Overview

overview

10

Static

static

8

7z2201-x64.exe

windows10-2004-x64

10

Firefox Se....4.exe

windows10-2004-x64

8

SumatraPDF...ll.exe

windows10-2004-x64

8

TB_Free_In...00.exe

windows10-2004-x64

8

XnViewMP-win-x64.exe

windows10-2004-x64

8

avast_one_...us.exe

windows10-2004-x64

10

torbrowser...US.exe

windows10-2004-x64

8

vlc-3.0.17...32.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    223s
  • max time network
    242s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    03-11-2022 16:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    avast_one_free_antivirus.exe

  • Size

    262KB

  • MD5

    5703ae1bd5c915b80632aae4b7e580ce

  • SHA1

    15f42d74c1796cfa214c325d6a8c88222ad18f20

  • SHA256

    9ee8d5cb8cfb6c6d7741f00c4e4655b97cf1ed0ae4e40135c086df05be964ac3

  • SHA512

    b9ee07915ead7f02f758d9ea79322c1aa20d799e762c719dacc4636299df67137da04e1acafdfef3d3598f83ddfed3d21f9e17f7e1faa39c3516ead973edcb76

  • SSDEEP

    3072:03FKK+qOLpWZOpHwOnxjhI1a29nMGkvmUCDzTObdPnF5od1Jc+mTSC/REMz5hM+y:09+qOLoaXjhenMGmmUEebVF+uofQy6tC

Score
10/10
bootkitdiscoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Downloads MZ/PE file
  • Drops file in Drivers directory 64 IoCs
  • Executes dropped EXE 57 IoCs
  • Registers COM server for autorun 1 TTPs 13 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 16 IoCs
    persistence
  • Uses Session Manager for persistence 2 TTPs 6 IoCs

    Creates Session Manager registry key to run executable early in system boot.

