5228862677a02d1f680169e5efd6c8ab5a420be7ff80766d73b1109ce2023dc2

Resubmissions

30-03-2023 00:55

230330-a93qwaad93 8

28-03-2023 01:07

230328-bgwbrsgb75 8

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avast_free_antivirus_setup_online (1).exe
Size

256KB
MD5

61d6e65726ef4213f39129401b03b42f
SHA1

7ea027968788524f5bcfbae6baf9278c6c88056e
SHA256

5228862677a02d1f680169e5efd6c8ab5a420be7ff80766d73b1109ce2023dc2
SHA512

c55adc484dcb6e0c2d716f997faa1ed14cc2d281073cad40ad77b723c999bc5069b16dfcf3bd8b8306db6fd1d429c37bc30470d93e73f70300217a9be6772b41
SSDEEP

6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPyyeb:bCfLZadcM24fRN4e

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 11 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
1360	avast_free_antivirus_setup_online_x64.exe
492	instup.exe
4988	instup.exe
1792	aswOfferTool.exe
628	aswOfferTool.exe
1968	aswOfferTool.exe
1140	aswOfferTool.exe
1560	aswOfferTool.exe
5012	aswOfferTool.exe
1992	aswOfferTool.exe
3180	aswOfferTool.exe

Loads dropped DLL 15 IoCs

Processes:

avast_free_antivirus_setup_online (1).exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid	process
1564	avast_free_antivirus_setup_online (1).exe
492	instup.exe
492	instup.exe
492	instup.exe
492	instup.exe
492	instup.exe
492	instup.exe
4988	instup.exe
4988	instup.exe
4988	instup.exe
4988	instup.exe
1968	aswOfferTool.exe
1560	aswOfferTool.exe
1992	aswOfferTool.exe
3180	aswOfferTool.exe

Checks for any installed AV software in registry 1 TTPs 52 IoCs

Security Software Discovery

T1063

Processes:

instup.exeinstup.exeavast_free_antivirus_setup_online_x64.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key opened	\Registry\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

avast_free_antivirus_setup_online (1).exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online (1).exe
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	instup.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe

Modifies registry class 64 IoCs

Processes:

instup.exeinstup.exeavast_free_antivirus_setup_online_x64.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "81"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "12"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: prod-pgm.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "7"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "24"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "30"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "36"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: aswOfferTool.exe"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Syncer = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "43"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "75"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "80"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: instup_x64_ais"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "97"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "10"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "20"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "51"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "74"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "78"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "23"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avdump_x86_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "3"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "45"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "83"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.dll"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "28"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "48"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "50"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "58"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "62"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "32"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "79"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avdump_x64_ais-9fe.vpx"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: sbr_x64_ais-9fe.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "46"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "55"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "82"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: HTMLayout.dll"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extracting file: instup.exe"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Replacing files"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "34"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "38"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "60"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "File downloaded: avbugreport_x64_ais-9fe.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "31"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "27"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "44"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "89"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "47"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "64"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "94"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "98"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "25"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "63"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Updating package: avbugreport_x64_ais"	instup.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exe

pid	process
1360	avast_free_antivirus_setup_online_x64.exe
1360	avast_free_antivirus_setup_online_x64.exe
4988	instup.exe
4988	instup.exe
4988	instup.exe
4988	instup.exe
4988	instup.exe
4988	instup.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

avast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exeaswOfferTool.exeaswOfferTool.exe

description	pid	process
Token: 32	1360	avast_free_antivirus_setup_online_x64.exe
Token: SeDebugPrivilege	492	instup.exe
Token: 32	492	instup.exe
Token: SeDebugPrivilege	4988	instup.exe
Token: 32	4988	instup.exe
Token: SeDebugPrivilege	1140	aswOfferTool.exe
Token: SeImpersonatePrivilege	1140	aswOfferTool.exe
Token: SeDebugPrivilege	5012	aswOfferTool.exe
Token: SeImpersonatePrivilege	5012	aswOfferTool.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

