Analysis Overview
SHA256
7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3
Threat Level: Likely malicious
The file 7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Checks for any installed AV software in registry
Embeds OpenSSL
System Location Discovery: System Language Discovery
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-31 15:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-31 15:08
Reported
2024-10-31 15:11
Platform
win7-20240708-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe
"C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| GB | 142.250.187.238:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-31 15:08
Reported
2024-10-31 15:12
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
154s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \Registry\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\AVAST Software\Avast | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avira\Antivirus | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
Embeds OpenSSL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "22" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "75" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "21" | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "93" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "8" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "35" | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "DNS resolving" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "27" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "87" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "23" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "25" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "100" | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "2" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "10" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Main = "0" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "82" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "12" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "65" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "66" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "50" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "36" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "39" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "79" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "94" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "41" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "59" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "55" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "56" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: sbr.exe" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "47" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "77" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "78" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "26" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: instcont_x64_ais-a4e.vpx" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-a4e.vpx" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "37" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "90" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "100" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: AvBugReport.exe" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "64" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "72" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "5" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "78" | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-a4e.vpx" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "31" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "14" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "21" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "87" | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 32 | N/A | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Token: 32 | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe
"C:\Users\Admin\AppData\Local\Temp\7783f491dbf1508b1c53e0d371280b4e7b33042f1da5393bd1153db938022cc3.exe"
C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_012_999_a8a_m /ga_clientid:9432bff9-5e5f-4363-9446-24031730a472 /edat_dir:C:\Windows\Temp\asw.34e9d490f12e1a83
