Analysis Overview
SHA256
6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84
Threat Level: Likely malicious
The file 6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Unsigned PE
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-12 13:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 13:46
Reported
2024-06-12 13:48
Platform
win7-20240508-en
Max time kernel
144s
Max time network
148s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84.exe
"C:\Users\Admin\AppData\Local\Temp\6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 13:46
Reported
2024-06-12 13:48
Platform
win10v2004-20240611-en
Max time kernel
92s
Max time network
140s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \Registry\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "26" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "45" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "94" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "61" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "72" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "80" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "85" | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "24" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvBugReport.exe" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "81" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "50" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "84" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "70" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "25" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-a3d.vpx" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "7" | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "73" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "8" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "34" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "48" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Main = "0" | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "15" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "12" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "21" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "30" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "86" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "74" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: prod-pgm.vpx" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "2" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "44" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "58" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "96" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x64_ais-a3d.vpx" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x64_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instup_x64_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "5" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "20" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.exe" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: sbr.exe" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: offertool_x64_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvDump.exe" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "54" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x86_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "25" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "23" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avbugreport_x64_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "100" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: servers.def.vpx" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instcont_x64_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: sbr_x64_ais" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "6" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "59" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "53" | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 32 | N/A | C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84.exe
"C:\Users\Admin\AppData\Local\Temp\6fc31d442d8e9a708464b8010e2f69a295ece3eaaab3a80a6d1d30c27ef78d84.exe"
C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_003_999_a5e_m /ga_clientid:61fe227d-a62e-414c-bf6c-b4edfc240fad /edat_dir:C:\Windows\Temp\asw.940b0d79ba177bfd
C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.ba838a31135c6c00 /edition:1 /prod:ais /stub_context:ab0cf964-05b5-4349-8008-3666cb935afe:9897680 /guid:1d156b8f-1a9c-4432-b4f7-8cf0a739d8e0 /ga_clientid:61fe227d-a62e-414c-bf6c-b4edfc240fad /cookie:mmm_ava_003_999_a5e_m /ga_clientid:61fe227d-a62e-414c-bf6c-b4edfc240fad /edat_dir:C:\Windows\Temp\asw.940b0d79ba177bfd
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.ba838a31135c6c00 /edition:1 /prod:ais /stub_context:ab0cf964-05b5-4349-8008-3666cb935afe:9897680 /guid:1d156b8f-1a9c-4432-b4f7-8cf0a739d8e0 /ga_clientid:61fe227d-a62e-414c-bf6c-b4edfc240fad /cookie:mmm_ava_003_999_a5e_m /edat_dir:C:\Windows\Temp\asw.940b0d79ba177bfd /online_installer
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe" -checkGToolbar -elevated
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe" /check_secure_browser
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe" -checkChrome -elevated
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe
"C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswOfferTool.exe" -checkChrome -elevated
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
| SE | 184.31.15.51:443 | iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| SE | 184.31.15.51:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:443 | iavs9x.u.avast.com | tcp |
| SE | 184.31.15.51:80 | iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | 28.176.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l4691727.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l7814800.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n4291289.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | z4055813.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | j0294597.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l4691727.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l7814800.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n4291289.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | z4055813.iavs9x.u.avast.com | udp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | 81.15.31.184.in-addr.arpa | udp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| SE | 184.31.15.81:80 | z4055813.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l7814800.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | m0658849.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n8283613.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y9830512.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | g1928587.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | l7814800.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | m0658849.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n8283613.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y9830512.iavs9x.u.avast.com | udp |
| SE | 184.31.15.51:80 | y9830512.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | h4305360.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | h4305360.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | l7814800.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | n8283613.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | r3802239.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | s-vps18tiny.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | h4305360.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | h4305360.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | l7814800.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | n8283613.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | r3802239.vps18tiny.u.avcdn.net | udp |
| US | 8.8.8.8:53 | s-vps18tiny.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.vps18tiny.u.avcdn.net | udp |