    persistence
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 4 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks for any installed AV software in registry 1 TTPs 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 25 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 37 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 29 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 38 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 64 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: LoadsDriver 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\avast_one_free_antivirus.exe
    "C:\Users\Admin\AppData\Local\Temp\avast_one_free_antivirus.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:532
    • C:\Windows\Temp\asw.5be972c9dcd776f6\avast_one_essential_setup_online_x64.exe
      "C:\Windows\Temp\asw.5be972c9dcd776f6\avast_one_essential_setup_online_x64.exe" /cookie:mmm_aon_998_999_000_m:dlid_AVAST-ONE-FREE-WIN-HP /ga_clientid:dedb9d52-a499-4364-9eae-63e6304add09 /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
      2⤵
      • Executes dropped EXE
      • Writes to the Master Boot Record (MBR)
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Windows\Temp\asw.7b73bd27f5dbecaa\instup.exe
        "C:\Windows\Temp\asw.7b73bd27f5dbecaa\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.7b73bd27f5dbecaa /edition:21 /prod:ais /guid:e0525ba2-c1bc-4e3a-8b61-e862e44714fc /ga_clientid:dedb9d52-a499-4364-9eae-63e6304add09 /cookie:mmm_aon_998_999_000_m:dlid_AVAST-ONE-FREE-WIN-HP /ga_clientid:dedb9d52-a499-4364-9eae-63e6304add09 /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks for any installed AV software in registry
        • Writes to the Master Boot Record (MBR)
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:368
        • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\instup.exe
          "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.7b73bd27f5dbecaa /edition:21 /prod:ais /guid:e0525ba2-c1bc-4e3a-8b61-e862e44714fc /ga_clientid:dedb9d52-a499-4364-9eae-63e6304add09 /cookie:mmm_aon_998_999_000_m:dlid_AVAST-ONE-FREE-WIN-HP /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6 /online_installer
          4⤵
          • Drops file in Drivers directory
          • Executes dropped EXE
          • Registers COM server for autorun
          • Sets service image path in registry
          • Loads dropped DLL
          • Windows security modification
          • Adds Run key to start application
          • Checks for any installed AV software in registry
          • Writes to the Master Boot Record (MBR)
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Checks processor information in registry
          • Enumerates system info in registry
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1216
          • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
            "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe" -checkGToolbar -elevated
            5⤵
            • Executes dropped EXE
            PID:1360
          • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
            "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe" -checkChrome -elevated
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4600
          • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
            "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe" /check_secure_browser
            5⤵
            • Executes dropped EXE
            PID:4968
          • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
            "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe" -checkChrome -elevated
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5020
          • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
            "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
            5⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:2512
            • C:\Users\Public\Documents\aswOfferTool.exe
              "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2068
          • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
            "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
            5⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:4336
            • C:\Users\Public\Documents\aswOfferTool.exe
              "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3532
          • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\sbr.exe
            "C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\sbr.exe" 1216 "Avast Antivirus-Einrichtung" "Avast Antivirus wird gerade installiert. Fahren Sie den Computer nicht herunter!"
            5⤵
            • Executes dropped EXE
            PID:4656
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /netservice:sw_aswNdis
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:1184
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /netservice:aswNdisFlt /catalog:aswNdisFlt.cat
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:4252
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /catalog:aswRdr2.cat
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:5008
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /catalog:aswHwid.cat
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:4064
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /catalog:aswVmm.cat
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:2832
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /uninstall /catalog:aswRvrt.cat
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:4856
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /elaminst C:\Windows\system32\drivers\aswElam.sys
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:4976
          • C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
            "C:\Program Files\Avast Software\Avast\AvEmUpdate.exe" /installer /reg
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Checks processor information in registry
            PID:1080
          • C:\Program Files\Avast Software\Avast\AvEmUpdate.exe
            "C:\Program Files\Avast Software\Avast\AvEmUpdate.exe" /installer1
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Drops file in Program Files directory
            • Checks processor information in registry
            • Suspicious use of WriteProcessMemory
            PID:3248
            • C:\Program Files\Avast Software\Avast\avBugReport.exe
              "C:\Program Files\Avast Software\Avast\avBugReport.exe" --send "dumps|report" --silent --path "C:\ProgramData\Avast Software\Avast" --logpath "C:\ProgramData\Avast Software\Avast\log" --guid e0525ba2-c1bc-4e3a-8b61-e862e44714fc
              6⤵
              • Executes dropped EXE
              • Checks for any installed AV software in registry
              • Writes to the Master Boot Record (MBR)
              PID:4360
          • C:\Program Files\Avast Software\Avast\x86\RegSvr.exe
            "C:\Program Files\Avast Software\Avast\x86\RegSvr.exe" "C:\Program Files\Avast Software\Avast\x86\aswAMSI.dll"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:1692
          • C:\Program Files\Avast Software\Avast\RegSvr.exe
            "C:\Program Files\Avast Software\Avast\RegSvr.exe" "C:\Program Files\Avast Software\Avast\aswAMSI.dll"
            5⤵
            • Executes dropped EXE
            • Registers COM server for autorun
            • Loads dropped DLL
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            • Modifies Internet Explorer settings
            PID:4600
          • C:\Program Files\Avast Software\Avast\x86\RegSvr.exe
            "C:\Program Files\Avast Software\Avast\x86\RegSvr.exe" "C:\Program Files\Avast Software\Avast\x86\asOutExt.dll"
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            • Modifies registry class
            PID:3012
          • C:\Program Files\Avast Software\Avast\RegSvr.exe
            "C:\Program Files\Avast Software\Avast\RegSvr.exe" "C:\Program Files\Avast Software\Avast\asOutExt.dll"
            5⤵
            • Executes dropped EXE
            • Registers COM server for autorun
            • Loads dropped DLL
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:2648
          • C:\Program Files\Avast Software\Avast\AvastNM.exe
            "C:\Program Files\Avast Software\Avast\AvastNM.exe" /install
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Checks processor information in registry
            PID:3088
          • C:\Program Files\Avast Software\Avast\SetupInf.exe
            "C:\Program Files\Avast Software\Avast\SetupInf.exe" /catinstall:"C:\Program Files\Avast Software\Avast\setup\crts.cat" /basename:pkg_{af98c830-4f53-4176-a7b0-ec21fc603adc}.cat /crtid:9809A3351150669332CDB2A1412622D9FCFBC440
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Drops file in System32 directory
            • Checks processor information in registry
            PID:4484
          • C:\Program Files\Avast Software\Avast\avast_cleanup_setup.exe
            "C:\Program Files\Avast Software\Avast\avast_cleanup_setup.exe" /silent /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            PID:1460
            • C:\Windows\Temp\asw-3b544284-078f-40c7-b7f1-f09b3ef4da43\common\icarus.exe
              C:\Windows\Temp\asw-3b544284-078f-40c7-b7f1-f09b3ef4da43\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-3b544284-078f-40c7-b7f1-f09b3ef4da43\icarus-info.xml /install /silent /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
