Loading ...

Play interactive tourEdit tour

Analysis Report https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient

Overview

General Information

Joe Sandbox Version:28.0.0 Lapis Lazuli
Analysis ID:220752
Start date:07.04.2020
Start time:09:54:12
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 54s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean1.win@3/396@47/28
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Browsing link: https://www.avast.com/de-ch/index
  • Browsing link: https://www.avast.com/de-ch/download-thank-you.php?product=FAV-ONLINE-361&locale=de-ch
  • Browsing link: https://www.avast.com/de-de/c-malware
  • Browsing link: https://www.avast.com/de-de/c-computer-virus
  • Browsing link: https://www.google.com/chrome/browser/?brand=AVSF&installdataindex=googlehomepage&hl=en
  • Browsing link: https://www.avast.com/de-ch/cookies-policy
  • Browsing link: https://www.avast.com/de-ch/privacy-policy
  • Browsing link: https://www.avast.com/de-ch/eula
  • Browsing link: https://www.avast.com/de-ch/about
Warnings:
Show All
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, ielowutil.exe, WMIADAP.exe, conhost.exe
  • Excluded IPs from analysis (whitelisted): 92.123.7.209, 104.108.65.70, 23.210.250.131, 216.58.208.40, 2.20.220.95, 95.100.59.149, 216.58.210.14, 204.79.197.200, 13.107.21.200, 2.18.69.225, 38.126.130.202, 204.2.197.202, 172.217.16.142, 172.217.22.4, 2.22.88.67, 84.53.167.44, 2.18.68.82, 152.199.19.161, 2.18.69.96, 23.0.174.9, 23.10.249.138, 195.138.255.17, 195.138.255.24, 104.19.148.8, 104.19.147.8, 8.253.207.121, 8.248.131.254, 67.27.158.126, 8.241.121.126, 8.241.121.254, 172.217.18.3, 172.217.18.10, 23.37.58.89
  • Excluded domains from analysis (whitelisted): www.avast.com.edgekey.net, a1024.dscg.akamai.net, e11018.dsca.akamaiedge.net, action.media6degrees.com.cdn.cloudflare.net, e10524.b.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, e11290.dspg.akamaiedge.net, static3.avast.com.edgekey.net, script.crazyegg.com.cdn.cloudflare.net, a-lb.tribalfusion.com.akadns.net, a248.b.akamai.net, t.av.st-v1.edgekey.net, audownload.windowsupdate.nsatc.net, www.google.com, www.gstatic.com, e13074.a.akamaiedge.net, www.google-analytics.com, ip46.go-mpulse.net.edgekey.net, fonts.googleapis.com, fs.microsoft.com, ampcid.google.com, dual-a-0001.a-msedge.net, avast.com.edgekey.net, site-cdn.onenote.net.edgekey.net, wildcard.outbrain.com.edgekey.net, wildcard46.akstat.io.edgekey.net, wildcard46.go-mpulse.net.edgekey.net, dsum-sec.casalemedia.com.edgekey.net, e10883.g.akamaiedge.net, s.tribalfusion.com-v1.edgekey.net, cs9.wpc.v0cdn.net, www.googleadservices.com, a.tribalfusion.com-v1.edgekey.net, s-lb.tribalfusion.com.akadns.net, adservice.google.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, iecvlist.microsoft.com, e5684.g.akamaiedge.net, go.microsoft.com, e8037.g.akamaiedge.net, www.googletagmanager.com, bat.bing.com, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, e4518.dscx.akamaiedge.net, e16778.dsca.akamaiedge.net, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, bat-bing-com.a-0001.a-msedge.net, go.microsoft.com.edgekey.net
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtWriteFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold10 - 100falseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification Spiderchart

Analysis Advice

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Drive-by Compromise1Graphical User Interface1Winlogon Helper DLLProcess Injection1Masquerading1Credential DumpingFile and Directory Discovery1Application Deployment SoftwareData from Local SystemData CompressedStandard Cryptographic Protocol2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesProcess Injection1Network SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Non-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureQuery RegistryWindows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Signature Overview

Click to jump to signature section


Phishing:

barindex
Found iframesShow sources
Source: https://www.avast.com/de-de/c-malwareHTTP Parser: Iframe src: javascript:void(0)
Source: https://www.avast.com/de-de/c-malwareHTTP Parser: Iframe src: //6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=9827357289563;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com%2Fde-de%2Fc-malware;~oref=https%3A%2F%2Fwww.avast.com%2Fde-de%2Fc-malware?
Source: https://www.avast.com/de-de/c-malwareHTTP Parser: Iframe src: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Source: https://www.avast.com/de-de/c-malwareHTTP Parser: Iframe src: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-de%2Fc-malware&upid=vuee4ni&upv=1.1.0
Source: https://www.avast.com/de-de/c-computer-virusHTTP Parser: Iframe src: javascript:void(0)
Source: https://www.avast.com/de-de/c-computer-virusHTTP Parser: Iframe src: //6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=1063868711639;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com%2Fde-de%2Fc-computer-virus;~oref=https%3A%2F%2Fwww.avast.com%2Fde-de%2Fc-computer-virus?
Source: https://www.avast.com/de-de/c-computer-virusHTTP Parser: Iframe src: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Source: https://www.avast.com/de-de/c-computer-virusHTTP Parser: Iframe src: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-de%2Fc-computer-virus&upid=vuee4ni&upv=1.1.0
META author tag missingShow sources
Source: https://www.avast.com/de-de/c-malwareHTTP Parser: No <meta name="author".. found
Source: https://www.avast.com/de-de/c-computer-virusHTTP Parser: No <meta name="author".. found
META copyright tag missingShow sources
Source: https://www.avast.com/de-de/c-malwareHTTP Parser: No <meta name="copyright".. found
Source: https://www.avast.com/de-de/c-computer-virusHTTP Parser: No <meta name="copyright".. found