| SE | 184.31.15.41:80 | y8002308.vps18tiny.u.avcdn.net | tcp |
| SE | 184.31.15.41:80 | y8002308.vps18tiny.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 41.15.31.184.in-addr.arpa | udp |
| SE | 184.31.15.41:80 | y8002308.vps18tiny.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 34.117.223.223:443 | v7event.stats.avast.com | tcp |
| US | 34.117.223.223:443 | v7event.stats.avast.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ipm.avcdn.net | udp |
| US | 8.8.8.8:53 | ipm.avcdn.net | udp |
| US | 34.111.24.1:443 | ipm.avcdn.net | tcp |
| US | 8.8.8.8:53 | 8.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
| NL | 23.51.79.68:443 | ipmcdn.avast.com | tcp |
| US | 8.8.8.8:53 | 1.24.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.79.51.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
C:\Windows\Temp\asw.940b0d79ba177bfd\avast_free_antivirus_setup_online_x64.exe
| MD5 | 54aaadc43b9a0a026a86db8d350a2cd3 |
| SHA1 | d1b767200495717f9abbd808c3b38079c64be877 |
| SHA256 | de1fa4badf89ecf4beedfd8f00f79e145e3f492be540e0964ef7468213a20844 |
| SHA512 | 1d75da2ad226d1a6e744854a49b05416db10d4ef68ddf0d7d2d93f01b30a28cb84ae2b1a9c9ddc1817781a98409ed9556c02822f57965ab6f8865e3c55c36f3a |
C:\Windows\Temp\asw.940b0d79ba177bfd\ecoo.edat
| MD5 | 56f4b20336704a18bb61ef9aef436303 |
| SHA1 | e9f1ded4e5a9d2d5eaebb766bf432b41ad5e9983 |
| SHA256 | e1bfdfdb081a468302cd30abb7028e241f873549328e70661003094388b031dc |
| SHA512 | f1c7b3d7383d710ad2103d9c818381d203fe8d19f4732ff7289cee3c32d91ac81bfb9d8a62c434515aa62b54e16988cbfa57ed5872994b1ecc882eb9e34256d1 |
C:\Windows\Temp\asw.ba838a31135c6c00\servers.def
| MD5 | e76e81467cf59e07920fa8350f262269 |
| SHA1 | e0ab1867d50c7d6cf2f35ca00aa94564cde1ef94 |
| SHA256 | cd4ca129df4cda34752225d61dc5b810e768bdeb60b0b8fb3fba3826820761c8 |
| SHA512 | 5b29f1f97e6ef1acc567beb1340d13a07c52d94cc6ae6284650c3e717f137af3db43b84a2904f26e772e524dc8e69cdb86eb8e98e9ec65323769171e0ee35070 |
C:\Windows\Temp\asw.ba838a31135c6c00\Instup.exe
| MD5 | 4aed041ad383def5407e438fd5597675 |
| SHA1 | 6a5d6ddeb83b4e6425cc77190b0539b6e5dffbc4 |
| SHA256 | 1cb887579ece5a1d11832d0543f0b02c338ac8581d54909bc641abe13e294abf |
| SHA512 | 4b2c07668565f4a01f4e7f124e1050bd12228dc2547a00add12921b2300a71588387d8c2d3c0de4303222c5ea2e65bfafe2ab342417d2c5ab8ac300c40d5c171 |
C:\Windows\Temp\asw.ba838a31135c6c00\Instup.dll
| MD5 | 3b6abc970f7227284d87acd2d95c7c5a |
| SHA1 | 02b1248aa23cb8aee91b06a9b8b044fa93b469b1 |
| SHA256 | ecf706e38e489c6840b68db5b6fdb4687a175ec6c325c8673f27f7cbf01234fa |
| SHA512 | bd06e9599fee8ac872ad6cb5e539a78137daf8b831eb7be3df8bc773d91f9eb4883d01404b7c6724997e6ec1526af213ed1988780c9e40ba98227649ee91a2b1 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | f7165f3473af6d88a35edf2f2abcecb5 |
| SHA1 | baee098135281172120fdddfafa37448908263be |
| SHA256 | 0f29f9fb99f912cc081c69e2aabbe91cc4840cf1ffeadc0c1d3e88011141353c |
| SHA512 | fb0b6b200956700f26e8e6539ad344980a38b538d706b84d73d601cab66597eeb151fa1be86a051baed91d0fa49379a86bcc9c498ebcfb7029e103f50be43b0d |
C:\Windows\Temp\asw.ba838a31135c6c00\config.def
| MD5 | da59c9092a31f572c882d563c600a34f |
| SHA1 | 0ec1cb7f7c16252d637d71e08e9363bfe96a5842 |
| SHA256 | 563c4f5827c6f7a2a52d4dfe22f03e296751b1667566fe9a5ec4a7981c0f1766 |
| SHA512 | ee9ad7259df259dd6d444b6b8b933f2c6d928a3ed1f0de42598d09fdcdb0af2ae3f64dab888d3d5f4443a8b918e596f0ee28ee874fc9dfeeac422c3a9e107924 |
C:\Windows\Temp\asw.ba838a31135c6c00\config.def
| MD5 | e2154738bd8bc2c4e18f709b289f2275 |
| SHA1 | 80ca4d599d6134e202b34248782ff0c01197328f |
| SHA256 | aa7cb5c85a4419c1bc271931b7172632b9a7ea1be51e4da094defdc246bfab32 |
| SHA512 | 20ff711017fbd28483d7441ddc47fbcc825ff62e0b1144ee52a50198b4bbad6b9a7a6f97eeeee2ce8ef62e8cfa8e78a2bc9954b200d23e4e76b34fafdb43acaa |
C:\Windows\Temp\asw.ba838a31135c6c00\config.ini
| MD5 | a642cb07d1d6d9efc7e763ef5f33a0e3 |
| SHA1 | 50fe6c9b04e2d45163c6a28a328c470161433af8 |
| SHA256 | c868b9d95a9c8309ae6e0adf4cd2458b8a56af0624437eb4df1f9cdfeb8c8490 |