              6⤵
              • Executes dropped EXE
              • Writes to the Master Boot Record (MBR)
              • Checks processor information in registry
              PID:4396
              • C:\Windows\Temp\asw-3b544284-078f-40c7-b7f1-f09b3ef4da43\avast-tu\icarus.exe
                C:\Windows\Temp\asw-3b544284-078f-40c7-b7f1-f09b3ef4da43\avast-tu\icarus.exe /silent /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6 /er_master:master_ep_6807b5df-54b2-4372-b2b5-23ca6ce6aa09 /er_ui:ui_ep_786b165f-767f-45ce-be32-5dddff6c0af2 /er_slave:avast-tu_slave_ep_10cb91e8-1465-4dc5-b1ed-e7095fdd265d /slave:avast-tu
                7⤵
                • Executes dropped EXE
                • Uses Session Manager for persistence
                • Loads dropped DLL
                • Writes to the Master Boot Record (MBR)
                • Drops file in System32 directory
                • Drops file in Program Files directory
                • Checks processor information in registry
                PID:2732
                • C:\Program Files\Avast Software\Cleanup\pdfix.exe
                  "C:\Program Files\Avast Software\Cleanup\pdfix.exe" /fixifeo
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:4884
          • C:\Program Files\Avast Software\Avast\avast_driverupdater_setup.exe
            "C:\Program Files\Avast Software\Avast\avast_driverupdater_setup.exe" /silent /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            PID:2656
            • C:\Windows\Temp\asw-06586688-0355-4e66-9c9a-4488af62f4a7\common\icarus.exe
              C:\Windows\Temp\asw-06586688-0355-4e66-9c9a-4488af62f4a7\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-06586688-0355-4e66-9c9a-4488af62f4a7\icarus-info.xml /install /silent /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
              6⤵
              • Executes dropped EXE
              • Writes to the Master Boot Record (MBR)
              PID:2160
              • C:\Windows\Temp\asw-06586688-0355-4e66-9c9a-4488af62f4a7\avast-du\icarus.exe
                C:\Windows\Temp\asw-06586688-0355-4e66-9c9a-4488af62f4a7\avast-du\icarus.exe /silent /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6 /er_master:master_ep_6150564b-5908-4de1-a762-04c1f1014782 /er_ui:ui_ep_1527dcbb-a70a-49a3-8818-76f38e2e1286 /er_slave:avast-du_slave_ep_a1962a9d-f73c-4192-9a44-5e626b257914 /slave:avast-du
                7⤵
                • Executes dropped EXE
                • Uses Session Manager for persistence
                • Loads dropped DLL
                • Writes to the Master Boot Record (MBR)
                • Drops file in Program Files directory
                • Checks processor information in registry
                PID:2364
          • C:\Program Files\Avast Software\Avast\avast_secureline_setup.exe
            "C:\Program Files\Avast Software\Avast\avast_secureline_setup.exe" /silent /ShowVpnGui=0 /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
            5⤵
            • Executes dropped EXE
            • Writes to the Master Boot Record (MBR)
            PID:4848
            • C:\Windows\Temp\asw-aab64f23-c966-419b-a67e-08760d246a31\common\icarus.exe
              C:\Windows\Temp\asw-aab64f23-c966-419b-a67e-08760d246a31\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-aab64f23-c966-419b-a67e-08760d246a31\icarus-info.xml /install /silent /ShowVpnGui:0 /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6
              6⤵
              • Executes dropped EXE
              • Writes to the Master Boot Record (MBR)
              PID:3756
              • C:\Windows\Temp\asw-aab64f23-c966-419b-a67e-08760d246a31\avast-vpn\icarus.exe
                C:\Windows\Temp\asw-aab64f23-c966-419b-a67e-08760d246a31\avast-vpn\icarus.exe /silent /ShowVpnGui:0 /nouiafterinstall /source:avast_one /edat_dir:C:\Windows\Temp\asw.5be972c9dcd776f6 /er_master:master_ep_6108b914-3474-4fdc-851e-601bcbd747f2 /er_ui:ui_ep_7b36de4f-741c-4071-bbf3-0df62b493ad5 /er_slave:avast-vpn_slave_ep_27b4880a-034f-4321-a77a-7160515c410b /slave:avast-vpn
                7⤵
                • Drops file in Drivers directory
                • Executes dropped EXE
                • Sets service image path in registry
                • Uses Session Manager for persistence
                • Writes to the Master Boot Record (MBR)
                • Drops file in Program Files directory
                • Checks processor information in registry
                • Modifies registry class
                PID:4932
                • C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe
                  "C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe" /reg
                  8⤵
                  • Executes dropped EXE
                  • Checks processor information in registry
                  PID:3824
          • C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
            "C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe" /skip_uptime /skip_remediations
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            PID:1988
          • C:\Program Files\Avast Software\Avast\defs\22110209\engsup.exe
            "C:\Program Files\Avast Software\Avast\defs\22110209\engsup.exe" /prepare_definitions_folder
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            PID:940
          • C:\Program Files\Avast Software\Avast\wsc_proxy.exe
            "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /svc /register /ppl_svc
            5⤵
            • Executes dropped EXE
            • Windows security modification
            • Checks for any installed AV software in registry
            • Writes to the Master Boot Record (MBR)
            • Checks processor information in registry
            PID:3724
          • C:\Program Files\Avast Software\Avast\defs\22110209\engsup.exe
            "C:\Program Files\Avast Software\Avast\defs\22110209\engsup.exe" /get_latest_ga_client_id /get_latest_landingpageid_cookie /get_latest_pagedownloadid_cookie
            5⤵
            • Executes dropped EXE
            • Checks for any installed AV software in registry
            • Checks processor information in registry
            PID:1752
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
    1⤵
    • Suspicious use of NtCreateUserProcessOtherParentProcess
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1948
  • C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe
    "C:\Program Files\Avast Software\Cleanup\TuneupSvc.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Checks processor information in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    PID:3252
  • C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe
    "C:\Program Files\Avast Software\Driver Updater\DriverUpdSvc.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:984
  • C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
    "C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe"
    1⤵
    • Executes dropped EXE
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:3008
    • C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe
      "C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe" /reg
      2⤵
      • Executes dropped EXE
      • Checks processor information in registry
      PID:3628
    • C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe
      "C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe" find aswWintun
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4120
    • C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe
      "C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe" find aswTap
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4328
    • C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe
      "C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe" find aswWintun
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4668
    • C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe
      "C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe" find aswTap
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:2624
    • C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe
      "C:\Program Files\Avast Software\SecureLine VPN\tapinstall.exe" find aswTap
      2⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:1728
  • C:\Program Files\Avast Software\Avast\wsc_proxy.exe
    "C:\Program Files\Avast Software\Avast\wsc_proxy.exe" /runassvc /rpcserver
    1⤵
    • Executes dropped EXE
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    PID:2272
  • C:\Program Files\Avast Software\Avast\afwServ.exe
    "C:\Program Files\Avast Software\Avast\afwServ.exe"
    1⤵
    • Executes dropped EXE
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    PID:2432
  • C:\Program Files\Avast Software\Avast\afwServ.exe
    "C:\Program Files\Avast Software\Avast\afwServ.exe"
    1⤵
    • Executes dropped EXE
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    PID:1380
  • C:\Program Files\Avast Software\Avast\afwServ.exe
    "C:\Program Files\Avast Software\Avast\afwServ.exe"
    1⤵
    • Executes dropped EXE
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • Checks processor information in registry
    PID:4052
  • C:\Program Files\Avast Software\Avast\afwServ.exe
    "C:\Program Files\Avast Software\Avast\afwServ.exe"
    1⤵
    • Executes dropped EXE
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    PID:1732