Networking:

barindex
Found strings which match to known social media urlsShow sources
Source: index[1].htm.2.drString found in binary or memory: "https://www.facebook.com/avast", equals www.facebook.com (Facebook)
Source: index[1].htm.2.drString found in binary or memory: "https://www.linkedin.com/company/avast-software" equals www.linkedin.com (Linkedin)
Source: index[1].htm.2.drString found in binary or memory: "https://www.youtube.com/avast", equals www.youtube.com (Youtube)
Source: c-computer-virus[1].htm.2.drString found in binary or memory: <span id="hs_cos_wrapper_custom_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-computer-virus%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-fb-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-computer-virus%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-computer-virus%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=Was%20ist%20ein%20Computer-Virus%3F%20%7C%20Tool%20zum%20Entfernen%20von%20Viren%20%7C%20Avast" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-tw-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter"></a></span> equals www.facebook.com (Facebook)
Source: c-computer-virus[1].htm.2.drString found in binary or memory: <span id="hs_cos_wrapper_custom_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-computer-virus%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-fb-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-computer-virus%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-computer-virus%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=Was%20ist%20ein%20Computer-Virus%3F%20%7C%20Tool%20zum%20Entfernen%20von%20Viren%20%7C%20Avast" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-tw-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter"></a></span> equals www.twitter.com (Twitter)
Source: c-malware[1].htm.2.drString found in binary or memory: <span id="hs_cos_wrapper_custom_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-malware%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-fb-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-malware%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-malware%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=Was%20ist%20Malware%20und%20wie%20entfernt%20man%20sie%20%7C%20Avast%20Anti-Malware-Tool" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-tw-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter"></a></span> equals www.facebook.com (Facebook)
Source: c-malware[1].htm.2.drString found in binary or memory: <span id="hs_cos_wrapper_custom_social_sharing" class="hs_cos_wrapper hs_cos_wrapper_widget hs_cos_wrapper_type_social_sharing" style="" data-hs-cos-general-type="widget" data-hs-cos-type="social_sharing"><a href="http://www.facebook.com/share.php?u=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-malware%3Futm_medium%3Dsocial%26utm_source%3Dfacebook" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-fb-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Facebook"></a>&nbsp;<a href="https://twitter.com/intent/tweet?original_referer=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-malware%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;url=http%3A%2F%2Fwww.hs-academypages.com%2Fde-de%2Fc-malware%3Futm_medium%3Dsocial%26utm_source%3Dtwitter&amp;source=tweetbutton&amp;text=Was%20ist%20Malware%20und%20wie%20entfernt%20man%20sie%20%7C%20Avast%20Anti-Malware-Tool" target="_blank" style="width:24px;border-width:0px;border:0px;"><img src="https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-tw-38.png" class="hs-image-widget hs-image-social-sharing-24" style="max-height:24px;max-width:24px;border-width:0px;border:0px;" width="24" hspace="0" alt="Share on Twitter"></a></span> equals www.twitter.com (Twitter)
Source: chrome[1].htm.2.drString found in binary or memory: <link rel="preconnect" href="https://www.youtube.com" > equals www.youtube.com (Youtube)
Source: chrome[1].htm.2.drString found in binary or memory: <a href="https://www.facebook.com/googlechrome/" title="Facebook" target="_blank" rel="noopener nofollow" class=" chr-footer-social__link" ga-on="click" ga-event-category="chrome-footer-social" ga-event-action="clicked" ga-event-label="follow-us:facebook" data-g-event="chrome-footer-social" data-g-action="clicked" data-g-label="follow-us:facebook" > equals www.facebook.com (Facebook)
Source: chrome[1].htm.2.drString found in binary or memory: <a href="https://www.youtube.com/user/googlechrome" title="Youtube" target="_blank" rel="noopener nofollow" class=" chr-footer-social__link" ga-on="click" ga-event-category="chrome-footer-social" ga-event-action="clicked" ga-event-label="follow-us:youtube" data-g-event="chrome-footer-social" data-g-action="clicked" data-g-label="follow-us:youtube" > equals www.youtube.com (Youtube)
Source: chrome[1].htm.2.drString found in binary or memory: "https://www.facebook.com/googlechrome", equals www.facebook.com (Facebook)
Source: chrome[1].htm.2.drString found in binary or memory: "https://www.youtube.com/googlechrome", equals www.youtube.com (Youtube)
Source: gtm[1].js.2.drString found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq||(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq||(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"https:\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"set\",\"autoConfig\",!1,\"2144119812481001\");fbq(\"init\",\"2144119812481001\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\u003Cimg height=\"1\" width=\"1\" style=\"display:none\" src=\"https:\/\/www.facebook.com\/tr?id=2144119812481001\u0026amp;ev=PageView\u0026amp;noscript=1\"\u003E\u003C\/noscript\u003E\n\n", equals www.facebook.com (Facebook)
Source: gtm[1].js.2.drString found in binary or memory: "vtp_html":"\n\u003Cscript type=\"text\/gtmscript\"\u003E!function(b,e,f,g,a,c,d){b.fbq||(a=b.fbq=function(){a.callMethod?a.callMethod.apply(a,arguments):a.queue.push(arguments)},b._fbq||(b._fbq=a),a.push=a,a.loaded=!0,a.version=\"2.0\",a.queue=[],c=e.createElement(f),c.async=!0,c.src=g,d=e.getElementsByTagName(f)[0],d.parentNode.insertBefore(c,d))}(window,document,\"script\",\"https:\/\/connect.facebook.net\/en_US\/fbevents.js\");fbq(\"set\",\"autoConfig\",!1,\"958466707545669\");fbq(\"init\",\"958466707545669\");fbq(\"track\",\"PageView\");\u003C\/script\u003E\n\u003Cnoscript\u003E\u003Cimg height=\"1\" width=\"1\" style=\"display:none\" src=\"https:\/\/www.facebook.com\/tr?id=958466707545669\u0026amp;ev=PageView\u0026amp;noscript=1\"\u003E\u003C\/noscript\u003E\n\n", equals www.facebook.com (Facebook)
Source: gtm[1].js.2.drString found in binary or memory: "vtp_javascript":["template","(function(){var b=\"google bing yandex search.yahoo duckduckgo www.search www.info www.baidu\".split(\" \"),a=document.referrer.split(\"\/\")[2];a=a.substr(0,a.lastIndexOf(\".\"));b=b.indexOf(a);return-1\u003Cb?!0:!1})();"] equals www.yahoo.com (Yahoo)
Source: about[1].htm.2.drString found in binary or memory: <a href="https://youtu.be/4_FFxP-kOVo" data-src="https://www.youtube.com/embed/4_FFxP-kOVo?autoplay=1&rel=0" terget="_blank" alt="Play video" class="play bi-play"><span class="inner bi-play"><span class="bi-play"></span></span><span class="text bi-play">Video wiedergeben</span></a> equals www.youtube.com (Youtube)
Source: c-computer-virus[1].htm.2.drString found in binary or memory: <a href="http://www.facebook.com/share.php?u=http://www.avast.com/de-de/c-computer-virus" target="_blank" style="width:24px;border-width:0px;border:0px;text-decoration:none;"> equals www.facebook.com (Facebook)
Source: c-malware[1].htm.2.drString found in binary or memory: <a href="http://www.facebook.com/share.php?u=http://www.avast.com/de-de/c-malware" target="_blank" style="width:24px;border-width:0px;border:0px;text-decoration:none;"> equals www.facebook.com (Facebook)
Source: c-computer-virus[1].htm.2.drString found in binary or memory: <a href="https://twitter.com/intent/tweet?original_referer=&amp;url=&amp;source=tweetbutton&amp;text=http://www.avast.com/de-de/c-computer-virus" target="_blank" style="width:24px;border-width:0px;border:0px;text-decoration:none;"> equals www.twitter.com (Twitter)
Source: c-malware[1].htm.2.drString found in binary or memory: <a href="https://twitter.com/intent/tweet?original_referer=&amp;url=&amp;source=tweetbutton&amp;text=http://www.avast.com/de-de/c-malware" target="_blank" style="width:24px;border-width:0px;border:0px;text-decoration:none;"> equals www.twitter.com (Twitter)
Source: privacy-policy[1].htm.2.drString found in binary or memory: <li class="fb"><a href="https://www.facebook.com/avast.de" title="Facebook"><span>Facebook</span></a></li> equals www.facebook.com (Facebook)
Source: privacy-policy[1].htm.2.drString found in binary or memory: <li class="linkedin"><a href="https://www.linkedin.com/company/avast" title="LinkedIn"><span>LinkedIn</span></a></li> equals www.linkedin.com (Linkedin)
Source: privacy-policy[1].htm.2.drString found in binary or memory: <li class="youtube"><a href="//www.youtube.com/avast" title="YouTube"><span>YouTube</span></a></li> equals www.youtube.com (Youtube)
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x507efe35,0x01d60cfd</date><accdate>0x507efe35,0x01d60cfd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x507efe35,0x01d60cfd</date><accdate>0x50809c9b,0x01d60cfd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x50b4a2b9,0x01d60cfd</date><accdate>0x50b4a2b9,0x01d60cfd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x50b4a2b9,0x01d60cfd</date><accdate>0x50b6cbd2,0x01d60cfd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x50de57e0,0x01d60cfd</date><accdate>0x50de57e0,0x01d60cfd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x50de57e0,0x01d60cfd</date><accdate>0x50e24abb,0x01d60cfd</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: gtm[1].js.2.drString found in binary or memory: W=R.length,ya=0;ya<W;ya++)if(!v&&d(R[ya],H.xe)){T("https://www.youtube.com/iframe_api");v=!0;break}})}}else J(w.vtp_gtmOnSuccess)}var t=["www.youtube.com","www.youtube-nocookie.com"],p={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},u,v=!1;Z.__ytl=n;Z.__ytl.g="ytl";Z.__ytl.h=!0;Z.__ytl.priorityOverride=0}(); equals www.youtube.com (Youtube)
Source: main.v2.min[1].js.2.drString found in binary or memory: function sd(a){return new Promise(function(b){var c=document.createElement("script");c.src="https://www.youtube.com/iframe_api";var d=document.getElementsByTagName("script")[0];d.parentNode.insertBefore(c,d);window.onYouTubeIframeAPIReady=function(){a.c=td(a,a.o,a.g,b)}})}e.Ua=function(a){if(!this.h)return!1;if(27===a.keyCode||"Escape"===a.key||"Esc"===a.key)return this.close(),!0};var ud={AnchorArrow:ub,AnimatedSvg:xb,Carousel:Eb,Collapsible:Ib,ContentToggle:ac,CookieBanner:fc,EnvironmentDetect:kc,Footer:R,Form:T,Header:Nc,HeroSwitcher:Sc,LazyLoader:Uc,Popup:X,Survey:Y,Tabs:Yc,TrackedSection:bd,TranslateShowcase:Z,VideoModal:pd},vd=null;function wd(){vd||(vd=this,xd());return vd}function yd(){var a=document;a=void 0===a?document:a;return[].concat(m(a.querySelectorAll("[data-comp]")))}function xd(){yd().forEach(function(a){return zd(a)})} equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.avast.com
