29a4c2e2f7e084c3767a7aaff2a79d9406557bef698d70130cdab4049010f156

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avast_free_antivirus_setup_online.exe
Size

256KB
MD5

b401846f55c369a0858587bb3c230223
SHA1

bacaf9d0e566e1fc27b456266a367c0085c61e8d
SHA256

29a4c2e2f7e084c3767a7aaff2a79d9406557bef698d70130cdab4049010f156
SHA512

09e37dabd2e8efecb9ed2dd153fee808d2c318ff46eb0e0b33a5b994259c1db141fa3214beda43a38dc50687c2b4b7d083e9cbe6dd5422638ae9722d5520cffe
SSDEEP

6144:TCfHrZae3GFqRQcMeh4WpywpjchNCPnRebcY:TCfLZadcM24fRNOeJ

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 11 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
2004	avast_free_antivirus_setup_online_x64.exe
1160	instup.exe
3180	instup.exe
740	aswOfferTool.exe
3392	aswOfferTool.exe
1800	aswOfferTool.exe
5040	aswOfferTool.exe
864	aswOfferTool.exe
3676	aswOfferTool.exe
924	aswOfferTool.exe
3388	aswOfferTool.exe

Loads dropped DLL 14 IoCs

Processes:

avast_free_antivirus_setup_online.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
3196	avast_free_antivirus_setup_online.exe
1160	instup.exe
1160	instup.exe
1160	instup.exe
1160	instup.exe
3180	instup.exe
3180	instup.exe
3180	instup.exe
3180	instup.exe
3180	instup.exe
1800	aswOfferTool.exe
864	aswOfferTool.exe
924	aswOfferTool.exe
3388	aswOfferTool.exe

Checks for any installed AV software in registry 1 TTPs 52 IoCs

Security Software Discovery

T1063

Processes:

instup.exeinstup.exeavast_free_antivirus_setup_online_x64.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key opened	\Registry\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1"	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

avast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online.exe
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

instup.exeinstup.exeavast_free_antivirus_setup_online_x64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe

Modifies registry class 64 IoCs

Processes:

instup.exeinstup.exeavast_free_antivirus_setup_online_x64.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "11"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "53"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "40"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "44"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "93"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "10"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "55"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "72"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "87"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "69"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: offertool_x64_ais-9fe.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "6"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "57"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "75"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "21"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "70"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "0"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "15"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "73"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "33"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "48"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "100"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "17"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "70"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Checking install conditions"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "56"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "20"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "43"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "91"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: servers.def.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "58"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "45"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "1"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "85"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Main = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "2"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "64"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "89"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Replacing files"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "12"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "34"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: offertool_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-9fe.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "54"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x64_ais-9fe.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "DNS resolving"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "27"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: setgui_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: prod-pgm.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: sbr.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "4"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42"	instup.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exe

pid	process
2004	avast_free_antivirus_setup_online_x64.exe
2004	avast_free_antivirus_setup_online_x64.exe
3180	instup.exe
3180	instup.exe
3180	instup.exe
3180	instup.exe
3180	instup.exe
3180	instup.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exe

description	pid	process
Token: 32	2004	avast_free_antivirus_setup_online_x64.exe
Token: SeDebugPrivilege	1160	instup.exe
Token: 32	1160	instup.exe
Token: SeDebugPrivilege	3180	instup.exe
Token: 32	3180	instup.exe
Token: SeDebugPrivilege	5040	aswOfferTool.exe
Token: SeImpersonatePrivilege	5040	aswOfferTool.exe
Token: SeDebugPrivilege	3676	aswOfferTool.exe
Token: SeImpersonatePrivilege	3676	aswOfferTool.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

instup.exeinstup.exe

pid process

1160 instup.exe
3180 instup.exe

pid	process
1160	instup.exe
3180	instup.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

avast_free_antivirus_setup_online.exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exe