instup.exeinstup.exe

pid process

492 instup.exe
4988 instup.exe

pid	process
492	instup.exe
4988	instup.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

avast_free_antivirus_setup_online (1).exeavast_free_antivirus_setup_online_x64.exeinstup.exeinstup.exe

description	pid	process	target process
PID 1564 wrote to memory of 1360	1564	avast_free_antivirus_setup_online (1).exe	avast_free_antivirus_setup_online_x64.exe
PID 1564 wrote to memory of 1360	1564	avast_free_antivirus_setup_online (1).exe	avast_free_antivirus_setup_online_x64.exe
PID 1360 wrote to memory of 492	1360	avast_free_antivirus_setup_online_x64.exe	instup.exe
PID 1360 wrote to memory of 492	1360	avast_free_antivirus_setup_online_x64.exe	instup.exe
PID 492 wrote to memory of 4988	492	instup.exe	instup.exe
PID 492 wrote to memory of 4988	492	instup.exe	instup.exe
PID 4988 wrote to memory of 1792	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1792	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1792	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 628	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 628	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 628	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1968	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1968	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1968	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1140	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1140	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 1140	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 5012	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 5012	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 5012	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 3180	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 3180	4988	instup.exe	aswOfferTool.exe
PID 4988 wrote to memory of 3180	4988	instup.exe	aswOfferTool.exe

C:\Users\Admin\AppData\Local\Temp\avast_free_antivirus_setup_online (1).exe
"C:\Users\Admin\AppData\Local\Temp\avast_free_antivirus_setup_online (1).exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:1564

C:\Windows\Temp\asw.a342a73763ad11aa\avast_free_antivirus_setup_online_x64.exe
"C:\Windows\Temp\asw.a342a73763ad11aa\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a:dlid_FAV-ONLINE-HP /ga_clientid:2cc78ee8-af2e-4551-94b0-a5771b486d11 /edat_dir:C:\Windows\Temp\asw.a342a73763ad11aa
2⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1360

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\instup.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f /edition:1 /prod:ais /guid:13537167-1e4d-4e1d-bdbb-d65ec5bf4360 /ga_clientid:2cc78ee8-af2e-4551-94b0-a5771b486d11 /cookie:mmm_ava_tst_007_402_a:dlid_FAV-ONLINE-HP /ga_clientid:2cc78ee8-af2e-4551-94b0-a5771b486d11 /edat_dir:C:\Windows\Temp\asw.a342a73763ad11aa
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:492

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\instup.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f /edition:1 /prod:ais /guid:13537167-1e4d-4e1d-bdbb-d65ec5bf4360 /ga_clientid:2cc78ee8-af2e-4551-94b0-a5771b486d11 /cookie:mmm_ava_tst_007_402_a:dlid_FAV-ONLINE-HP /edat_dir:C:\Windows\Temp\asw.a342a73763ad11aa /online_installer
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4988

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe" -checkGToolbar -elevated
5⤵
- Executes dropped EXE
PID:1792

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe" /check_secure_browser
5⤵
- Executes dropped EXE
PID:628

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe" -checkChrome -elevated
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1968

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1140

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1560

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5012

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1992

C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
"C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe" -checkChrome -elevated
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3180

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Security Software Discovery

T1063

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
Filesize
1KB

MD5
5c691932eebc650bf0223b803ec4ac77

SHA1
5e8d800c6a167332d37c09081caa8bfc94e5639d

SHA256
589f155ff1ddd38166d101d0c1ce7b6e214a9b49fa317a681ccd843feff16603

SHA512
993cf377567ea2a93fb7d62608f77225165c028c1d72eaa4afc3272d85e2c5d8306886b83b149f6d68c11477203b36900376a4499b09f9fafe550dc579d3aac1