C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe
"C:\Windows\Temp\asw.f31ec4bfaa3d9841\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.f31ec4bfaa3d9841 /edition:1 /prod:ais /stub_context:b6249a8e-1de3-4a31-995d-7ff4a3514252:11072232 /guid:c730bb8d-a859-4f5b-afa7-8b9fc0120c3a /ga_clientid:9432bff9-5e5f-4363-9446-24031730a472 /no_delayed_installation /cookie:mmm_ava_012_999_a8a_m /ga_clientid:9432bff9-5e5f-4363-9446-24031730a472 /edat_dir:C:\Windows\Temp\asw.34e9d490f12e1a83
C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe
"C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.f31ec4bfaa3d9841 /edition:1 /prod:ais /stub_context:b6249a8e-1de3-4a31-995d-7ff4a3514252:11072232 /guid:c730bb8d-a859-4f5b-afa7-8b9fc0120c3a /ga_clientid:9432bff9-5e5f-4363-9446-24031730a472 /no_delayed_installation /cookie:mmm_ava_012_999_a8a_m /edat_dir:C:\Windows\Temp\asw.34e9d490f12e1a83 /online_installer
C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe" -checkGToolbar -elevated
C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe" /check_secure_browser
C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe
"C:\Windows\Temp\asw.f31ec4bfaa3d9841\New_180a17f5\aswOfferTool.exe" -checkChrome -elevated
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | iavs9x.u.avcdn.net | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| GB | 142.250.187.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 98.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 2.20.12.98:443 | iavs9x.u.avcdn.net | tcp |
| GB | 2.20.12.98:80 | iavs9x.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| GB | 142.250.187.238:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.176.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | h4305360.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.4.4:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | h4305360.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.4.4:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | h4305360.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.4.4:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | h4305360.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | h4305360.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | h4305360.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | n2833777.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r9319236.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.iavs9x.u.avast.com | udp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | 102.12.20.2.in-addr.arpa | udp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| GB | 2.20.12.102:80 | y8002308.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | h4444966.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r0965026.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r6726306.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | z4055813.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.4.4:53 | r6726306.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | r0965026.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | h4444966.iavs9x.u.avast.com | udp |
| US | 8.8.4.4:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | b7210692.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | h4444966.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | r6726306.iavs9x.u.avast.com | udp |
| US | 8.8.8.8:53 | s-iavs9x.avcdn.net | udp |
| US | 8.8.8.8:53 | z4055813.iavs9x.u.avast.com | udp |
| GB | 2.20.12.98:80 | z4055813.iavs9x.u.avast.com | tcp |
| US | 8.8.8.8:53 | l4691727.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | l4691727.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | r4427608.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | r6726306.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | s-vps18.avcdn.net | udp |
| US | 8.8.8.8:53 | s1843811.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | l4691727.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | l4691727.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | r4427608.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | r6726306.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | s-vps18.avcdn.net | udp |
| US | 8.8.8.8:53 | s1843811.vps18.u.avcdn.net | udp |