Urls found in memory or binary dataShow sources
Source: watch[1].js.2.drString found in binary or memory: http://127.0.0.1
Source: about[1].htm.2.drString found in binary or memory: http://aic.fel.cvut.cz/
Source: index[1].htm.2.drString found in binary or memory: http://c.computerbild.de/Avast-Download-Mirror-2016.html
Source: eula[1].htm.2.drString found in binary or memory: http://ec.europa.eu/consumers/odr/
Source: about[1].htm.2.drString found in binary or memory: http://foundation.avast.com/
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: http://insights-staging.hotjar.com
Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: http://local.hotjar.com
Source: modernizr[1].js.2.drString found in binary or memory: http://modernizr.com/download/#-fontface-backgroundsize-borderimage-borderradius-boxshadow-flexbox-f
Source: eula[1].htm.2.drString found in binary or memory: http://play.google.com
Source: eula[1].htm.2.drString found in binary or memory: http://play.google.com/
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: http://push.ff.avast.com
Source: index[1].htm.2.dr, chrome[1].htm.2.drString found in binary or memory: http://schema.org
Source: ScrollMagic.min[1].js.2.drString found in binary or memory: http://scrollmagic.io
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: autotrack[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: eula[1].htm.2.drString found in binary or memory: http://www.apple.com/legal/internet-services/itunes/us/terms.html
Source: eula[1].htm.2.drString found in binary or memory: http://www.avast.com/refund-policy
Source: eula[1].htm.2.drString found in binary or memory: http://www.avast.com/support
Source: eula[1].htm.2.drString found in binary or memory: http://www.avast.com/vendor
Source: msapplication.xml2.1.drString found in binary or memory: http://www.google.com/
Source: c-computer-virus[1].htm.2.drString found in binary or memory: http://www.hs-academypages.com/de-de/c-computer-virus
Source: c-malware[1].htm.2.drString found in binary or memory: http://www.hs-academypages.com/de-de/c-malware
Source: msapplication.xml3.1.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.twitter.com/
Source: clean_darkpurple[1].dat.2.drString found in binary or memory: http://www.videolan.org/x264.html
Source: msapplication.xml7.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml8.1.drString found in binary or memory: http://www.youtube.com/
Source: chrome[1].htm.2.drString found in binary or memory: https://2542116.fls.doubleclick.net
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=26568637064
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;t
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=1063868711639;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=2028289149766;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=326294911891;gtm=2
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=5131439107491;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=5946053945621;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=6330762820802;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=8915645494301;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=9119886321713;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=allpa0;ord=9827357289563;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/activityi;src=6679503;type=ret;cat=homep0;ord=2188011954821;gtm=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://6679503.fls.doubleclick.net/ddm/fls/r/src=6679503;type=ret;cat=allpa0;ord=8915645494301;gtm=
Source: chrome[1].htm.2.drString found in binary or memory: https://about.google/
Source: chrome[1].htm.2.drString found in binary or memory: https://about.google/products/
Source: chrome[1].htm.2.drString found in binary or memory: https://adservice.google.com
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://adservice.google.com/ddm/fls/i/src=6679503;type=ret;cat=allpa0;ord=8915645494301;gtm=2wg3p1;
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=1063868711639;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-de_c-computer-virus;~oref=https___www.avast[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=1063868711639;gtm=2wg3p1;
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=2028289149766;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-ch_cookies-policy;~oref=https___www.avast[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=2028289149766;gtm=2wg3p1;
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=326294911891;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-ch_privacy-policy;~oref=https___www.avast[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=326294911891;gtm=2wg3p1;a
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=5131439107491;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-ch_about;~oref=https___www.avast[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=5131439107491;gtm=2wg3p1;
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=5946053945621;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-ch_index;~oref=https___www.avast[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=5946053945621;gtm=2wg3p1;
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=6330762820802;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-ch_download-thank-you.php;~oref=https___www.avast.com_de-ch_d[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=6330762820802;gtm=2wg3p1;
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=9119886321713;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-ch_eula;~oref=https___www.avast[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=9119886321713;gtm=2wg3p1;
Source: activityi;src=6679503;type=ret;cat=allpa0;ord=9827357289563;gtm=2wg3p1;auiddc=1221601745.1586278486;u3=www.avast.com_de-de_c-malware;~oref=https___www.avast[1].htm.2.drString found in binary or memory: https://adservice.google.com/ddm/fls/z/src=6679503;type=ret;cat=allpa0;ord=9827357289563;gtm=2wg3p1;
Source: js[1].js1.2.dr, gtm[1].js.2.drString found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://app.hubspot.com
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: 2016-LP-academy.min[1].js.2.dr, about[1].htm.2.drString found in binary or memory: https://blog.avast.com
Source: index[1].htm.2.drString found in binary or memory: https://blog.avast.com/
Source: index[1].htm.2.drString found in binary or memory: https://blog.avast.com/avast-still-supports-windows-7
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://blog.avast.com/de/
Source: index[1].htm.2.drString found in binary or memory: https://blog.avast.com/de/5-tipps-f
Source: index[1].htm.2.drString found in binary or memory: https://blog.avast.com/de/krankenhauser_schutz_digitale-viren
Source: index[1].htm.2.drString found in binary or memory: https://blog.avast.com/de/uebergang_homeoffice_unternehmen
Source: about[1].htm.2.drString found in binary or memory: https://blog.avast.com/fighting-new-wave-cybercrime-next-gen-cybersecurity
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://blog.avast.com/topic/business-security
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://blog.avast.com/topic/security-news
Source: chrome[1].htm.2.drString found in binary or memory: https://blog.google/products/chrome/
Source: index[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hub/486579/Hospital_ransomware.jpg?width=312
Source: index[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hub/486579/laptop-woman-cafe-1.jpg?width=312
Source: index[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hub/486579/mom-and-toddler-GettyImages-995117006.jpeg?width=312
Source: main[1].js.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/DE/DE_Privacy_policy.html?ger
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/DE/j/main.js?ger
Source: main_p4[1].js.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/EN_Cookie_policy.html?cx
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/c/main.css?5tyg
Source: cookies-policy[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/c/main.css?vgf
Source: main[1].js.2.dr, main_p4[1].js.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/i/arrow_down.svg
Source: main_p4[1].js.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/i/arrow_up.svg
Source: cookies-policy[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/LegalParse/j/main_p4.js?ger
Source: main[1].css0.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/technology-scroll/legal/header_bg.png);
Source: about[1].htm.2.drString found in binary or memory: https://cdn2.hubspot.net/hubfs/486579/timeline/vlcek.png
Source: chrome[1].htm.2.drString found in binary or memory: https://chrome.google.com/webstore/category/app/8-education?hl=en
Source: chrome[1].htm.2.drString found in binary or memory: https://chrome.google.com/webstore/category/collection/workfromhome?utm_source=www.google.com&amp;ut
Source: chrome[1].htm.2.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions?h1=en
Source: chrome[1].htm.2.drString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: chrome[1].htm.2.drString found in binary or memory: https://cloud.google.com/
Source: chrome[1].htm.2.drString found in binary or memory: https://cloud.google.com/chrome-enterprise/browser
Source: chrome[1].htm.2.drString found in binary or memory: https://cloud.google.com/chrome-enterprise/browser/download/
Source: chrome[1].htm.2.drString found in binary or memory: https://cloud.google.com/chrome-enterprise/browser/download/?h1=en
Source: chrome[1].htm.2.drString found in binary or memory: https://cloud.google.com/chrome-enterprise/chromebooks/
Source: chrome[1].htm.2.drString found in binary or memory: https://cloud.google.com/chrome-enterprise/os
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://cp.hubspot.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://decoded.avast.io/
Source: chrome[1].htm.2.drString found in binary or memory: https://developer.chrome.com/webstore/?hl=en
Source: recaptcha__en[1].js.2.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: recaptcha__en[1].js.2.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: installer.min[1].js.2.drString found in binary or memory: https://dl.google.com
Source: chrome[1].htm.2.drString found in binary or memory: https://edu.google.com/products/devices/
Source: chrome[1].htm.2.drString found in binary or memory: https://edu.google.com/products/more-products/
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://files.avast.com/files/custom/361/avast_free_antivirus_setup_online.exe
Source: index[1].htm.2.drString found in binary or memory: https://files.avast.com/files/marketing/materials/boxshots/v2015/avast_free_antivirus_2015_boxshot.p
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://files.avast.com/files/marketing/modern-slavery/2018-20019_modern_slavery.pdf