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
Filesize
24KB

MD5
8ba20446cf8059ff00c34177329ea419

SHA1
6bf3f49cb49b7f2b66c6af16dd9f54bb5d91c394

SHA256
439ed38293625438a20d7d0d0dbddf632c297f8e2de2b17293e76464ab616e05

SHA512
2331002d84a3aa8a5fceba09312cefd7847dfaba9c34093a63512227e2512c65005c688083aee4c70da0757b2baa39dea7b2d41069eb77ad2dab532ed3785227

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
Filesize
142B

MD5
9384aa59397adde21eb6419e25bf8fb1

SHA1
17b2699e19d33fc20866c15e58515497cba55bd7

SHA256
4e7c1a9ac72f3654e138c1f774ef687b87a16952f62cb13f3fb6a3ef06c5ef73

SHA512
e6fb7bd3232ace208d82f56ae76bf88b430b16e0ecf27747873e2ae081e5882da2d2fdd2eee8cc5a14dd3be962b773a84143c322d6342243861aa12f9497aecd

Download Submit
C:\Users\Public\Documents\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Users\Public\Documents\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.a342a73763ad11aa\avast_free_antivirus_setup_online_x64.exe
Filesize
9.7MB

MD5
ebe0b3634dc0e048b2f8338104b2fa9e

SHA1
354369ae382222a7c247d19271e6003a1236a7d8

SHA256
dd608fcc1b6d360187c88b61dc530139da46df221963e0932ee09b43c2ce7afb

SHA512
3389adcd3bcfb9e6b00d46ec67a0bd80abc2726d2f76ee4c9124af31449b222e2f4de84f8768744a58035dbd1c5cc526f1381d18dffcccdc38cdbe664600e3de

Download Submit
C:\Windows\Temp\asw.a342a73763ad11aa\avast_free_antivirus_setup_online_x64.exe
Filesize
9.7MB

MD5
ebe0b3634dc0e048b2f8338104b2fa9e

SHA1
354369ae382222a7c247d19271e6003a1236a7d8

SHA256
dd608fcc1b6d360187c88b61dc530139da46df221963e0932ee09b43c2ce7afb

SHA512
3389adcd3bcfb9e6b00d46ec67a0bd80abc2726d2f76ee4c9124af31449b222e2f4de84f8768744a58035dbd1c5cc526f1381d18dffcccdc38cdbe664600e3de

Download Submit
C:\Windows\Temp\asw.a342a73763ad11aa\avast_free_antivirus_setup_online_x64.exe
Filesize
9.7MB

MD5
ebe0b3634dc0e048b2f8338104b2fa9e

SHA1
354369ae382222a7c247d19271e6003a1236a7d8

SHA256
dd608fcc1b6d360187c88b61dc530139da46df221963e0932ee09b43c2ce7afb

SHA512
3389adcd3bcfb9e6b00d46ec67a0bd80abc2726d2f76ee4c9124af31449b222e2f4de84f8768744a58035dbd1c5cc526f1381d18dffcccdc38cdbe664600e3de

Download Submit
C:\Windows\Temp\asw.a342a73763ad11aa\ecoo.edat
Filesize
40B

MD5
c112b18c92ab609f83812c43bc50b8c8

SHA1
425a8531dbf923024312062357d4f07769ca7d85

SHA256
2fb160443ea1f55738d22bb2a80c7de6c59d1b05f473d8aa0b269e7a6ebcf584

SHA512
750eb32bbdc9cad29f04847c3bb481d2e9735adcaef65f5e1c1f2415e2676c3aa1bd95271cf28948b3477f5e42c49440c5d2133a39886da4f108808a3ffa14cb

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\Instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\Instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\Instup.exe
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\Instup.exe
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\HTMLayout.dll
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\Instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\aswOfferTool.exe
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\gcapi.dll
Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\instup.dll
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\New_170217a5\instup.exe
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\asw28b92fb5aa7706a7.ini
Filesize
1KB