| US | 8.8.8.8:53 | y8002308.vps18.u.avcdn.net | udp |
| US | 8.8.4.4:53 | y8002308.vps18.u.avcdn.net | udp |
| US | 8.8.4.4:53 | s-vps18.avcdn.net | udp |
| US | 8.8.4.4:53 | r6726306.vps18.u.avcdn.net | udp |
| US | 8.8.4.4:53 | l4691727.vps18.u.avcdn.net | udp |
| US | 8.8.4.4:53 | r4427608.vps18.u.avcdn.net | udp |
| GB | 2.20.12.97:80 | y8002308.vps18.u.avcdn.net | tcp |
| GB | 2.20.12.97:80 | y8002308.vps18.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | 97.12.20.2.in-addr.arpa | udp |
| GB | 2.20.12.97:80 | y8002308.vps18.u.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.4.4:53 | v7event.stats.avast.com | udp |
| US | 8.8.4.4:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.4.4:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 34.117.223.223:443 | v7event.stats.avast.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ipm.avcdn.net | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipm.avcdn.net | udp |
| US | 34.111.24.1:443 | ipm.avcdn.net | tcp |
| US | 34.117.223.223:443 | v7event.stats.avast.com | tcp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | 1.24.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 8.8.8.8:53 | ipmcdn.avast.com | udp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
| GB | 184.26.189.54:443 | ipmcdn.avast.com | tcp |
| US | 8.8.8.8:53 | 54.189.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\Windows\Temp\asw.34e9d490f12e1a83\avast_free_antivirus_setup_online_x64.exe
| MD5 | 285b70b3ac1698009e386ece00acee56 |
| SHA1 | dda4d5748970490ca1100d7e076045b3648008a3 |
| SHA256 | df8b438844b84bae4a78bd4a593fd28be2fd58a0fd431e4b942661eea9476dc0 |
| SHA512 | 5c4a1819cd444d576e81fa10a686dabce9e66fae197aa1668cc2d394289a2722eeed7f88f5d3b80b2c9526ede50cb03deba999ecbaeb30e212c91e84b540580f |
C:\Windows\Temp\asw.34e9d490f12e1a83\ecoo.edat
| MD5 | 082a60d63f45470e93dffa9e2b189abe |
| SHA1 | 6b09b3930f2d7300276a49a095aef7a9c9515bb5 |
| SHA256 | 330d39f320767421547332b755664af1360d17664a4e2544b3d30ce628c209e2 |
| SHA512 | 1d1b8a354b6fab811005fee427ab2a3ca0abc044b8bc1f55ee2c98aac55d917ff77c4ed6dbb8cfac181c76e18f97849a2c3cbe30685b2f3fb2e9962a5704ebdd |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\servers.def
| MD5 | b1960612149e68ce8d6f4827c5b39073 |
| SHA1 | 6259a3ebd659bb63ec59fab4c8e1aa79092692a4 |
| SHA256 | 847bd020bc930856d25c54d5fa03278b0e6b2434f2560f3c6b7c000332012173 |
| SHA512 | 81d2737ca459d8fb3aab6dede1c666efdb6c3a851f1018a8b2d5166060de05fff7abb8eaa9e24ee441137033bd0574ce107ef9d3abd93ddde4b86cda76625423 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\Instup.exe
| MD5 | 6179a6bcb9d35753d2deb3c1594a9bad |
| SHA1 | d114563b01f474084efd2c4f7edef133cdc1018f |
| SHA256 | 0f1d9af4f5eee63bf1959ec61e459f9f304c77ba3af29cbd640910661ecbe2d2 |
| SHA512 | 2cd159f3de29a011d4b6c807e87c3b404e311f39d015b5760febab1f480cca9bb8472ec53e912d526eaba65f58659acea1530923caa6c2baa60cfd9f98786f69 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\Instup.dll
| MD5 | 0d09efc988c41b14c4fd0bd9c1457b87 |
| SHA1 | 7c8bb0b4760edfc009e8b122124aa2b70e1da93a |
| SHA256 | 49ae4e9a468593038c1ab7fd6f988ddc0eace7e8c3c407c53b130e2eba1506fb |
| SHA512 | b54c3ab104ce574690155d672146be30a1ae45abec71ddaad81ba16f9435f76deb4daccab628b006cbde0e9c9a85b99a3b8a33ad4dd3ebdc05a2dbb963062993 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | 78a7c218abefb99e0df8c6fc88e72064 |
| SHA1 | d31c0642d122b2ed08172f480b3c052be624529d |
| SHA256 | 28212fd7877dd19f3db01446f7fa8ed0b858b2b03f17f5778215a25e2cd980a9 |
| SHA512 | 125abab837236d0c133b0a0d26094a19aa4f2f2e97e156c7a0a03fd576768ca97eb29f5e75ce9a35444e10e05f4a16e6d93e87a7c456f2c9e480300a466ebd8d |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\config.def
| MD5 | 5a0f70dfbf66819ca9c50d6ac6f3702a |
| SHA1 | ab4d2eac9985dba69422cf8cd6bc36846eda1855 |
| SHA256 | 31acc29e2df1d0841bbe81db1c28e145d44aa5805c3fd3a1615b6768a08514c2 |
| SHA512 | 13b24f45680e1607dc6fd2560b697918d11c4d8fec1ef561961e5846887f37623470782e36daa16005bf52142de3bd2ff15860c015a798e4729d6625c335c0ad |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\config.def
| MD5 | 964caa374f6e5f75a4248ccbc9d45a23 |
| SHA1 | 68672e5a9e998106301f92d4ae6d72c59d5ed23f |
| SHA256 | 729808c053c1df8a277d7aa6954729978b5dc0f0525f0a6485f91ffbbd12f8b5 |