Source: css[1].css.2.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chrome[1].htm.2.drString found in binary or memory: https://fonts.gstatic.com
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlI3K.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94bt3.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9vAA.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Me5g.woff)
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://forum.avast.com/
Source: js[1].js1.2.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: chrome[1].htm.2.drString found in binary or memory: https://googleads.g.doubleclick.net
Source: chrome[1].htm.2.drString found in binary or memory: https://gsuite.google.com/
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: https://id.avast.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://id.avast.com/?target=https%3A%2F%2Fbusiness.avast.com%3A443%2F#login
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://id.avast.com/?target=https%3A%2F%2Fbusiness.avast.com%3A443%2F#register
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: https://id.avast.com/inAvastium
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-ch%2Fabout&upid
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-ch%2Fcookies-po
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-ch%2Fdownload-t
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-ch%2Feula&upid=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-ch%2Findex%23pc
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-ch%2Flp-safe-em
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-ch%2Fprivacy-po
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-de%2Fc-computer
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://insight.adsrvr.org/track/up?adv=kfxbfnv&ref=https%3A%2F%2Fwww.avast.com%2Fde-de%2Fc-malware&
Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: https://insights-staging.hotjar.com
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://install.avcdn.net/iavs9x/avast_free_antivirus_setup.exe
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/contact-us/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/analyst-consensus/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/corporate-governance/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/financial-calendar-1/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/growth-opportunity/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/investor-contacts/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/ipo-information/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/overview/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/regulatory-news/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/results-reports-and-presentations/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/share-price-and-tools/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/investors/shareholder-information/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/our-story/at-a-glance/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/our-story/history/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/our-story/leadership/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/our-story/strategy/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://investors.avast.com/our-story/technology-expertise/
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://itunes.apple.com/app/apple-store/id1008860104?pt=421899&ct=Avast_com%20WiFi%20Finder%20produ
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://itunes.apple.com/app/apple-store/id793096595?pt=421899&amp;ct=Avast_com%20iOS%20page&amp;mt=
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://itunes.apple.com/us/app/avast-security-photo-vault/id1276551855?mt=8
Source: installer.min[1].js.2.drString found in binary or memory: https://itunes.apple.com/us/app/chrome/id535886823
Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: https://local.hotjar.com
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: https://my.avast.com
Source: avast_free_antivirus_setup_online[1].exe.2.drString found in binary or memory: https://pair.ff.avast.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://partners.avast.com/s/login/
Source: installer.min[1].js.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.android.chrome
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity
Source: installer.min[1].js.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.beta
Source: installer.min[1].js.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.canary
Source: installer.min[1].js.2.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.chrome.dev
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://plus.google.com/share?url=http://www.avast.com/de-de/c-computer-virus
Source: c-malware[1].htm.2.drString found in binary or memory: https://plus.google.com/share?url=http://www.avast.com/de-de/c-malware
Source: chrome[1].htm.2.drString found in binary or memory: https://policies.google.com/technologies/cookies?hl=en
Source: chrome[1].htm.2.drString found in binary or memory: https://policies.google.com/terms
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://press.avast.com/
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://press.avast.com/contacts
Source: about[1].htm.2.drString found in binary or memory: https://press.avast.com/de-ch/homepage
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://press.avast.com/events
Source: about[1].htm.2.drString found in binary or memory: https://press.avast.com/hubfs/media-materials/corporate-factsheet/2020/Avast_corporate_fact_sheet_US
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://press.avast.com/media-materials
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://press.avast.com/news
Source: gtm[1].js.2.drString found in binary or memory: https://q.quora.com/_/ad/
Source: privacy-policy[1].htm.2.dr, lp-safe-emailing[1].htm.2.dr, download-thank-you[1].htm.2.dr, c-computer-virus[1].htm.2.dr, cookies-policy[1].htm.2.dr, about[1].htm.2.dr, index[1].htm.2.dr, eula[1].htm.2.dr, c-malware[1].htm.2.drString found in binary or memory: https://s.go-mpulse.net/boomerang/
Source: chrome[1].htm.2.drString found in binary or memory: https://s.ytimg.com
Source: privacy-policy[1].htm.2.dr, lp-safe-emailing[1].htm.2.dr, download-thank-you[1].htm.2.dr, c-computer-virus[1].htm.2.dr, cookies-policy[1].htm.2.dr, about[1].htm.2.dr, index[1].htm.2.dr, eula[1].htm.2.dr, c-malware[1].htm.2.drString found in binary or memory: https://s2.go-mpulse.net/boomerang/
Source: lp-safe-emailing[1].htm.2.dr, c-computer-virus[1].htm.2.drString found in binary or memory: https://schema.org
Source: chrome[1].htm.2.drString found in binary or memory: https://schema.org/WebPage
Source: hotjar-470805[1].js.2.drString found in binary or memory: https://script.hotjar.com/
Source: 5db15c81e6dc9b00098739ec[1].js.2.drString found in binary or memory: https://secure.adnxs.com/px?id=1171524&seg=19478469&order_id=
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://shop.avast.com/1430/purl-b2c-direct?cart=s5531&minquantity=1&pricerule=discount&x-btn=back
Source: flag-language-selector-v2[1].svg.2.drString found in binary or memory: https://sketch.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://smb.avast.com/answers/history-and-future-of-network-security
Source: gtm[1].js.2.drString found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: imagestore.dat.2.drString found in binary or memory: https://static.avast.com/11/web/min/i/favicon-32x32.png
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-fb-38.png
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-gp-38.png
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://static.avast.com/11/web/min/i/lp/windows-10-v2/ico-tw-38.png
Source: chrome[1].htm.2.drString found in binary or memory: https://static.doubleclick.net
Source: gtm[1].js.2.drString found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/common-landingpage-responsive-v11.css
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/common-web-v12.css
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/download-thank-you-v4.css
Source: eula[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/eula.css
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/forms.css
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/index-oo-18279.css
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/local/de-ch/local.css
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/local/de-ch/lp/lp-local.css
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/lp/safe-emailing.css
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/mkt/about-2018.css
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/mkt/about/owl.carousel.min.css
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/mkt/about/owl.theme.default.min.css
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/mkt/legal/privacy-policy/privacy_v2_13.css
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/product-home-v11.css
Source: privacy-policy[1].htm.2.dr, eula[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/text.css
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/windows-fav-animation-styles.css
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/c/windows-fav-animation.css
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/apple-touch-icon-120x120.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/apple-touch-icon-152x152.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/apple-touch-icon-57x57.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/apple-touch-icon-76x76.png
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/avast-software.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/awards-v12//de-de/logo-chip.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/awards-v12//de-de/logo-computer-bild-dark.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/awards-v12/logo-cnet.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/awards/award-stars.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/favicon-16x16.png
Source: privacy-policy[1].htm.2.dr, imagestore.dat.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/favicon-32x32.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/ico/mobiles.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/ico/person.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/index/banner/win-logo.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/index/premium-security.png
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/lp/lp-safe-emailing/img-1.png
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/lp/lp-safe-emailing/img-2.png
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/lp/lp-safe-emailing/logo-google.png
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/lp/lp-safe-emailing/logo-outlook.png
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/lp/lp-safe-emailing/logo-yahoo.png