MD5
d2178a3c793d6ece7c290383e069c59e

SHA1
3e6a18ce2a507e07989b918c82c0a6f4a35c5728

SHA256
caec64028794059466126947299508c4e8eb9d293fe738b9657d07a3b038e403

SHA512
a6dff407ab14af13960738b17fd62a15161bab047c2c56b2443ad35d1c70e3daf87ce826e9dbb9423dbd35e718b5e20445ea617296ff476b4cc6774921b49a9c

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\asw28b92fb5aa7706a7.tmp
Filesize
30KB

MD5
f346847864705615e6ddc9f47d949970

SHA1
a1666ad27da836374a90f60cc160bb0bf1cbb740

SHA256
28fef9ca62d08883b627d4e52115c7adff32613242e80490df2192d28a6e5ea0

SHA512
6362dbcf58253330cbc22902104a27c6bbe59ec0bbd416de5cf861b84d7ec50cdfe8fe9ec42454f0b05f20c6f03292847d0177139ad1ef84985a3ecfec5ade45

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\aswc7faa5304323134a.tmp
Filesize
27KB

MD5
722301b0752a196ca02d3988cdf83df8

SHA1
be8dfeb7a84839e7b6b86ad5a88bcda2651863fb

SHA256
0d3edc40adfb961f50fd0cc2db537e4047eb7e59fae73a208118216bdb3a7e81

SHA512
f14b49ed909c0fba416f73e65483f9c2dc166ee536cb934f36a548957f6dd59eea2be1f966c8d4bc87ebbadd3969f40869f5a10dd321593e9538a40c153aa3c8

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\avbugreport_x64_ais-9fe.vpx
Filesize
4.6MB

MD5
ec2ee280326b2243bdab0d2ab0610217

SHA1
f8705465e94197075a18d2d805be0ec23c06a51c

SHA256
cdbc232c7e3812a46a80714fc5b1fe5b1ba35c01935e1af084ab0a2aaab44f48

SHA512
26140c711c0db1cfe9e92a83fb7a4a9fa39442e9a418f474f5c8f5349c994ea2cb8e29e8cc93852fb6a2b6d92e57b0d61427619b3fb570fae69b2f7df3a412e2

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\avdump_x64_ais-9fe.vpx
Filesize
1.0MB

MD5
c0238a6afede841d1331ff81bd0a6e68

SHA1
6b4707fdeeda63571bcbdea7238970c7483e0eab

SHA256
02ddecf10ec030ad34840a2563232ea0d2b8f3ba8c4e6ebee3bb19e4bfb12899

SHA512
91e85b4dcf0441d760e230c7c35b35a67f985602d7902486fa705e5774f13c19781ad46a6dc6b7aa7639689a60552501fada3074f0414725ba8e02bb70f5fe76

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\config.def
Filesize
26KB

MD5
bd9111dba453f9cf9bc5df12f9d96574

SHA1
1949f9457101cde1f0f628aa0f76c57594335de9

SHA256
ee9baa0b739928ea8bfcb62282006a8e5275c10db43be21cc8a42ac37c925947

SHA512
34c057d44d60c0b3acd24767d8b20fddaa12f73b745b503214f0e43ddbddc96484d1c4945d9d2837efbcbe03992fb24c8cee2f93bbaa2e116aa3516b17d2ee32

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\config.ini
Filesize
713B

MD5
51d4ac9a571e2137abc5458256ed918a

SHA1
1b12923f24f709cc7557e9458a74f3e29aaa9334

SHA256
bc17dcece1fc3f2472d25d2cd22c13ddbb14f8a7965b5eb4196611f6f5b11f60

SHA512
b1c34117b506a27b8439ebf14975b964cf3908d77af42a76ece0bfcd5f149b8ccc8e634a135c0cd2757829990ddcfa1950862c3fe011396c969e9fd9c49a027d

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\instcont_x64_ais-9fe.vpx
Filesize
3.5MB