| SHA512 | 446978f24d2d1975e740b95051f861dbba85a48c3dc0691b27e311c5d47c65efa13ae40896e85cecd1e3856a130d1008b3c26384b80ee2524aa8bfac49bce98f |
C:\Windows\Temp\asw.ba838a31135c6c00\HTMLayout.dll
| MD5 | 39a20f9d67d6d4bac0ff081c62b13996 |
| SHA1 | b5b6b70e943a96a8697f07759245702e026be7e7 |
| SHA256 | 825288012e4c15035b3d7fdfda396912b83992bf0683f9d2a5d55dfa1306b5a1 |
| SHA512 | 798f6616b4f07bc75c5833a906735c1cc44d2ac044ceed4119005601e6f0266327ffb4819a44bac49bc0cde8b2ac7a021d098a12da586689de1119914e2032b0 |
C:\Windows\Temp\asw.ba838a31135c6c00\servers.def.vpx
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Temp\asw.ba838a31135c6c00\servers.def.vpx
| MD5 | dc5709c442df025a33cb2ca0d22133af |
| SHA1 | 5007da1e31f4705932c1f272dd4975b14bef268d |
| SHA256 | 6530f71b39a09fec9fdf8f258a488640a2094dba5e4a32cf4aa4670fce805744 |
| SHA512 | c6938f9569e943bbc04fe39acdf8e7302b77124b7f1e2ccbb20ec01242238e81b6ab83730393fe61ce716cb1c4e7df064c65bc5ce84540371fcf6a50a615cb6b |
C:\Windows\Temp\asw.ba838a31135c6c00\prod-pgm.vpx
| MD5 | d4f72d1329501105ec7111178ac7c98f |
| SHA1 | 17bfc1e8299b43c46b18442b7e74f84953dc6193 |
| SHA256 | e2919168247b931b6f7c3274c10e4b68ea9b3a67eeab74347b2ac49bea9b0aa7 |
| SHA512 | 570ee9fb319cb6a291e57abe5cde166d74b82090f818d145d763ec05810184f4548275f2cc294c4bcf395da1cbe1d138b190292b71ea1ae836004eb391353329 |
C:\Windows\Temp\asw.ba838a31135c6c00\uat64.vpx
| MD5 | 11bb373887fe44e1edea08b70c638095 |
| SHA1 | e887149cb489a3aec8092636379ac4c64e389089 |
| SHA256 | a2f66db4a802a3aeb977d40a22e399382d8b82da216645defa5b5009602fa358 |
| SHA512 | d9933cb1b8258f13b21d3bf6a648ed81de1608663e1166a8eaf1baea60f4bc5017ac218f277beb4e65e6719ca57d2910cd6c268ee8a5f8766c13680e86fba879 |
C:\Windows\Temp\asw.ba838a31135c6c00\uat64.dll
| MD5 | c0719ef096798494a616f84f587282d7 |
| SHA1 | ee38158f887bc2189234330c4891f12f9d902d7a |
| SHA256 | ba4d8d0ba809d934004da646ec31a72650dc16e4288404badd761e4bed6a982a |
| SHA512 | 7b22ac9c0c2c881674333d325363aa1d378d3b3c75700a7713a7f33b6ee144c43cd209d9fe9ff31a93b329881dc14c873cb2338af4695d44724afd5ddda5d298 |
C:\Windows\Temp\asw.ba838a31135c6c00\part-setup_ais-180517e4.vpx
| MD5 | 67a540fcde81f108f7568628590ee342 |
| SHA1 | bd454d4203eb18115264fed792b4d5e41a2e2fb5 |
| SHA256 | 328f4780c3389e61ea00604b5d5085e734adee7f162796f1130d5f36d0cf2924 |
| SHA512 | 20586f6f537b18f7e3d0945e0dbf69e6bd62457a06c739268c9867b407e9071c0b82ba8adf166ac19c78e9f36f4d8ccceb85ce1dddc1d5c6b5b49c11fb602199 |
C:\Windows\Temp\asw.ba838a31135c6c00\prod-vps.vpx
| MD5 | 0066d9b938e4d92eed90d515c0da993f |
| SHA1 | 60f4f31c64671349b100505428a618c9a9033820 |
| SHA256 | bc659320e0681b00d3b5700251822db8e60e17daeeaae4b6cad83421aaf14209 |
| SHA512 | d28022752f3fe222d24eb30beb89dbecd25db7100dc362f79463afc45ace1166074ebca1a4c0931b457e1f5643a9644e268c1f0a65109a291ba3eb003f464e62 |
C:\Windows\Temp\asw.ba838a31135c6c00\avbugreport_x64_ais-a3d.vpx
| MD5 | dd9112cf8378dd2dcd7da7652ab7ef4f |
| SHA1 | edba0ad6afe5f7d5fef1a68fe6e298285302a205 |
| SHA256 | 01a5da7bd76821e598dd0c145e402f01968a486ec0289304ecbc01e8e3e3545f |
| SHA512 | a792118766c8aefdda2f3158e3f20235b3d45e2504a8aa131189034a4c1dce36ef304253794bd73eefa9de1b58666422cba7311e93588b6b05340c23c9b24502 |
C:\Windows\Temp\asw.ba838a31135c6c00\avdump_x64_ais-a3d.vpx
| MD5 | 4dae0714e69b6d570b458d2d464ace66 |
| SHA1 | 7b87175b6810ba49fff360affcd27b0b1c163899 |
| SHA256 | 009a8b3c599329995ec197d1c9e5a13ad8bcf0888d6ef434d295b4a7e76ca3e7 |
| SHA512 | 9c5cb5a9893276cc5bfb5baddcfe6584b78bd0387fc731f0e21f963d8515a42fc77b3b8a25291ab0b09910d72193a191cd3f72a2b0dd92f27c89f5a62251a02e |
C:\Windows\Temp\asw.ba838a31135c6c00\offertool_x64_ais-a3d.vpx
| MD5 | 83a59fb227b8146aec13b3e5183da115 |
| SHA1 | c0edcf17207414387cbd193503dec8fc3d88bf4c |
| SHA256 | 240f009ab1ce95fb23cb1c76f0c944e3acc8567b4198dd6d4de7d8bbf2979919 |
| SHA512 | 317ac6ea8ea54f32614a3623bff1c0193c072c6ee8d845ab1b23575170fe1e1048f71847a23f4a6ef42e33466bd4c4d8a1fe10a2c7c48410c032287de3992560 |
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\aswbb3ef04d8ff2093c.tmp