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/lp/lp-virus-update/ico-chrome-75.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/foundation-logo.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/our-story-img-6.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/alan-rassaby-d2.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/bioRichards.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/detlef-steinmetz-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/eduard-kucera-d2.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/erwin-gunst-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/gagan-singh-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/jaya-baloo.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/julio-bezerra.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/kelby-barton.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/lorne-somerville-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/maggie-chan-jones.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/michal-pechoucek-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/ondrej-vlcek-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/pavel-baudis-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/peter-turner-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/phil-marshall-d1.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/rebecca-grattan.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/tamara-l-minick-scokalo.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/ulf-claesson-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/vincent-steckler-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/vita-stantrucek-2.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/team/warren-finegold-d.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about-2017/video_screen.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y1988_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y1991_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y1995_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y1997_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2001_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2003_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2006_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2009_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2010_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2011_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2012_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2013_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2014_2.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2015_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2016_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2017_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/history/y2018_1.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_baudis.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_claesson.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_collins.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_finegold.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_gunst.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_kucera.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_patel.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_schwarz.jpg
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/about/management/management_somerville.jpg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/share/avast-logo.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/swimline/img-01.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/swimline/img-02.png
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/swimline/img-03.jpg
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/thank-you/v4/locale/express-install/express-install-de.
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/thank-you/v4/locale/ie-step1/ie-step1-de-de.png
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mkt/thank-you/v4/locale/ie-step2/ie-step2-de-de.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mstile-150x150.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/mstile-310x310.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/account.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/anti-track.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/battery-saver.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/cleanup.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/driver-updater.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/free-antivirus.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/passwords.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/premium.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/secure-browser.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/logo/secure-line.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/mobile/ico-mobile-account.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/mobile/ico-mobile-home.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/mobile/ico-mobile-store.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/mobile/ico-mobile-support.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/os/android.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/os/ios.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/os/mac.svg
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/navigation/os/win.svg
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/oops-popup-wrong-device/sprite-mobile.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/v2/avast-logo-default.svg
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/windows/animation/avast-map.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/windows/av-comparatives-2019.png
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/i/windows/june-update/img-fav.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/avast.js
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/avastform-linear.js
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/creo.autodownload.min.js
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/creo.urldecoder.min.js
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/detect-device.js
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/index-new.js
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/jquery.geturlparam.js
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/jquery.js
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/load-animation-css.js
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/lp/lp-safe-emailing.js
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/mkt/about-2017.js
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/mkt/about/owl.carousel.min.js
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/v2015/avast.web.lib.js
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/v2015/avast.web.transform.js
Source: download-thank-you[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/v2015/custom/main/dtp.js
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/win7-stripe.js
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/j/windows-fav-animation-main-build.js
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/o/video/about/clean_darkpurple.mp4
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/10001328/web/o/video/about/clean_darkpurple.webm
Source: index[1].htm.2.drString found in binary or memory: https://static3.avast.com/1000966/web/i/windows/avast-mobile-protection/avast-mobile-protection-en.p
Source: language-selector.min[1].css.2.drString found in binary or memory: https://static3.avast.com/11/web/i/mkt/blog/icon-arrow-down.png)
Source: language-selector.min[1].css.2.drString found in binary or memory: https://static3.avast.com/11/web/i/mkt/blog/icon-language.png)
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://static3.avast.com/2000452/web/c/index-oo-16017.css
Source: about[1].htm.2.drString found in binary or memory: https://static3.avast.com/20180515/web/i/mkt/about-2017/team/john-schwarz-d.png
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://static3.avast.com/web/i/avast-software.png
Source: lp-safe-emailing[1].htm.2.dr, c-computer-virus[1].htm.2.dr, index[1].htm.2.drString found in binary or memory: https://static3.avast.com/web/i/logo-avast-224x224px.png
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://store.avast.com/store/avast/en_NZ/buy/productID.250400900/quantity.1/Currency.USD/OfferID.54
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://store.avast.com/store/avast/en_NZ/buy/productID.250404200/quantity.5/Currency.USD/OfferID.54
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://store.avast.com/store/avast/en_NZ/buy/productID.250404900/quantity.5/Currency.USD/OfferID.54
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://store.avast.com/store/avast/en_NZ/buy/productID.250405600/quantity.1/Currency.USD/OfferID.54
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://support.avast.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://support.avast.com/de-ch
Source: chrome[1].htm.2.drString found in binary or memory: https://support.google.com/accounts/answer/3118621?hl=en
Source: chrome[1].htm.2.drString found in binary or memory: https://support.google.com/chrome/?hl=en&amp;rd=3#topic=7438008
Source: recaptcha__en[1].js.2.drString found in binary or memory: https://support.google.com/recaptcha
Source: recaptcha__en[1].js.2.drString found in binary or memory: https://support.google.com/recaptcha#6262736
Source: recaptcha__en[1].js.2.drString found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: recaptcha__en[1].js.2.drString found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: installer.min[1].js.2.drString found in binary or memory: https://testflight.apple.com/join/LPQmtkUs
Source: chrome[1].htm.2.drString found in binary or memory: https://tools.google.com
Source: privacy-policy[1].htm.2.dr, index[1].htm.2.drString found in binary or memory: https://twitter.com/avast_antivirus
Source: chrome[1].htm.2.drString found in binary or memory: https://twitter.com/googlechrome
Source: c-computer-virus[1].htm.2.dr, c-malware[1].htm.2.drString found in binary or memory: https://twitter.com/intent/tweet?original_referer=&amp;url=&amp;source=tweetbutton&amp;text=http://w
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://us.cloudcare.avg.com/
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Source: lp-safe-emailing[1].htm.2.dr, ~DF4C9D701E819C5580.TMP.1.dr, c-computer-virus[1].htm.2.dr, index[1].htm.2.drString found in binary or memory: https://www.avast.com
Source: {79ACF564-78F0-11EA-AAE5-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.avast.com/
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com//privacy-policy#cookies
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/c-computer-virus
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/c-malware
Source: ~DF4C9D701E819C5580.TMP.1.dr, about[1].htm.2.drString found in binary or memory: https://www.avast.com/de-ch/about
Source: www.avast[1].xml.2.drString found in binary or memory: https://www.avast.com/de-ch/about&quot;
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/aboutHAvast
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/abouty-policystalldataindex=googlehomepage&hl=en