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Avast Software\Avast\SetupInf.exe
    Filesize

    3.6MB

    MD5

    a2043669461d7f8921b117bf5a93bcd9

    SHA1

    ba95f8c3a61d38639c09a1516bb477f921c34399

    SHA256

    d9c9223ee6a49830eace27c45f8d4567dbe19db6abde681ebe8e706c6888f92c

    SHA512

    ce86f1beff529758982ec1780555b99a795f581e73fb71cec1c457803b9166c8697a667645934bfee84919c2d958b604ed9b44ded551889b8f1fbd041da85651

    Download Submit

  • C:\Program Files\Avast Software\Avast\Setup\config.def
    Filesize

    31KB

    MD5

    15445877c1569df767a7cbddc09f28be

    SHA1

    b55d27ae9dc4eb087f9434ce864a48e9f5aebaf3

    SHA256

    9600a0e5f4ed15790830a54606d0a78b3cc01ba798840b5fb0a9bd6647ea0d28

    SHA512

    ee3b839f4117b697e2ccb41be3e592c1b58d5aab5b997c0a247580c0e2e0252c4dfcc5e983aa93fd7dace444b4fe25fce6c9ca6fc27a020104e7c830efa46b16

    Download Submit

  • C:\Program Files\Avast Software\Avast\setup\Stats.ini
    Filesize

    3KB

    MD5

    8080c9a0a232e81f40bc3b73afee0fd1

    SHA1

    51721a02cf6817902d46bb027e8c83d0912d6ed7

    SHA256

    87d220cc3f8c046218e2249ed11f7d695a033b6f1ed6f27fdcbaf2a4cc990c6e

    SHA512

    a1cf78963bd54703482b0defca22c36d9c97406926aaebf1ad2a62db6f6cd2f0620017c0474a213a6aadf6888f49a3fa02659ade57e54b5cfa2bdf31f7e0cea2

    Download Submit

  • C:\Program Files\Avast Software\Avast\setup\servers.def
    Filesize

    29KB

    MD5

    e4da0880f5358a5c92b0dadbaa0ec163

    SHA1

    a6d56796888395a5038f977d688225b25579024b

    SHA256

    378380aee648df36cf335d8cdcb2b999b45bd945a3247b1ea3473be134e2690c

    SHA512

    4cf690fa9938b4ebaaac6202f593b7aed5551b32b277826ec71fd40934b1b14c1a9fec05e37bbc5c082c85862b5d9350306f4391435d8112bfa49fd88692671b

    Download Submit

  • C:\Program Files\Avast Software\Avast\setup\setup.ini
    Filesize

    40KB

    MD5

    2607c30175ff0649bf2e75308124c565

    SHA1

    2760d9d1820e131d104d8b2cd09d53826c671b63

    SHA256

    a5a9f611302f279a4c753eb9b8d20f1170589c561b9839faf9ff76c3410bec21

    SHA512

    0dfc2849754083b007a44ebfb6132cecb9811996838521e27a4df13829e6b63739fe83f891f641d36d656c47b6f2a3d71a3cf249d9641d583dbdedcc7e65c292

    Download Submit

  • C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
    Filesize

    1KB

    MD5

    66fe2a709db36a82bef67f87556af1bb

    SHA1

    78c73451a59817e87a457f7ae0ade1f9ea7f412a

    SHA256

    63071e850af4ad5bbfa4b0371ad5ed985d5a8e984a07a5d778bbb1a28d1d2888

    SHA512

    61fcd001a14fac7a33dd845361eddd7c8de1dde2325d5af3c0a5b64a50229ec3bfe5006ef6b09bb34d3f28fe809148e9e0547b7f53fa6294f531f60851e4e52b

    Download Submit

  • C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
    Filesize

    24KB

    MD5

    aea93ef03e58f1f47a1b8112562c774d

    SHA1

    46cf69e28db770c032ea0ec5ad01be11a7518928

    SHA256

    8aa36608a0a2ebdd672525638b560878c23d515d4b7994120f2b39e36f6b70d4

    SHA512

    0bb252d3798ecb9e8837708587c6fabdb815b3e504eaf801dd021a385220bbd34bcc766f04c250ecaa15224802c4c7e7dda03e763c2c4c20068a9440afdf39e4

    Download Submit

  • C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
    Filesize

    420KB

    MD5

    b250a7dac89f01b57f58ae292e8fcf80

    SHA1

    9c6e7462faee498ec0afa867d759530a91b88821

    SHA256

    6bc34dfd2c25f0265193b60e487820e330b52fbf7e95941b37f2c37d3a0ba4d3

    SHA512

    35eb7b8b2510939fdd942a3afccd32cd09da15e4857149848859459afb5dc7e050644298ce1a8ef6dc831595541b4c82085002c8f9db38dd7ab8b0b9975b7ac0

    Download Submit

  • C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
    Filesize

    142B

    MD5

    2e33b96e5cbb9a06b6de6269c37281c4

    SHA1

    54cce69506cfd20c1cdf6987d7ae421f34d9e79b

    SHA256

    2c2856e07213b1f88b1ed6b8ef8ac5649567c3ca1109512f6d8a12315253b615

    SHA512

    92c653d996206c038d9d4db2dee74e5e7872dcb0c29568c47e910a309d895805643d9c59f449430fc8582524339f9b107a79e00b9dc3afccb372936a1dbe52e9

    Download Submit

  • C:\Users\Public\Documents\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Users\Public\Documents\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Users\Public\Documents\gcapi_16674987532068.dll
    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

    Download Submit

  • C:\Users\Public\Documents\gcapi_16674987713532.dll
    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

    Download Submit

  • C:\Windows\Temp\asw.5be972c9dcd776f6\avast_one_essential_setup_online_x64.exe
    Filesize