description	pid	process	target process
PID 3196 wrote to memory of 2004	3196	avast_free_antivirus_setup_online.exe	avast_free_antivirus_setup_online_x64.exe
PID 3196 wrote to memory of 2004	3196	avast_free_antivirus_setup_online.exe	avast_free_antivirus_setup_online_x64.exe
PID 2004 wrote to memory of 1160	2004	avast_free_antivirus_setup_online_x64.exe	instup.exe
PID 2004 wrote to memory of 1160	2004	avast_free_antivirus_setup_online_x64.exe	instup.exe
PID 1160 wrote to memory of 3180	1160	instup.exe	instup.exe
PID 1160 wrote to memory of 3180	1160	instup.exe	instup.exe
PID 3180 wrote to memory of 740	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 740	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 740	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3392	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3392	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3392	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 1800	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 1800	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 1800	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 5040	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 5040	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 5040	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3676	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3676	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3676	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3388	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3388	3180	instup.exe	aswOfferTool.exe
PID 3180 wrote to memory of 3388	3180	instup.exe	aswOfferTool.exe

C:\Users\Admin\AppData\Local\Temp\avast_free_antivirus_setup_online.exe
"C:\Users\Admin\AppData\Local\Temp\avast_free_antivirus_setup_online.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:3196

C:\Windows\Temp\asw.77f2760b5e7ce113\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.77f2760b5e7ce113\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_012_999_e7c_m /ga_clientid:f1a1022f-7dc8-4cc3-82ca-07a6efa26200 /edat_dir:C:\Windows\Temp\asw.77f2760b5e7ce113
2⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2004

C:\Windows\Temp\asw.52e1b1eca797dfc7\instup.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.52e1b1eca797dfc7 /edition:1 /prod:ais /guid:cebad4ad-5afc-4540-abd3-fb8a0222309b /ga_clientid:f1a1022f-7dc8-4cc3-82ca-07a6efa26200 /cookie:mmm_ava_012_999_e7c_m /ga_clientid:f1a1022f-7dc8-4cc3-82ca-07a6efa26200 /edat_dir:C:\Windows\Temp\asw.77f2760b5e7ce113
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1160

C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\instup.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.52e1b1eca797dfc7 /edition:1 /prod:ais /guid:cebad4ad-5afc-4540-abd3-fb8a0222309b /ga_clientid:f1a1022f-7dc8-4cc3-82ca-07a6efa26200 /cookie:mmm_ava_012_999_e7c_m /edat_dir:C:\Windows\Temp\asw.77f2760b5e7ce113 /online_installer
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3180

C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe" -checkGToolbar -elevated
5⤵
- Executes dropped EXE
PID:740

C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe" /check_secure_browser
5⤵
- Executes dropped EXE
PID:3392

C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe" -checkChrome -elevated
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1800

C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5040

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:864

C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:924

C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe" -checkChrome -elevated
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3388

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Security Software Discovery

T1063

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
Filesize
2KB

MD5
3ac16983ce04d5d64693fd30038facfb

SHA1
c7fafeb15ec71608e125daa07f9c539905217444

SHA256
e6b7feeca5b2b0d075d16fb0cd1d67dfc654f49d46fcf2b993126ae9cd753a0a

SHA512
3ad901335979db25606cb02345e7f5f4c3a7dcabe2f54ecbec93d0fc150dfac0c1e935b9d56ebff2940f098861f6c94248409dd7f02f1e2b02828c2d8a85af60

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
Filesize
24KB

MD5
bd3c1eda53ec37607e82098096a785a5

SHA1
8032bb29ca158393907790a378a8dd4fe9a1fc1b

SHA256
fdc6c82fb90dcaf31afd2dbe7ffd55e6636b6c28e848a06f760233cf7702df57

SHA512
fc73b8689c6ef22deb441b931bb0000c8a21b7929d1bcc0d7f10ed26c002f84440ca66fb55f3c56648ebe591bb0bde7fcb8992fe42be0a2c0495509cb49a238b