| SHA512 | ce56bcb63f9d87974d060367ff9eef81ad24cd140123bec045b63fb23cc0e319bb550cd6b1421aa87c16c34061b2e420250067bcf67edfcbe96d27d33cba6adc |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\config.ini
| MD5 | 43c3b4f81a211fdd4bdca66e3690f785 |
| SHA1 | 6ddc10edd9136919dd9aadeabe0a261e71a61bf7 |
| SHA256 | 273c8f24f4af11fada60619c81c8909e0a4326b2965c4dfebd6850dfdb2ab55f |
| SHA512 | 14d7c9db1cd605f2e40a8f0345505f939b38d2852fdd7902a43710c68669d758adefa1e5408ab54fbc3fdd7bee937e63c9f370f75bf13da88ec6b899953dd12c |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\HTMLayout.dll
| MD5 | b0e91293160024bfc0302bbdadd0bb9c |
| SHA1 | 005fbe3c47213d4b791c05f2a8a6932dc70357e9 |
| SHA256 | 3db7c1fc402a689bb160ed2d0bc12edb6765307c725ad02e7b27510008b4f8ca |
| SHA512 | f7239b26fedc2a90c2b267467781ff26512890b879772bcc0809409a368fefd74a8930d8d4958559381dd57f7bdc769668c5ec638b5ad82e4a20a1e0217e9304 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\servers.def.vpx
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\servers.def.vpx
| MD5 | eab5eaa228b24e2a0c3313fc200caa97 |
| SHA1 | 407dd379fd78df5b31585931fc567a1f9a3da40c |
| SHA256 | 5d784971dcc44fd271dccb4351ebabb16b3170ff680ccfa64dc848a4125651fa |
| SHA512 | 126b2bf2a5fe7a4d78eb766f95e4e7fc15095876ffc25f0955f1d073f351281b3d7a8f1cc3c8b8cfad7157e705a0d8019b28a82ce72c15f02cd31029b801bb0a |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\uat64.vpx
| MD5 | 63e7a59b7d1f9405ba1a0e685ca98af7 |
| SHA1 | c90d503b31b8027a0fbbe1f0008021e27ce42609 |
| SHA256 | 03cee410775634e7570b80077ca95e47cbafbdf982c19ac2e222726d28b9a584 |
| SHA512 | 9b70322f966accc16435bd3869106be18ac7e21962846938e64c7001c663cbd1ea7a7662e0d85af97af05820192ceb0bb01d65cff3d7bbe8467b873a872d644f |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\prod-pgm.vpx
| MD5 | db09685c045dc0df0552427c752a1aa7 |
| SHA1 | eb0e8e1e9839e7517efb7fedfa7edabc5d57587a |
| SHA256 | 9219680462bef7060264ac63d21f3332daf0fca5090cae295427710895be0002 |
| SHA512 | d0b4b1c23557aa18a5ca9299c7269cd2221ec8b155b9ec9c045f6ddb612f1979a9d3e78ae395dc6e515338ee8bdf13225a1cafc903bc800a22b9b9e3489a462b |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\uat64.dll
| MD5 | b49ac1e7007e1e445c45fc906e96687e |
| SHA1 | b33adeb3d8ad516a3fe826cc3f48f9c6e67030cb |
| SHA256 | da17cf39c773ab3048e767aff993458e284837287e8c4af0d139ad71f3459ff8 |
| SHA512 | e3ef8ef9423552281dc12e25eeef69b954e50bc844442d7e0de9c7e066c53e62dc84a43e44428caff1e18b06470c17d25e65825c07f5f85535d97ace23f05ba2 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\part-setup_ais-180a17f5.vpx
| MD5 | 9e51873b5404f36f66233ab303691c3c |
| SHA1 | 829708f060b08fac4fc0474d2eddc76ba8a0d560 |
| SHA256 | bece96f0fdacad51d9b490a4ecf7e129ef8feace87795d9ba9cb7901536d3f58 |
| SHA512 | 0d9b13ae03de4c94f0863a576a986810ba0d0d0cab1a8676f160628a66e26d76f673ca51f7e7ac48dd507b358a41220a94bb5dbbc96ed9dd95c29dc4c1288e6c |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\prod-vps.vpx
| MD5 | 8499e8596ec1c873e132662092da0a85 |
| SHA1 | dd27c53c9fb86cbcc367182fccf8bd0af6ebb763 |
| SHA256 | 26d22504cae4bb0e7de6e10317a97aa4be15a0a3fa9bf2d735d89213696e0712 |
| SHA512 | f06bcf0f8239a15c78b8113d27c60b32bcdc1be25d913ef3356ca5a58349e12b14b6673838e83972d81e90e338d948781626d5ff6db3a6fea303b8aead98824d |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\avbugreport_x64_ais-a4e.vpx
| MD5 | 842ce0dd7cb9f7da03deeaca914d2601 |
| SHA1 | 4fb1155f24c0a21ce05422acef92315b28cd00b0 |
| SHA256 | 8611887d7a6d0e09154624ae8842101b75cebb9fbfed3ea5b75757dbf27f9c2b |
| SHA512 | afc099e544c225ee59ea322b9e8214eaa52e38f87c3ef1e9c1342381ed6297edf0f2305e110e0161a8bc285282277e8f71d97c6975be2692694b252b7fc14227 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\avdump_x64_ais-a4e.vpx
| MD5 | 1015a45d5a55cc49d7c9c7b738059b42 |
| SHA1 | 378b0613fdb97f20c4fa7ada4d6ff477235ed714 |
| SHA256 | 540d3f4ac06e02499b99a63e385fad6b9da3a0ddddd0f53c471fa337b29f6c9c |
| SHA512 | 0ea22eee2e4888a14ec99f288e115e94787dc98e4e23431fcecc19a7b54f5f7511b01317709a1fc5df667f97b7eda25d0cdb54b15b1e26c8d14921462a43089e |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\offertool_x64_ais-a4e.vpx
| MD5 | 6f6329510f25a07190dcb390f64aafb0 |
| SHA1 | bb01be426c6b48ffd4de21bbc8b57d5ac98dcd3b |
| SHA256 | d494b12aeb973291ed85ff0ff94f734a827f14f52f9b2888824caad56a8192f1 |