    9.3MB

    MD5

    f0dc8659b6e8d1c09bae25962ede493d

    SHA1

    2c8c4938d774acb1596f84a7cf701950c5aa6598

    SHA256

    94ad2f7c96262d78492077021bdfd650d0fdbbcafccd38e4ea5aad037bd08f6e

    SHA512

    2b4e68d6eb310addbf10a7ecdfd4b02c7582ac03328d85cdd90aad0cbdb26af5a45c195c03db101ab7448a50d071d9be56dcee9994b53f3f1b7c9ba051924184

    Download Submit

  • C:\Windows\Temp\asw.5be972c9dcd776f6\avast_one_essential_setup_online_x64.exe
    Filesize

    9.3MB

    MD5

    f0dc8659b6e8d1c09bae25962ede493d

    SHA1

    2c8c4938d774acb1596f84a7cf701950c5aa6598

    SHA256

    94ad2f7c96262d78492077021bdfd650d0fdbbcafccd38e4ea5aad037bd08f6e

    SHA512

    2b4e68d6eb310addbf10a7ecdfd4b02c7582ac03328d85cdd90aad0cbdb26af5a45c195c03db101ab7448a50d071d9be56dcee9994b53f3f1b7c9ba051924184

    Download Submit

  • C:\Windows\Temp\asw.5be972c9dcd776f6\avast_one_essential_setup_online_x64.exe
    Filesize

    9.3MB

    MD5

    f0dc8659b6e8d1c09bae25962ede493d

    SHA1

    2c8c4938d774acb1596f84a7cf701950c5aa6598

    SHA256

    94ad2f7c96262d78492077021bdfd650d0fdbbcafccd38e4ea5aad037bd08f6e

    SHA512

    2b4e68d6eb310addbf10a7ecdfd4b02c7582ac03328d85cdd90aad0cbdb26af5a45c195c03db101ab7448a50d071d9be56dcee9994b53f3f1b7c9ba051924184

    Download Submit

  • C:\Windows\Temp\asw.5be972c9dcd776f6\ecoo.edat
    Filesize

    48B

    MD5

    a0505d991e7435d22a259ca50fd88502

    SHA1

    1548a59416847ef561117598aa6fcb18197e64fa

    SHA256

    e2338acacbb507fdcece45f997d24326a5b9030ae4af0d3d80be6a2139501947

    SHA512

    3b875e6ef1130ecd72a7054459ecb854c37afa75461c7bfe91c4d4b0b11a3d9a7cd359c8f0353fdbc26c7c174e8bd3fc4ec86c3a97c829390d2d549dc6a60b09

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\Instup.dll
    Filesize

    20.3MB

    MD5

    9d0281be8e731a92b02794665829c75c

    SHA1

    7eb7968bc00300ecf9e8e41a16395a3d17450eca

    SHA256

    650ac59c94df8b51ad60ce2cfc9cf52bb2eb45f0f34a96d2c9c77c4c7bf1df3c

    SHA512

    9564d6a983f7c6c9eaf45d03cf9ae0c04cca195aff21966d5c16e6598785fe8f9d3650d44bf454def151a4c296976b93eee10e7558ee6a6b11724fa9c7613441

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\Instup.dll
    Filesize

    20.3MB

    MD5

    9d0281be8e731a92b02794665829c75c

    SHA1

    7eb7968bc00300ecf9e8e41a16395a3d17450eca

    SHA256

    650ac59c94df8b51ad60ce2cfc9cf52bb2eb45f0f34a96d2c9c77c4c7bf1df3c

    SHA512

    9564d6a983f7c6c9eaf45d03cf9ae0c04cca195aff21966d5c16e6598785fe8f9d3650d44bf454def151a4c296976b93eee10e7558ee6a6b11724fa9c7613441

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\Instup.exe
    Filesize

    3.4MB

    MD5

    40ada0c8a4bf4f961f0c259940d4f4b7

    SHA1

    17529bfd325913020ba468e9e9fdaab8375518d0

    SHA256

    f7b9098ee399c2f34a4e3383e22c9fccd87c1196d3c01b259ebd8e30ae7411e3

    SHA512

    48aa88e02216f2bdab78e356674823ff7ee24afef545462c406572684083a9fa62180e2bbad81a5ddd5f6f390a99cd7795a9f5aac0983357dd95cfc77034c81e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\HTMLayout.dll
    Filesize

    3.8MB

    MD5

    1192e454c06e462b5ab0e95613fa711c

    SHA1

    72b615e2f40e3a7e76b30da3ba09641760397469

    SHA256

    79ded54d1cbc1b2fc4ca57f473535ecf1e969a4f46db3326361f1b9be2d788ee

    SHA512

    bd123971879876e866090f42b557804874a02fc8424900b7b902eeafe4ec80fc236a87f660e8d6ea7abf59c03012868bb356011cd2532024c80af3b522550301

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\Instup.dll
    Filesize

    20.3MB

    MD5

    9d0281be8e731a92b02794665829c75c

    SHA1

    7eb7968bc00300ecf9e8e41a16395a3d17450eca

    SHA256

    650ac59c94df8b51ad60ce2cfc9cf52bb2eb45f0f34a96d2c9c77c4c7bf1df3c

    SHA512

    9564d6a983f7c6c9eaf45d03cf9ae0c04cca195aff21966d5c16e6598785fe8f9d3650d44bf454def151a4c296976b93eee10e7558ee6a6b11724fa9c7613441

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\aswOfferTool.exe
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\gcapi_16674987524600.dll
    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\gcapi_16674987525020.dll
    Filesize