MD5
e16d191a0d839c59e24bc0e43db6678e

SHA1
0c9818d9357a12ca7715c74d1961596b42a47ba2

SHA256
940a0746957955ed46a158a45cd4be074a3a140ed7f76d9de31fd22757996a5d

SHA512
2dfbd0b1166720a044590dd252ea2597d26f9274d5c24134aa33a42d662c7c54b1653ef66a8aac58bfee8dc765c8d625ae66226b4dc1f12de323e5d7e86f8550

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\instup_x64_ais-9fe.vpx
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\instup_x64_ais-9fe.vpx
Filesize
20.8MB

MD5
10feeb3bbd60cbef24fbb60f94184959

SHA1
34f1d46c2ac38dfdff43c2f189f3d63f506cbf35

SHA256
77eca1e201de5fdc7d275c95bcdbe941e10e4e4631ae629586376788c75bccbf

SHA512
993356a3eaa563e00dc40f979fb3d4490e275d09074727ab73c8f0a4c920a77d67fc4c3c9b271e5644bdebbeef82ecb5ddb1029505cd508376b017169dcd85de

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\offertool_x64_ais-9fe.vpx
Filesize
1.5MB

MD5
136512e9eb0892a0c2eeaa81add4c470

SHA1
71611a3452e62426b65aebef3303cd3e07c7622b

SHA256
fa1dcd3d8826aa098437c4fe7126fcb01fa14451619e0dc57e4b6a0123fb8b5e

SHA512
dd7e0528557e89cfe3b29d703c5fde78ee128fe7f548cea96987505654fcfe5913ec41d0c664f3eb9d3dabfa2c4e912b90ee8bda0ca0275545a7419161a16938

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\part-jrog2-88.vpx
Filesize
211B

MD5
d658a255daef791c5c303924fc9ba94f

SHA1
cb5ea8aa061b383279b7147c17d0c046f307f5c2

SHA256
62db5a376dc2722c1b6955ecd5c5b44cadc7b14bbcd2d4c7bd225ea8a17283d7

SHA512
aa2839a2a75fa15eebc6db685b34244dea2d1cb3eb550cee19b20a0bd5272d8799c183318ba4c42d20f97a4ba527bd4b61a8bbdcfddfac63fd3d9b048b09f31e

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\part-prg_ais-170217a5.vpx
Filesize
73KB

MD5
162f8c67d878791bfcaa01fa20072c8d

SHA1
a82610a40a8b866208231a3c7c106aca72f5e82d

SHA256
c9e5423e0fb8ab8765d77113f81ecd124de81281780e2de6973bdac0e41480a1

SHA512
0f0e143564eafd7e678d4345971b5925cccca618a2bd3bc9f5e948f8ee9306512ed34b04fa4437ab3551a372d0781ef0991425f596110b8f1e38e1a2b8cb2558

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\part-setup_ais-170217a5.vpx
Filesize
4KB

MD5
36ce7fe9d444b17569249c039df50697

SHA1
9e473d81383a976e64cf2cf7a24625cc6e6e36f2

SHA256
2b7d2f4f6ed4819d6a8373eef6ce0bb3e909a796d8e425bcbfd3a380f0f0d98c

SHA512
70d1253b7c7b44b60b4278e021d6e9e123d522e44774ae0786034b37dbc308169e041f96aa10cf47233f8c04b14f42ba192b5657cc81200a36b794f3e9f83bd7

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\part-vps_windows-23032599.vpx
Filesize
7KB

MD5
eab88c8e40175d8f9225eb02797293c2

SHA1
b57a04fda5986b847793a70347dc50356748ae53

SHA256
1e5b808f3bb83aaee6661e6c61981acb7cd271d5484a0c2bafed4ee4ec7f32b0

SHA512
5419dfbc8b046eb70dcfab85ca3ad8aafb6e5340da0bbb3d0ecb2d16e015b31a68a3b352235ae5fbcc3dec374db079a108fd6809021ed6c35f9b7da80a2ad793