| SHA512 | 5a140f6748348159ea00a686e555aa514d356a4855f75560110ac7745b172cf7e69861599d74596300252a0249f7671637d49b1cd2a63f2f43aaf818dca198f6 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\sbr_x64_ais-a4e.vpx
| MD5 | aa4483fee9197dcc99ad3e6fd1ed976a |
| SHA1 | a7a70cc9d0cab661aa276a718eea9f5b4b417674 |
| SHA256 | c782bd3a455f7236c1f99d3f85805ebb8b79ff622d1a989d148b1c7db5ee2b31 |
| SHA512 | 69b127b1516b447786d7cf0604fb75db1fff95f6d755c9f698a3164c8685a87dd3b288bcc70566b1e6c3aed444ee5db0321c19830e95750b79233952ba8188e8 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
| MD5 | 43cb5536471a7dbf310f70cc16e233a7 |
| SHA1 | c3933ce950dd1c6bb7a89eb667b06cad3ec261b5 |
| SHA256 | 2c8933be89011dc9fda06a8e5838cc689949df36320f5f5547debe75d0bcd404 |
| SHA512 | 91696c045648b870a1716b2e12c4b907c6697cb29eca1c7f643d45bd2d691053bd249bc94a122585746231090349738d38b89f925f5e3630ae29f9a11b4e226f |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\part-prg_ais-180a17f5.vpx
| MD5 | 7e65c81832ebfd31aaa0971528adfe72 |
| SHA1 | 59394751b3e14f516152747902e6d8f1c0799b54 |
| SHA256 | bf4f0f44ab05c6585ab85b1d2b3ad7b36ca229dc39205069bda05674d6a6e034 |
| SHA512 | 9c6a2885b8a8dab5181052205ae9b4a53731242d5ab0e3e23e3d0be53c28c1e6800b6d9c5451a5f28a50b617f71dd457db109de32e852ac9b268962b8d997916 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\setup.def
| MD5 | 2968b90417f9078ef3ec90887589bcbc |
| SHA1 | 36ce6e67601513bd6efa46085a5570dfe0946f03 |
| SHA256 | f2de3592da42e4d30ffbfe8215539e08b0d9d7a4812b48a7a0ffe2da4f10db5b |
| SHA512 | f84b09bfd16d8564b265e9616501a09fd60b702a3871efa083ed2bbe950c52de3123829b295c360f36a6f8e0a6feb29430d7d22059e64931459cc056eec2e779 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\prod-vps.vpx
| MD5 | fa7efdecc2537c953bb8a49f6ac54224 |
| SHA1 | 68821ae21e5c476b5f451bd5a0a6fb6650a421f1 |
| SHA256 | 16ee2337d70bd3241362fd815d6ccf948836e3c5bfa1eb7921592ac909c0cba9 |
| SHA512 | 3f4e9d2e016b3d47fa2492dd0c7788bd2d320fcc39dca850ffa94d1ceaf212573f76c3e8305817ee282811f7533284a1619987ceaaee6858c8702d5cf412f538 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\part-jrog2-1643.vpx
| MD5 | 0487afba722c75421dab5ad76c907b64 |
| SHA1 | 2af01aae124736188c6879265bc8e5b8aaf5f633 |
| SHA256 | 756380ea118c2bc721918c7fe94300032667b3f5a143b6374246e80339833019 |
| SHA512 | 23047f15ca793efd76614034455653960540b7831b726234501f8bb3d057ac48ce7fef0370cb4adbffe1f1c37d4199176a701479c8824afbe3ae55ca5714ac1d |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\part-vps_windows-24103102.vpx
| MD5 | fbaf91e11247fcacda8bbba7e78e5aae |
| SHA1 | 88d882c06b0f3c30d69fe1aa018d921f1264a8bc |
| SHA256 | d5b2609e3056fb970c1ff0dd020add9fb95208c520058308595ea9a550f40317 |
| SHA512 | b5e647dfe1bfa9a81235ab91719548ac473b32f31a0c0515bf79191c23e35bc48d1654c31258df35150e27357f5e9f615b4c63450e77d081396a6c7425aaa99b |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\config.def
| MD5 | 1b03f7b4ebf35d84462727b8745a2ddb |
| SHA1 | fd57cdfbb8ac4718e6b1e77e19cc8e069543e055 |
| SHA256 | cbcdc3d960b7fbbf9a23ce09375eaa97b2d259188a3f4d2bc559b4483c4496a0 |
| SHA512 | 103e47f054e48feae4c7fb224be750afedf040a19a85e5fee849cdeba3c454fb1cec9469435ac2970c40feaf973d6149202670cf21dedfb7a0f85c3c28fe97f2 |
C:\Windows\Temp\asw.f31ec4bfaa3d9841\aswf2a7102b2e65263b.ini
| MD5 | 5afb0ff3f72c8cd221e0c4f51fb70e6e |
| SHA1 | d7be78948859ca865f80dc423fa580ddb8933437 |
| SHA256 | 4357bb7f098addc68826cc38bf7f31e6c8eff2adbb73d6608e123aa368d27b84 |
| SHA512 | f0826041347405b9a16d919d29a5c1b6ecefd48182abc72b744d30806b080e17f55d73e4d3bd08b66ddb02791d681078f8c4f46be30ba7c1de3c129b14985717 |
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
| MD5 | ba2771a2201dd4293505156eecfac7f8 |
| SHA1 | 4e2e9649cc79a68f07b708d923003eb53151fad5 |
| SHA256 | 7df249956bf923b5ab775b7bd52d688f8339cb21772b9eb92f2f314c45adef81 |
| SHA512 | 6027f66cde14fb98146a5a168459bfb981a04daf80279b17afbdee4cf64ba66b528d98f8c218adf9aaac1a269f1e646bc8c1241f19436670d5659d2222e3153a |
C:\Users\Public\Documents\gcapi.dll
| MD5 | 3ead47f44293e18d66fb32259904197a |
| SHA1 | e61e88bd81c05d4678aeb2d62c75dee35a25d16b |
| SHA256 | e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905 |
| SHA512 | 927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0 |