    348KB

    MD5

    2973af8515effd0a3bfc7a43b03b3fcc

    SHA1

    4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

    SHA256

    d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

    SHA512

    b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\instup.dll
    Filesize

    20.3MB

    MD5

    9d0281be8e731a92b02794665829c75c

    SHA1

    7eb7968bc00300ecf9e8e41a16395a3d17450eca

    SHA256

    650ac59c94df8b51ad60ce2cfc9cf52bb2eb45f0f34a96d2c9c77c4c7bf1df3c

    SHA512

    9564d6a983f7c6c9eaf45d03cf9ae0c04cca195aff21966d5c16e6598785fe8f9d3650d44bf454def151a4c296976b93eee10e7558ee6a6b11724fa9c7613441

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\instup.exe
    Filesize

    3.4MB

    MD5

    40ada0c8a4bf4f961f0c259940d4f4b7

    SHA1

    17529bfd325913020ba468e9e9fdaab8375518d0

    SHA256

    f7b9098ee399c2f34a4e3383e22c9fccd87c1196d3c01b259ebd8e30ae7411e3

    SHA512

    48aa88e02216f2bdab78e356674823ff7ee24afef545462c406572684083a9fa62180e2bbad81a5ddd5f6f390a99cd7795a9f5aac0983357dd95cfc77034c81e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\New_160a1796\sbr.exe
    Filesize

    18KB

    MD5

    49338cd2827125ec8f23db2f20fe741d

    SHA1

    2d175284110bf879f9355df60816e029c68d19f0

    SHA256

    38cb2ed4d9d5e3c46424bddfd3ce19eb4f725c80f94d28bba759a43e0f8079e6

    SHA512

    6bd2857c2d0869f4c7f5ca43c708ce855736b326ff950170bc0836d8e12015473775e11b8c16beb2528a8763e0cd43ee4cc3120a78026de582a7763b9a485826

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\avbugreport_x64_ais-9ef.vpx
    Filesize

    4.4MB

    MD5

    97c146af16f31d02c7e5d03e04aeb7d1

    SHA1

    16a9ad31752b72da9e0fa1f5af096bc23138b8ce

    SHA256

    9b7a5f83a05084677cf9a37460d7537b447130f5dd18cf39972245006a737bdb

    SHA512

    b0007881bd5bda81f4f733b7fb520dff0f91d7ca76b34494b28df4792d83bb78ca9a63282e1c3fd8e6bb92f88651d494cacfbf5f6e9087015b5bc382df11a7ec

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\avdump_x64_ais-9ef.vpx
    Filesize

    989KB

    MD5

    269046a106e3405c4f58fa45a6a4711b

    SHA1

    15092d66f52c45cd29c071d2f4ff17ea76f371c2

    SHA256

    0747f880507721f004b10249abe4d8b46eff98ef3cce50bad0ed55a60397967f

    SHA512

    71804d9ba347340788970588ce970dbb499367df5a2e5b55515c0c5d5c05d591f03baa34a9a438725329ea09dafea162f28226ed19d04389b0397920ee4e8b06

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\avdump_x86_ais-9ef.vpx
    Filesize

    854KB

    MD5

    efa9fa62523f8f54e6e7303f93624739

    SHA1

    b32821a40ce820de5b9362bf34e03eb83544e21a

    SHA256

    857b859f088e6278dfd9ef47f87dc0d23ae02716b5863ddd80c6f07fa715fc1e

    SHA512

    a54a1c61231c874517411f15f2654ed2e7470e10e3422de76a22fbba8255b19e8411ce601d6b98e096eea1ce4623b43a11fe824496b2e027615ceef1ef0932dc

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\config.def
    Filesize

    26KB

    MD5

    5f67aae61b80ea11772e79ec23634449

    SHA1

    8ea71c9cffdcff763096b30677c8f154fcab5fb8

    SHA256

    7b73357dc269ecf900355e0aa74f2e20979adaad4d724c4494931b000383be47

    SHA512

    1ffdaae7eeeacf202ea0cefc1a2d5f9b78665acbef6b841988ede3e795dba8b7330bd71dd1aa0640ce711cfe34687bd44d6a668c69ead3dbd5eb9b49c02268f9

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\config.def
    Filesize

    29KB

    MD5

    1a161dae1f21494ac31ae53c1375deb8

    SHA1

    43336d5870459a9c821aa03cd5d259809e35c8ca

    SHA256

    14f8c6c1ad560b848fefc4f6b5eaacf8b94e28902b0290fe20b606c3682f4e0a

    SHA512

    5aed25559188d1137dbc2228c9d5618c7f07c68888ae62fabc287afb55e67ea5c6e5abdf91de70820561929ffb9b541271f2a34705532e284968993840515581

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\config.def.vpx
    Filesize

    9KB

    MD5

    959fa60a278d754db4cf01a9e19684a8

    SHA1

    ce55178b905c6602f87f7c5bdea8a66fb776c41d

    SHA256

    4e0d9a57bbea0f3d8921b83c3f1453e00031531d99455ea7ae3a7e8fce5dd73a

    SHA512

    df057a75ac0f74388a1eba3dd6b1c69a4945b7b1c276f5ebfc4049f6003fd120c7f80ae0721247f74d6b224703ae5a57b09dde4767264b1b23e40fcb6e1a248d

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\config.ini
    Filesize

    833B

    MD5

    5b6c3c8d8def29136453001151fa4c7b

    SHA1

    4d61b84da897ea67b06868e713065ffe0c34a1fb

    SHA256

    bdcce5c32579d8b7f63b2e27b6d926ef7104201a91a7dfe39365782cbfe96208

    SHA512

    73bf6b3b05c2ffc24db49cbe00d4239084ac79ab86bba369cfa26c50b8dfef8d8b44f792c505b4053a20d60591b4a7539920188ed7b7ee97448a963b10d6ad27

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\instcont_x64_ais-9ef.vpx
    Filesize