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/abouty-policystalldataindex=googlehomepage&hl=end
Source: ~DF4C9D701E819C5580.TMP.1.dr, cookies-policy[1].htm.2.drString found in binary or memory: https://www.avast.com/de-ch/cookies-policy
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/cookies-policystalldataindex=googlehomepage&hl=en
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/cookies-policystalldataindex=googlehomepage&hl=env
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/download-thank-you.php?product=FAV-ONLINE-361&locale=de-ch
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/download-thank-you.php?product=FAV-ONLINE-361&locale=de-chINE-361&locale
Source: ~DF4C9D701E819C5580.TMP.1.dr, eula[1].htm.2.drString found in binary or memory: https://www.avast.com/de-ch/eula
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/eula(Lizenzvereinbarungen
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/eulay-policystalldataindex=googlehomepage&hl=en
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/eulay-policystalldataindex=googlehomepage&hl=enb
Source: ~DF4C9D701E819C5580.TMP.1.dr, index[1].htm.2.drString found in binary or memory: https://www.avast.com/de-ch/index
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/index#pc
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/index#pcailing?utm_medium=email&utm_source=link&utm_campaign=sig-email&u
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/indexe-emailing?utm_medium=email&utm_source=link&utm_campaign=sig-email&
Source: lp-safe-emailing[1].htm.2.drString found in binary or memory: https://www.avast.com/de-ch/lp-safe-emailing
Source: {79ACF564-78F0-11EA-AAE5-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.avast.com/de-ch/lp-safe-emailing?utm_medium=email&utm_source=link&utm_campaign=sig-email
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/privacy-policy
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/privacy-policystalldataindex=googlehomepage&hl=en
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-ch/privacy-policystalldataindex=googlehomepage&hl=env
Source: c-computer-virus[1].htm.2.dr, tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-adware
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-browser-hijacker
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-computer-virus
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-de/c-computer-virus.php?product=FAV-ONLINE-361&locale=de-ch
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-de/c-computer-virus.php?product=FAV-ONLINE-361&locale=de-chz
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-computer-virus?hsSkipCache=
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-computer-worm
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-malware
Source: c-malware[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-malware?hsSkipCache=
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.avast.com/de-de/c-malwarehank-you.php?product=FAV-ONLINE-361&locale=de-chl
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-online-threats
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-petya
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-phishing
Source: c-computer-virus[1].htm.2.dr, tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-ransomware
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-rootkit
Source: c-computer-virus[1].htm.2.dr, tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-spam
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-spyware
Source: c-computer-virus[1].htm.2.dr, tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-trojan
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/c-wannacry
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/download-thank-you.php?product=FAV-ONLINE&amp;locale=de-de
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/download-thank-you.php?product=MAC-FREE-ONLINE&amp;locale=de-de
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/f-anti-spam
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/f-data-shredder
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/f-firewall
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/f-sandbox
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/f-software-updater
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/windows-10-antivirus
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/windows-7-antivirus
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/windows-8-antivirus
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/windows-8.1-antivirus
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/windows-vista-antivirus
Source: tooltip[1].htm.2.drString found in binary or memory: https://www.avast.com/de-de/windows-xp-antivirus
Source: index[1].htm.2.drString found in binary or memory: https://www.avast.com/index
Source: eula[1].htm.2.drString found in binary or memory: https://www.avast.com/vpn-territory
Source: chrome[1].htm.2.drString found in binary or memory: https://www.chromeexperiments.com/
Source: chrome[1].htm.2.drString found in binary or memory: https://www.chromium.org/
Source: chrome[1].htm.2.drString found in binary or memory: https://www.chromium.org/chromium-os
Source: about[1].htm.2.drString found in binary or memory: https://www.ed.ac.uk/
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google-analytics.com
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js1.2.dr, gtm[1].js.2.dr, {79ACF564-78F0-11EA-AAE5-44C1B3FB757B}.dat.1.dr, chrome[1].htm.2.drString found in binary or memory: https://www.google.com
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google.com/chrome/
Source: browser[1].htm.2.drString found in binary or memory: https://www.google.com/chrome/?brand=AVSF&amp;installdataindex=googlehomepage&amp;hl=en
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.google.com/chrome/?brand=AVSF&installdataindex=googlehomepage&hl=en
Source: ~DF4C9D701E819C5580.TMP.1.drString found in binary or memory: https://www.google.com/chrome/?brand=AVSF&installdataindex=googlehomepage&hl=enpGoogle
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google.com/chrome/cleanup-tool
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google.com/chrome/static/images/chrome-logo.svg
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google.com/chromebook/
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google.com/chromecast/
Source: gtm[1].js.2.dr, gtm[1].js0.2.drString found in binary or memory: https://www.google.com/pagead/conversion_async.js
Source: recaptcha__en[1].js.2.drString found in binary or memory: https://www.google.com/recaptcha/
Source: chrome[1].htm.2.drString found in binary or memory: https://www.google.com/support/chrome/bin/answer.py?answer=96817&amp;hl=en
Source: chrome[1].htm.2.drString found in binary or memory: https://www.googletagmanager.com
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-PZ48F8
Source: chrome[1].htm.2.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-PZ6TRJB
Source: chrome[1].htm.2.drString found in binary or memory: https://www.gstatic.com/external_hosted/autotrack/autotrack.js
Source: api[1].js.2.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/NjSCg_IbX1Pdc6A9cf-rvw4e/recaptcha__en.js
Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.2.drString found in binary or memory: https://www.hotjar.com
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/de.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/el.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/es.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/fi.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/fr.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/it.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/nl.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/pl.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/pt.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/pt_br.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/ru.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/sq.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/sv.html
Source: modules.142071d5cd4cd27eb072[1].js.2.drString found in binary or memory: https://www.hotjarconsent.com/zh.html
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/2456673350/1569824204
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/3600847541/1569824205
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/3776555556/1571307959
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/3777620808/1569824211
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/4714737137/1571307960
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/4722263141/1571307960
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/4971048709/1571307960
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs-fs/hub/486579/hub_generated/template_assets/5345050231/1569824211
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs/hsstatic/HubspotToolsMenu/static-1.62/js/index.js
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hubfs/Avast/assets/js/academy.js
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hubfs/Avast/assets/js/avastform-linear.js
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hubfs/_global/js/hubspot/hubspot.min.js
Source: c-computer-virus[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hubfs/lp/academy/computer-virus.png
Source: c-malware[1].htm.2.drString found in binary or memory: https://www.hs-academypages.com/hubfs/lp/academy/malware.png
Source: privacy-policy[1].htm.2.drString found in binary or memory: https://www.linkedin.com/company/avast
Source: index[1].htm.2.drString found in binary or memory: https://www.linkedin.com/company/avast-software
Source: watch[1].js.2.drString found in binary or memory: https://www.tns-counter.ru/V13a
Source: chrome[1].htm.2.drString found in binary or memory: https://www.wikidata.org/wiki/Q777
Source: chrome[1].htm.2.drString found in binary or memory: https://www.youtube.com
Source: index[1].htm.2.drString found in binary or memory: https://www.youtube.com/avast
Source: about[1].htm.2.drString found in binary or memory: https://www.youtube.com/embed/4_FFxP-kOVo?autoplay=1&rel=0
Source: chrome[1].htm.2.drString found in binary or memory: https://www.youtube.com/googlechrome
Source: main.v2.min[1].js.2.dr, gtm[1].js.2.drString found in binary or memory: https://www.youtube.com/iframe_api
Source: chrome[1].htm.2.drString found in binary or memory: https://www.youtube.com/user/googlechrome
Source: watch[1].js.2.drString found in binary or memory: https://yandexmetrica.com
Source: watch[1].js.2.drString found in binary or memory: https://yastatic.net/metrika-static-watch/assessor-compare.js
Source: watch[1].js.2.drString found in binary or memory: https://yastatic.net/metrika-static-watch/assessor-init.js
Source: watch[1].js.2.drString found in binary or memory: https://yastatic.net/q/global-notifications/cc/_lego-cc
Source: about[1].htm.2.drString found in binary or memory: https://youtu.be/4_FFxP-kOVo
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866

