You should check the digital signature of the file (via file's properties) - if there's an Avast Software digital signature and is valid, then the file is legit.
Yes both have the same thumbprint.
Both are the exact same size, too.
But the files have different md5s.
It doesn't seem to be region based either, both files seem to want to access similar nodes.
I would be so grateful if someone would explain the difference.