    3.4MB

    MD5

    40ada0c8a4bf4f961f0c259940d4f4b7

    SHA1

    17529bfd325913020ba468e9e9fdaab8375518d0

    SHA256

    f7b9098ee399c2f34a4e3383e22c9fccd87c1196d3c01b259ebd8e30ae7411e3

    SHA512

    48aa88e02216f2bdab78e356674823ff7ee24afef545462c406572684083a9fa62180e2bbad81a5ddd5f6f390a99cd7795a9f5aac0983357dd95cfc77034c81e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\offertool_x64_ais-9ef.vpx
    Filesize

    838KB

    MD5

    ffd174cdacaf11deab15c5c80147b42e

    SHA1

    eff5006fac82c2085bfa369acffe61f67dbf7826

    SHA256

    a52886202134c52421f8b35b9da6b17cc06e7bf63e8d7f7fefdae4662fb279d5

    SHA512

    75ceb9651f335d98f84c7fb0fdc1b89c85d0e091a393c9652bf70ad2849b6eef887ba132fc65f8eab57651533dabf875b7fd3e6fa9a750bff25842dae9dda390

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\part-prg_ais-160a1796.vpx
    Filesize

    75KB

    MD5

    32b4c80d46272216b67d6851da8cec99

    SHA1

    c73d7e3c65c965ca6bbdb0e080d7cc490df3bcca

    SHA256

    061b1c0902e426c36312fec66bd76319ba6ed45f25e4c02fb19ec9edea96e85a

    SHA512

    15dadcfff27b9bd2afa979e0c418b437818da1fbb45ac746d68e6fe290325b09856445e68838d36cf87cf610ea2e54f5d4c8aa6c1c26a24534b031b72fbfea94

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\part-setup_ais-160a1796.vpx
    Filesize

    4KB

    MD5

    cb6d806e632a40a5bbc78ebb39c93155

    SHA1

    a2599bf9df48a5d31b2e90a6e667b6b693c71985

    SHA256

    ade5fab693a586428a90f636c3327c73b5429c4c3eaf0d1e68ed733e52167db2

    SHA512

    175db88534bcdd8691d1575b2f8de2fc926392525e8a1ef51b0792ba461e70c2df1e0ecb0aaa01f273bb0ad39fa36b67280c63109f8086ed379d6bdf4893f649

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\prod-pgm.vpx
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\prod-pgm.vpx
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\prod-vps.vpx
    Filesize

    342B

    MD5

    992d8606ef24d2e5d0a8dc4185350507

    SHA1

    648e66dd672d94429e7086ccb85302ca2cf94a3f

    SHA256

    4066773c7a1b32ba685cccc4e022b53c933d2cd2913e95782d74d0d61c33b906

    SHA512

    4b6d21bc20b4650eb7ea8de81ac6d3c51025d95f6c4b1d622125c57f135e63e9da7db3d8ed7899f48f594844a7e899d0b88799360fce376405da0017021bc35a

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\sbr_x64_ais-9ef.vpx
    Filesize

    18KB

    MD5

    49338cd2827125ec8f23db2f20fe741d

    SHA1

    2d175284110bf879f9355df60816e029c68d19f0

    SHA256

    38cb2ed4d9d5e3c46424bddfd3ce19eb4f725c80f94d28bba759a43e0f8079e6

    SHA512

    6bd2857c2d0869f4c7f5ca43c708ce855736b326ff950170bc0836d8e12015473775e11b8c16beb2528a8763e0cd43ee4cc3120a78026de582a7763b9a485826

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\servers.def
    Filesize

    29KB

    MD5

    e4da0880f5358a5c92b0dadbaa0ec163

    SHA1

    a6d56796888395a5038f977d688225b25579024b

    SHA256

    378380aee648df36cf335d8cdcb2b999b45bd945a3247b1ea3473be134e2690c

    SHA512

    4cf690fa9938b4ebaaac6202f593b7aed5551b32b277826ec71fd40934b1b14c1a9fec05e37bbc5c082c85862b5d9350306f4391435d8112bfa49fd88692671b

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\servers.def
    Filesize

    29KB

    MD5

    e4da0880f5358a5c92b0dadbaa0ec163

    SHA1

    a6d56796888395a5038f977d688225b25579024b

    SHA256

    378380aee648df36cf335d8cdcb2b999b45bd945a3247b1ea3473be134e2690c

    SHA512

    4cf690fa9938b4ebaaac6202f593b7aed5551b32b277826ec71fd40934b1b14c1a9fec05e37bbc5c082c85862b5d9350306f4391435d8112bfa49fd88692671b

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\servers.def.vpx
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\servers.def.vpx
    Filesize

    2KB

    MD5

    fa2e42fcb454869a7fa64d06fb70bf44

    SHA1

    059c2447d2a15f3d41469a1ffff938084c1eff6c

    SHA256

    a450f822283b98c5a0f42ed9168e18af659cb65bca9c08b37d85e992cfd02b37

    SHA512

    b666eb80a905e77a3397ac9d7c73c8dde4e42de0673ae37a69827cab831a03cafb8aa4414045abc9367fec39f5d2a004de99abfed7ac4b5f640f0a506105688c

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\setup.def
    Filesize

    38KB

    MD5

    667b404f44bc79ea0257c7ac70c4004e

    SHA1

    6a4c8bf0d51a5f0a15eaabc010b78e6e32b2b459

    SHA256

    5babc2f06c86d73f870ed035746ad6911bd12d2d2ba9c438e9860ebee03a8e22

    SHA512

    7278c720a3030b64cb32481c66f0c3f912556b1e8bce9ca58df0593cfb01bc64a32a93d3b506fd28fddd99901959b078d1290f2690ffa89832c445512bb6b0a4