System Summary:

barindex
Binary contains device paths (device paths are often used for kernel mode <-> user mode communication)Show sources
Source: avast_free_antivirus_setup_online[1].exe.2.drBinary string: Darbgcazh-CHScsdadeelenesfifrhehuisitjakonlnoplptroruhrsksqsvthtruridukbesletlvltfavihyazeumkafkafohimskkkyswuzttpagutateknmrsamnglkoksyrdivar-SAbg-BGca-ESzh-TWcs-CZda-DKde-DEel-GRen-USfi-FIfr-FRhe-ILhu-HUis-ISit-ITja-JPko-KRnl-NLnb-NOpl-PLpt-BRro-ROru-RUhr-HRsk-SKsq-ALsv-SEth-THtr-TRur-PKid-IDuk-UAbe-BYsl-SIet-EElv-LVlt-LTfa-IRvi-VNhy-AMaz-AZ-Latneu-ESmk-MKtn-ZAxh-ZAzu-ZAaf-ZAka-GEfo-FOhi-INmt-MTse-NOms-MYkk-KZky-KGsw-KEuz-UZ-Latntt-RUbn-INpa-INgu-INta-INte-INkn-INml-INmr-INsa-INmn-MNcy-GBgl-ESkok-INsyr-SYdiv-MVquz-BOns-ZAmi-NZar-IQzh-CNde-CHen-GBes-MXfr-BEit-CHnl-BEnn-NOpt-PTsr-SP-Latnsv-FIaz-AZ-Cyrlse-SEms-BNuz-UZ-Cyrlquz-ECar-EGzh-HKde-ATen-AUes-ESfr-CAsr-SP-Cyrlse-FIquz-PEar-LYzh-SGde-LUen-CAes-GTfr-CHhr-BAsmj-NOar-DZzh-MOde-LIen-NZes-CRfr-LUbs-BA-Latnsmj-SEar-MAen-IEes-PAfr-MCsr-BA-Latnsma-NOar-TNen-ZAes-DOsr-BA-Cyrlsma-SEar-OMen-JMes-VEsms-FIar-YEen-CBes-COsmn-FIar-SYen-BZes-PEar-JOen-TTes-ARar-LBen-ZWes-ECar-KWen-PHes-CLar-AEes-UYar-BHes-PYar-QAes-BOes-SVes-HNes-NIes-PRzh-CHTsraf-zaar-aear-bhar-dzar-egar-iqar-joar-kwar-lbar-lyar-maar-omar-qaar-saar-syar-tnar-yeaz-az-cyrlaz-az-latnbe-bybg-bgbn-inbs-ba-latnca-escs-czcy-gbda-dkde-atde-chde-dede-lide-ludiv-mvel-gren-auen-bzen-caen-cben-gben-ieen-jmen-nzen-phen-tten-usen-zaen-zwes-ares-boes-cles-coes-cres-does-eces-eses-gtes-hnes-mxes-nies-paes-pees-pres-pyes-sves-uyes-veet-eeeu-esfa-irfi-fifo-fofr-befr-cafr-chfr-frfr-lufr-mcgl-esgu-inhe-ilhi-inhr-bahr-hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inkok-inko-krky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-bnms-mymt-mtnb-nonl-benl-nlnn-nons-zapa-inpl-plpt-brpt-ptquz-boquz-ecquz-pero-roru-rusa-inse-fise-nose-sesk-sksl-sisma-nosma-sesmj-nosmj-sesmn-fisms-fisq-alsr-ba-cyrlsr-ba-latnsr-sp-cyrlsr-sp-latnsv-fisv-sesw-kesyr-syta-inte-inth-thtn-zatr-trtt-ruuk-uaur-pkuz-uz-cyrluz-uz-latnvi-vnxh-zazh-chszh-chtzh-cnzh-hkzh-mozh-sgzh-twzu-za\\.\PhysicalDrive%u\\.\Scsi%u:SCSIDISKGetSystemFirmwareTable\Device\PhysicalMemoryNtOpenSectionaswHWID\\.\AswHWIDH
Classification labelShow sources
Source: classification engineClassification label: clean1.win@3/396@47/28
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79ACF562-78F0-11EA-AAE5-44C1B3FB757B}.datJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF3A35F80A9DEBDB39.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1360 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1360 CREDAT:17410 /prefetch:2Jump to behavior
Tries to open an application configuration file (.cfg)Show sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfgJump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior
Binary contains paths to debug symbolsShow sources
Source: Binary string: d:\DEV\AvastNitro\BUILDS\Release\x86\SfxInstFree.pdb source: avast_free_antivirus_setup_online[1].exe.2.dr

