6635d85bc85d2ae7a5694b69e4bb14e50d9320a7963bfabf113f9e0e58cd6fd1442dc3530335ea3908383e36e2dd506

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request