| MD5 | c137e649a83c0d6e99b40b7244015812 |
| SHA1 | 6aaa485bec43f485b3863d525a8653d19949e005 |
| SHA256 | d54383d72f4ef21f157867ea9164ccdc3d6dd9c8de32a691a86c1f0c5a008f8f |
| SHA512 | c38621980bb82a5fdf509d92167027c67db56c3b3d17c621ef732a98595d50788a4ea934fd19a93787f7d7defadb537036eb0e1464aec8ec1cf8dc6073cae88f |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | 72201240c60d0b61407f2ff8d8f34371 |
| SHA1 | cc7ee405f1b8409523624898a06734109c02d44b |
| SHA256 | 2399c9af3a2aa671af66730b28155f378e70dc755a39a263bfae70fed79bd597 |
| SHA512 | 229ca2dac169cf8bf4b902d42f92f9c2560da82408d23cce6e3954302bb5fb8a1f37e317d92551086b432b50fc3628354687c1840a0a09bba9026f11c6c0d2d5 |
C:\Windows\Temp\asw.ba838a31135c6c00\part-prg_ais-180517e4.vpx
| MD5 | 2c670a43751b0f2adb2bbb0f5dd646bb |
| SHA1 | 74ad4b2eeb00c337bb4902def41353c44aef6e3a |
| SHA256 | 876f56bdbd1314c4f97757bbb341c908bc1de6acb5fbe8fdbbfdd2e3b1c55bdf |
| SHA512 | bd5b7b4996f1c70adb77fb3b590a96cbe673253e05a10c94c2d38ee12d63995fc385c541eaacfd653ffd7e3629673fc539830943d9202ed2c9a04f2c42f8b4d7 |
C:\Windows\Temp\asw.ba838a31135c6c00\setup.def
| MD5 | 98592e07fab8330e4b367ee1c2ee1a23 |
| SHA1 | aaaeddbb740f3fb46362ff6055b909e7215e7c22 |
| SHA256 | 046d8d52a8da3a1e288aa24452ce97ed72f47c0f327177ac76373d1eacfc9b40 |
| SHA512 | 1f734e991340156de357b638b562b6f95e762f1913953fab3b449ea6fa3fb081db02dfc3339a4dd1d5c82a0fe169d7a4d4699ce239900bd7e51372a561cc7511 |
C:\Windows\Temp\asw.ba838a31135c6c00\prod-vps.vpx
| MD5 | 51f6fac2009104d5f762fa96da0fb4df |
| SHA1 | 9798fc1805d71b77a6b8eec1ba8002cb12a462f8 |
| SHA256 | 5dc789130f9ceaa92c2530ade945ef95804f0f9519e4ecbabec0ab104b882ab7 |
| SHA512 | 2768756909dec027ea777aa95af5c2e2263814fafda58e029205cc879182128c16598b338d2e4dc0c3b80f72c9588954ed2be8fce513fbebcfd4092122c5f955 |
C:\Windows\Temp\asw.ba838a31135c6c00\part-jrog2-91.vpx
| MD5 | 50ed7b55b37c13655e12a753c7081199 |
| SHA1 | 990c0910191de72e53b0e3426d2f06c7124425a6 |
| SHA256 | 1b4d2809f2cdc781612b674461640b101b049b4a7df6d7be5b67e6c80909e55e |
| SHA512 | 67a9fc1a3feb3b47790c81aa4afb976ccf439f5c55384d0bc592776aabe4de797381aec3b8060f81fbbaa9b47004a0b1e219d2abe034f9ac496208a816a815c9 |
C:\Windows\Temp\asw.ba838a31135c6c00\part-vps_windows-24061201.vpx
| MD5 | 102a394e8bfebe0fb42bb05e59f7ecf1 |
| SHA1 | cc47fb78c38667e008ee4ed04da6c7b28f461f3d |
| SHA256 | 2e14f2273e3ce235b3ba2b387c0894c9d1a081a7527387ff717c28677389cac3 |
| SHA512 | 6419d924e80435a7063559f7753ab940aeaebdb279672654dd885c3ab0c211e80d59f63b237a3417ddf0dcbd8b836fc2c75350fbc9fef68599803ffba8174500 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
| MD5 | 359461f9f1a9e7abc456cd67c11998ed |
| SHA1 | c08c3bedb7cd898655f821cc4ed52033a1382145 |
| SHA256 | 3a26d74f809e69be9eae32534e751ce46bb11acc59bc07343c2a8a374146dc05 |
| SHA512 | 678df0a30c3c234c4d6cacc27a416591eee20099c9a9b7ceea23d19b66704158cf81567f5a8da93c84189e5d59de368d225a18273d20a955ecd79d48c1236484 |
C:\Windows\Temp\asw.ba838a31135c6c00\asw227e117854b77359.ini
| MD5 | 026a55ea25eae846db911145ae55cd98 |
| SHA1 | a666ffd0bb6e20fe5b3e8c2d89b140b1be81d303 |
| SHA256 | ef6a36f8fc557ed0ca7ce77133ab164624fe67ae500d877c3867115c7c40086e |
| SHA512 | 8a11fbac0b7a8814a915bba4bc73b68910db2f335d2ad1dd59fbaaa8d1eebd93523ec9771019356b3b3b6162358885bc47f3079f51a2270eb7295a446898acbe |
C:\Windows\Temp\asw.ba838a31135c6c00\config.def
| MD5 | a5799df6dc41e06b189f6be905cca2c3 |
| SHA1 | 6d0151e4b183ac80313f983faab48f155ff4bc33 |
| SHA256 | 87dd3203988872f4edb45214a6feffa193f341aa88aa080aeca41d9bb650744b |
| SHA512 | fb03a2473ed70639d4e8cd8f5b2b7b6dc8ce7267a15ff442fdec6ed63e8bcbb8d3c39cd8d71a6e92825b7949f800184d9158767531534b65f407751787ce5ecb |
C:\Windows\Temp\asw.ba838a31135c6c00\New_180517e4\gcapi.dll
| MD5 | 3ead47f44293e18d66fb32259904197a |
| SHA1 | e61e88bd81c05d4678aeb2d62c75dee35a25d16b |
| SHA256 | e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905 |
| SHA512 | 927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0 |