Persistence and Installation Behavior:

barindex
Drops PE filesShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\avast_free_antivirus_setup_online[1].exeJump to dropped file

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Simulations

Behavior and APIs

No simulations

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\avast_free_antivirus_setup_online[1].exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\HNHL2TDR\avast_free_antivirus_setup_online[1].exe0%MetadefenderBrowse

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
chidc2.outbrain.org0%VirustotalBrowse
a6nrdb6.x.incapdns.net0%VirustotalBrowse
group29.sites.hscoscdn20.net0%VirustotalBrowse
www.google.co.uk0%VirustotalBrowse
go.affec.tv0%VirustotalBrowse
s.go-mpulse.net0%VirustotalBrowse
adservice.google.co.uk0%VirustotalBrowse
vc.hotjar.io4%VirustotalBrowse
t.av.st0%VirustotalBrowse
684dd307.akstat.io0%VirustotalBrowse
site-cdn.onenote.net0%VirustotalBrowse
c.go-mpulse.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://www.hotjarconsent.com/sv.html0%URL Reputationsafe
https://s2.go-mpulse.net/boomerang/0%VirustotalBrowse
https://s2.go-mpulse.net/boomerang/0%URL Reputationsafe
https://www.hotjarconsent.com/pl.html0%URL Reputationsafe
http://127.0.0.10%VirustotalBrowse
http://127.0.0.10%Avira URL Cloudsafe
https://www.hotjarconsent.com/0%VirustotalBrowse
https://www.hotjarconsent.com/0%URL Reputationsafe
https://www.hotjarconsent.com/zh.html0%VirustotalBrowse
https://www.hotjarconsent.com/zh.html0%URL Reputationsafe
https://www.hotjarconsent.com/fi.html0%VirustotalBrowse
https://www.hotjarconsent.com/fi.html0%URL Reputationsafe
https://www.hotjarconsent.com/nl.html0%URL Reputationsafe
http://www.wikipedia.com/0%VirustotalBrowse
http://www.wikipedia.com/0%URL Reputationsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Sigma Overview

No Sigma rule has matched

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.