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\uat64.dll
    Filesize

    26KB

    MD5

    b9a0e70c220ca5df9acb047b6d4599ce

    SHA1

    91a020663a2342fc38342949dedce7a287f6f59f

    SHA256

    8e40519ef57dd08d3ff933b8cf7025caf6d16440aa3a46fa2534d140be81441c

    SHA512

    6288f2d5a0ab5cddeb09d42093ad77efae4133800ed637f3235dad4cf80ce2706983d0b6b41d16b9d832bd857753e34a747a1c85f4f957127e6dec8bb56f8783

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\uat64.dll
    Filesize

    26KB

    MD5

    b9a0e70c220ca5df9acb047b6d4599ce

    SHA1

    91a020663a2342fc38342949dedce7a287f6f59f

    SHA256

    8e40519ef57dd08d3ff933b8cf7025caf6d16440aa3a46fa2534d140be81441c

    SHA512

    6288f2d5a0ab5cddeb09d42093ad77efae4133800ed637f3235dad4cf80ce2706983d0b6b41d16b9d832bd857753e34a747a1c85f4f957127e6dec8bb56f8783

    Download Submit

  • C:\Windows\Temp\asw.7b73bd27f5dbecaa\uat64.vpx
    Filesize

    14KB

    MD5

    c8606992db1a2e3a01bb8d4daeb6ef81

    SHA1

    42f1281605ad09d874d9a4ab0952c2a447fe0ffe

    SHA256

    253de68dca2cc0786309855fe616084450f486ebfb8c3cc735b2e1512db550d6

    SHA512

    5cfc878874774324855de1d4775b1f88731c9b5647f2519ae77383023ef964d030e7a1739948f9163793bfc48dcbe0fb0c725ee5f2c5522ee650a53a1844aee9

    Download Submit

  • memory/368-137-0x0000000000000000-mapping.dmp

    Download

  • memory/940-237-0x0000000000000000-mapping.dmp

    Download

  • memory/1080-215-0x0000000000000000-mapping.dmp

    Download

  • memory/1184-202-0x0000000000000000-mapping.dmp

    Download

  • memory/1216-154-0x0000000000000000-mapping.dmp

    Download

  • memory/1360-172-0x0000000000000000-mapping.dmp

    Download

  • memory/1460-224-0x0000000000000000-mapping.dmp

    Download

  • memory/1692-218-0x0000000000000000-mapping.dmp

    Download

  • memory/1728-243-0x0000000000000000-mapping.dmp

    Download

  • memory/1752-244-0x0000000000000000-mapping.dmp

    Download

  • memory/1988-236-0x0000000000000000-mapping.dmp

    Download

  • memory/2068-185-0x0000000000000000-mapping.dmp

    Download

  • memory/2160-229-0x0000000000000000-mapping.dmp

    Download

  • memory/2364-230-0x0000000000000000-mapping.dmp

    Download

  • memory/2512-182-0x0000000000000000-mapping.dmp

    Download

  • memory/2624-242-0x0000000000000000-mapping.dmp

    Download

  • memory/2644-133-0x0000000000000000-mapping.dmp

    Download

  • memory/2648-221-0x0000000000000000-mapping.dmp

    Download

  • memory/2656-228-0x0000000000000000-mapping.dmp

    Download

  • memory/2732-226-0x0000000000000000-mapping.dmp

    Download

  • memory/2832-212-0x0000000000000000-mapping.dmp

    Download

  • memory/3012-220-0x0000000000000000-mapping.dmp

    Download

  • memory/3088-222-0x0000000000000000-mapping.dmp

    Download

  • memory/3248-216-0x0000000000000000-mapping.dmp

    Download

  • memory/3532-190-0x0000000000000000-mapping.dmp

    Download

  • memory/3628-235-0x0000000000000000-mapping.dmp

    Download

  • memory/3724-238-0x0000000000000000-mapping.dmp

    Download

  • memory/3756-232-0x0000000000000000-mapping.dmp

    Download

  • memory/3824-234-0x0000000000000000-mapping.dmp

    Download

  • memory/4064-211-0x0000000000000000-mapping.dmp

    Download

  • memory/4120-239-0x0000000000000000-mapping.dmp

    Download

  • memory/4252-209-0x0000000000000000-mapping.dmp

    Download

  • memory/4328-240-0x0000000000000000-mapping.dmp

    Download

  • memory/4336-188-0x0000000000000000-mapping.dmp

    Download

  • memory/4360-217-0x0000000000000000-mapping.dmp

    Download

  • memory/4396-225-0x0000000000000000-mapping.dmp

    Download

  • memory/4484-223-0x0000000000000000-mapping.dmp

    Download

  • memory/4600-174-0x0000000000000000-mapping.dmp

    Download

  • memory/4600-219-0x0000000000000000-mapping.dmp

    Download

  • memory/4656-193-0x0000000000000000-mapping.dmp

    Download

  • memory/4668-241-0x0000000000000000-mapping.dmp

    Download

  • memory/4848-231-0x0000000000000000-mapping.dmp

    Download

  • memory/4856-213-0x0000000000000000-mapping.dmp

    Download

  • memory/4884-227-0x0000000000000000-mapping.dmp

    Download

  • memory/4932-233-0x0000000000000000-mapping.dmp

    Download

  • memory/4968-177-0x0000000000000000-mapping.dmp

    Download

  • memory/4976-214-0x0000000000000000-mapping.dmp

    Download

  • memory/5008-210-0x0000000000000000-mapping.dmp

    Download

  • memory/5020-179-0x0000000000000000-mapping.dmp

    Download