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
Filesize
281B

MD5
101f184c48b2f95307d795cce7240f28

SHA1
e3c5562924417ad001c615dc31aa920743400728

SHA256
51611ed2210292ec05b3f0262006fdc19ea35eea11f4c2ed67d913a0ec3b4ed9

SHA512
a34d6a7873412fbbb0a08b9cf63e8c6c1cec6635919692dfe98f24cba2a06998a47e4e665e4d2c110311e864a29522ce64af23bbd2b0b340e813a3b58f1d19e9

Download Submit
C:\Users\Public\Documents\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Users\Public\Documents\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\Instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\Instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\Instup.exe
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\Instup.exe
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\Instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\New_170217a5\instup.exe
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\asw2673f96961661866.tmp
Filesize
30KB

MD5
b8e746386ac989ed649c209374a9c5e7

SHA1
51c4ac86e225a92ba1ab13944376c5f325bbb709

SHA256
0c77bf4ffe2e0d94d8b125826e7317559f9b644d18009e08bcb335b33519b93c

SHA512
ef7d4126f2c7a987f032c75067c3b1d75ab2d95d06ce867239d9774532158c2d02d4e363729b777b1025db5c13d635273fee7fda441e6ce33569668055ab8542

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\asw42a4dab1fbe994ad.ini
Filesize
713B

MD5
b79f61cb00fa23e68459210dc74aa1d1

SHA1
add4228c810fa8a4a5510c8a05e7f4482edb4279

SHA256
06742a93770cdb2a0f88c14073090d879db01c8be1f00a100c606e92b9462a2e

SHA512
4767fd98c2df146cf3d532dd0bab1d5ad4702317bdee4a68c789a609753bb4e7353a5f163c8f79b22f87d617e7e7d3e680993c5075dfd6493cca46ca06bc60c5

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\asw42a4dab1fbe994ad.tmp
Filesize
27KB

MD5
1eebc08b1c2f4bfa7e025b2739a7e676

SHA1
803ffd22df8c0ae9a056ac15edf214e56f4d3d1d

SHA256
78c13b9c9d04dbb4f8b387a2980686495ba70cb0ffd46fa2420a025c655fb271

SHA512
0dc89b4edd4aa1370960a833ea7e237dcaef9e1173209114edc5a1387f4e03d22604a0da6f708a00cfc070a5e58368113484f498b5e15643b72e97969a76eceb

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\avbugreport_x64_ais-9fe.vpx
Filesize
4.6MB

MD5
ec2ee280326b2243bdab0d2ab0610217

SHA1
f8705465e94197075a18d2d805be0ec23c06a51c

SHA256
cdbc232c7e3812a46a80714fc5b1fe5b1ba35c01935e1af084ab0a2aaab44f48

SHA512
26140c711c0db1cfe9e92a83fb7a4a9fa39442e9a418f474f5c8f5349c994ea2cb8e29e8cc93852fb6a2b6d92e57b0d61427619b3fb570fae69b2f7df3a412e2

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\avdump_x64_ais-9fe.vpx
Filesize
1.0MB

MD5
c0238a6afede841d1331ff81bd0a6e68

SHA1
6b4707fdeeda63571bcbdea7238970c7483e0eab

SHA256
02ddecf10ec030ad34840a2563232ea0d2b8f3ba8c4e6ebee3bb19e4bfb12899

SHA512
91e85b4dcf0441d760e230c7c35b35a67f985602d7902486fa705e5774f13c19781ad46a6dc6b7aa7639689a60552501fada3074f0414725ba8e02bb70f5fe76

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\config.def
Filesize
26KB

MD5
bd9111dba453f9cf9bc5df12f9d96574

SHA1
1949f9457101cde1f0f628aa0f76c57594335de9

SHA256
ee9baa0b739928ea8bfcb62282006a8e5275c10db43be21cc8a42ac37c925947

SHA512
34c057d44d60c0b3acd24767d8b20fddaa12f73b745b503214f0e43ddbddc96484d1c4945d9d2837efbcbe03992fb24c8cee2f93bbaa2e116aa3516b17d2ee32

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\config.ini
Filesize
713B

MD5
b79f61cb00fa23e68459210dc74aa1d1

SHA1
add4228c810fa8a4a5510c8a05e7f4482edb4279

SHA256
06742a93770cdb2a0f88c14073090d879db01c8be1f00a100c606e92b9462a2e

SHA512
4767fd98c2df146cf3d532dd0bab1d5ad4702317bdee4a68c789a609753bb4e7353a5f163c8f79b22f87d617e7e7d3e680993c5075dfd6493cca46ca06bc60c5

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\instcont_x64_ais-9fe.vpx
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\instup_x64_ais-9fe.vpx
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\instup_x64_ais-9fe.vpx
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\offertool_x64_ais-9fe.vpx
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\part-jrog2-88.vpx
Filesize
211B

MD5
d658a255daef791c5c303924fc9ba94f

SHA1
cb5ea8aa061b383279b7147c17d0c046f307f5c2

SHA256
62db5a376dc2722c1b6955ecd5c5b44cadc7b14bbcd2d4c7bd225ea8a17283d7

SHA512
aa2839a2a75fa15eebc6db685b34244dea2d1cb3eb550cee19b20a0bd5272d8799c183318ba4c42d20f97a4ba527bd4b61a8bbdcfddfac63fd3d9b048b09f31e

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\part-prg_ais-170217a5.vpx
Filesize
73KB

MD5
162f8c67d878791bfcaa01fa20072c8d

SHA1
a82610a40a8b866208231a3c7c106aca72f5e82d

SHA256
c9e5423e0fb8ab8765d77113f81ecd124de81281780e2de6973bdac0e41480a1

SHA512
0f0e143564eafd7e678d4345971b5925cccca618a2bd3bc9f5e948f8ee9306512ed34b04fa4437ab3551a372d0781ef0991425f596110b8f1e38e1a2b8cb2558

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\part-setup_ais-170217a5.vpx
Filesize
4KB

MD5
36ce7fe9d444b17569249c039df50697

SHA1
9e473d81383a976e64cf2cf7a24625cc6e6e36f2

SHA256
2b7d2f4f6ed4819d6a8373eef6ce0bb3e909a796d8e425bcbfd3a380f0f0d98c

SHA512
70d1253b7c7b44b60b4278e021d6e9e123d522e44774ae0786034b37dbc308169e041f96aa10cf47233f8c04b14f42ba192b5657cc81200a36b794f3e9f83bd7

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\part-vps_windows-23032599.vpx
Filesize
7KB

MD5
eab88c8e40175d8f9225eb02797293c2

SHA1
b57a04fda5986b847793a70347dc50356748ae53

SHA256
1e5b808f3bb83aaee6661e6c61981acb7cd271d5484a0c2bafed4ee4ec7f32b0

SHA512
5419dfbc8b046eb70dcfab85ca3ad8aafb6e5340da0bbb3d0ecb2d16e015b31a68a3b352235ae5fbcc3dec374db079a108fd6809021ed6c35f9b7da80a2ad793

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\prod-pgm.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\prod-pgm.vpx
Filesize
572B

MD5
5f7977bee135d61afa0daab0bc12db43

SHA1
556484af69eb23e3fbe8bd5275af069de4906621

SHA256
011e20c10505b92f88c4244ab5dc81bc06425aaa05ca9b1a7080892b4ea57a61

SHA512
03511c587dd7f1b8e9f99cfff20e6affe99be80b09d80803e1ec71da29cc2dcc39ccade2978f199bc1242447c6efbfeef18937aab25d41ea270864f8a6d93b76

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\prod-pgm.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\prod-vps.vpx
Filesize
343B

MD5
52f74b0ac2dad29a8ba6a76d58d6cec6

SHA1
f7506526b7cf1b882f1632758db02f65b4a732d6

SHA256
5d07a03e4a62dd8f9af0ac2fe01bd87f1875df26da1e839ed606aef8d0ba8f8f

SHA512
0377f2c7da1c1227344389cdc150cec407b9e1130fe59dfaf84e930512667f92391d9ab67028aeab6b4c52a913ae80c3bcd9537e736a8fcef2691e770ca7e2f6

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\prod-vps.vpx
Filesize
339B

MD5
7e663e4e1c58303c1ee85f58d1e4f569

SHA1
03093b22ceaf4de08ccd52615331a68258e9ee86

SHA256
91ca09cb242be728ca1401ef90ca875dc8197a3248f3b193a66abe8e8dc9066e

SHA512
d1394fa984a00cdbe5f5847859783a37a2db36eb8e4a0246c7f71f972227ae8fe25403f551c5b3273b96476dc3f5879b8d1c8c4e83f54418f799b5a19c2eb2c0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\sbr_x64_ais-9fe.vpx
Filesize
19KB

MD5
d84b3a37ad50bdda0971e5f1afc2352e

SHA1
2de210b1cd8ea551330cacd8afdf8441bf9d2138

SHA256
b7dec49b191d7f1d2c8748bc0289436c0832e16b92d628d37867d803e48ca864

SHA512
723febab6c238bdcaf081e2d05697b2cf0afc4680c5383e7167ca903eefd9ddffd1f11aac14fa08588e2766afdb42150668d0e30297365717fc0f485c98f8da5

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\servers.def
Filesize
29KB

MD5
8d0104b9aa5c15c355fe444193ff60dd

SHA1
a89f1739d0b83c99a4ee4c2f1579237bc82d6142

SHA256
354eda0c2550e5f2f9dcb488394f504d583f844e1f6ef08aef4c8bbf59eb00e4

SHA512
033676c4b7f529a9b6957cae94738e696cfbbaa478831b737ba0bcdb8f214585a44880cd289b75e6c80b06861f1bcefc93e1377f8f78b920293b7b037dbe5c04

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\servers.def
Filesize
29KB

MD5
8d0104b9aa5c15c355fe444193ff60dd

SHA1
a89f1739d0b83c99a4ee4c2f1579237bc82d6142

SHA256
354eda0c2550e5f2f9dcb488394f504d583f844e1f6ef08aef4c8bbf59eb00e4

SHA512
033676c4b7f529a9b6957cae94738e696cfbbaa478831b737ba0bcdb8f214585a44880cd289b75e6c80b06861f1bcefc93e1377f8f78b920293b7b037dbe5c04

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\servers.def.lkg
Filesize
29KB

MD5
8d0104b9aa5c15c355fe444193ff60dd

SHA1
a89f1739d0b83c99a4ee4c2f1579237bc82d6142

SHA256
354eda0c2550e5f2f9dcb488394f504d583f844e1f6ef08aef4c8bbf59eb00e4

SHA512
033676c4b7f529a9b6957cae94738e696cfbbaa478831b737ba0bcdb8f214585a44880cd289b75e6c80b06861f1bcefc93e1377f8f78b920293b7b037dbe5c04

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\servers.def.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\servers.def.vpx
Filesize
2KB

MD5
f1c045f4903ecc27626dc8e970841666

SHA1
8510814ab05841671f3c5888ebce0b699254a198

SHA256
574315e65059c6a8e397bb6baaa4b4df24463bd4db9800734568135e64256856

SHA512
8d53fc069307c18bbbf8055213844c7651ba666e262857d1966fe76d518461b8f8d3ca7235e12939266c4c428752460da27d883eff23380548ef5f39cdd971e0

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\setgui_x64_ais-9fe.vpx
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\setgui_x64_ais-9fe.vpx
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\setup.def
Filesize
38KB

MD5
ff7a4fa85fe46439b3e3b5127d86f2c3

SHA1
bf1db13a8e29bf856a5d3dc1c95b215735f96442

SHA256
74d391ca8bbeb45d86fd04d77854a4ff5c351b5984f78d359560b07388869723

SHA512
fcbf80572a4cc0e2c25cce38863bea8f1c51e0cf80a2bcec6be902a4ab190f7b02dcfb4e3f2571012336a7e2ce1fa8227adbf7286f2453c180af44338228c756

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.52e1b1eca797dfc7\uat64.vpx
Filesize
16KB

MD5
539b93be7af26db62254559199c77126

SHA1
30b80693ef44c2910296b78d903588547016bbab

SHA256
f196bcda2326b4d4851aaf055ecfdef1a4d1c201bd0f127b59390899ebf317e7

SHA512
77beac3867fe432d92613aaf56cdccb091388c6caddf7dcc29bde4e5a856f3ec7691e72c8bdba3c703e120515d98344c907feb0da2b1beb009003f88c0fd11e9

Download Submit
C:\Windows\Temp\asw.77f2760b5e7ce113\avast_free_antivirus_setup_online_x64.exe
Filesize
9.7MB

MD5
ebe0b3634dc0e048b2f8338104b2fa9e

SHA1
354369ae382222a7c247d19271e6003a1236a7d8

SHA256
dd608fcc1b6d360187c88b61dc530139da46df221963e0932ee09b43c2ce7afb

SHA512
3389adcd3bcfb9e6b00d46ec67a0bd80abc2726d2f76ee4c9124af31449b222e2f4de84f8768744a58035dbd1c5cc526f1381d18dffcccdc38cdbe664600e3de

Download Submit
C:\Windows\Temp\asw.77f2760b5e7ce113\avast_free_antivirus_setup_online_x64.exe
Filesize
9.7MB

MD5
ebe0b3634dc0e048b2f8338104b2fa9e

SHA1
354369ae382222a7c247d19271e6003a1236a7d8

SHA256
dd608fcc1b6d360187c88b61dc530139da46df221963e0932ee09b43c2ce7afb

SHA512
3389adcd3bcfb9e6b00d46ec67a0bd80abc2726d2f76ee4c9124af31449b222e2f4de84f8768744a58035dbd1c5cc526f1381d18dffcccdc38cdbe664600e3de

Download Submit
C:\Windows\Temp\asw.77f2760b5e7ce113\avast_free_antivirus_setup_online_x64.exe
Filesize
9.7MB

MD5
ebe0b3634dc0e048b2f8338104b2fa9e

SHA1
354369ae382222a7c247d19271e6003a1236a7d8

SHA256
dd608fcc1b6d360187c88b61dc530139da46df221963e0932ee09b43c2ce7afb

SHA512
3389adcd3bcfb9e6b00d46ec67a0bd80abc2726d2f76ee4c9124af31449b222e2f4de84f8768744a58035dbd1c5cc526f1381d18dffcccdc38cdbe664600e3de

Download Submit
C:\Windows\Temp\asw.77f2760b5e7ce113\ecoo.edat
Filesize
21B

MD5
beff985276313d596ea7a25e4363fa24

SHA1
cf98408d3d2a3a5ec5100e621122143d91c78127

SHA256
17a7fd3783bee4f11d30d916d63b6ddc8201aea6ffbe6e96228d43ae1eae1d29

SHA512
4d4703dbe1190fa0b0f832ecbe677bbdb9ce11f7285030ddc839096bcfb48c648afed5c60994eb5883326e0b74a63730cb1835651646ea030ace40b7715a51d4

Download Submit
memory/3180-421-0x0000019DBA9B0000-0x0000019DBBE8A000-memory.dmp

Filesize
20.9MB

Download
memory/3180-462-0x0000019DBA9B0000-0x0000019DBBE8A000-memory.dmp

Filesize
20.9MB

Download
memory/3180-472-0x0000019DBA9B0000-0x0000019DBBE8A000-memory.dmp

Filesize
20.9MB

Download