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\prod-pgm.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\prod-pgm.vpx
Filesize
572B

MD5
5f7977bee135d61afa0daab0bc12db43

SHA1
556484af69eb23e3fbe8bd5275af069de4906621

SHA256
011e20c10505b92f88c4244ab5dc81bc06425aaa05ca9b1a7080892b4ea57a61

SHA512
03511c587dd7f1b8e9f99cfff20e6affe99be80b09d80803e1ec71da29cc2dcc39ccade2978f199bc1242447c6efbfeef18937aab25d41ea270864f8a6d93b76

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\prod-pgm.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\prod-vps.vpx
Filesize
343B

MD5
52f74b0ac2dad29a8ba6a76d58d6cec6

SHA1
f7506526b7cf1b882f1632758db02f65b4a732d6

SHA256
5d07a03e4a62dd8f9af0ac2fe01bd87f1875df26da1e839ed606aef8d0ba8f8f

SHA512
0377f2c7da1c1227344389cdc150cec407b9e1130fe59dfaf84e930512667f92391d9ab67028aeab6b4c52a913ae80c3bcd9537e736a8fcef2691e770ca7e2f6

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\prod-vps.vpx
Filesize
339B

MD5
7e663e4e1c58303c1ee85f58d1e4f569

SHA1
03093b22ceaf4de08ccd52615331a68258e9ee86

SHA256
91ca09cb242be728ca1401ef90ca875dc8197a3248f3b193a66abe8e8dc9066e

SHA512
d1394fa984a00cdbe5f5847859783a37a2db36eb8e4a0246c7f71f972227ae8fe25403f551c5b3273b96476dc3f5879b8d1c8c4e83f54418f799b5a19c2eb2c0

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\sbr_x64_ais-9fe.vpx
Filesize
19KB

MD5
d84b3a37ad50bdda0971e5f1afc2352e

SHA1
2de210b1cd8ea551330cacd8afdf8441bf9d2138

SHA256
b7dec49b191d7f1d2c8748bc0289436c0832e16b92d628d37867d803e48ca864

SHA512
723febab6c238bdcaf081e2d05697b2cf0afc4680c5383e7167ca903eefd9ddffd1f11aac14fa08588e2766afdb42150668d0e30297365717fc0f485c98f8da5

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\servers.def
Filesize
29KB

MD5
8d0104b9aa5c15c355fe444193ff60dd

SHA1
a89f1739d0b83c99a4ee4c2f1579237bc82d6142

SHA256
354eda0c2550e5f2f9dcb488394f504d583f844e1f6ef08aef4c8bbf59eb00e4

SHA512
033676c4b7f529a9b6957cae94738e696cfbbaa478831b737ba0bcdb8f214585a44880cd289b75e6c80b06861f1bcefc93e1377f8f78b920293b7b037dbe5c04

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\servers.def
Filesize
29KB

MD5
8d0104b9aa5c15c355fe444193ff60dd

SHA1
a89f1739d0b83c99a4ee4c2f1579237bc82d6142

SHA256
354eda0c2550e5f2f9dcb488394f504d583f844e1f6ef08aef4c8bbf59eb00e4

SHA512
033676c4b7f529a9b6957cae94738e696cfbbaa478831b737ba0bcdb8f214585a44880cd289b75e6c80b06861f1bcefc93e1377f8f78b920293b7b037dbe5c04

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\servers.def.lkg
Filesize
29KB

MD5
8d0104b9aa5c15c355fe444193ff60dd

SHA1
a89f1739d0b83c99a4ee4c2f1579237bc82d6142

SHA256
354eda0c2550e5f2f9dcb488394f504d583f844e1f6ef08aef4c8bbf59eb00e4

SHA512
033676c4b7f529a9b6957cae94738e696cfbbaa478831b737ba0bcdb8f214585a44880cd289b75e6c80b06861f1bcefc93e1377f8f78b920293b7b037dbe5c04

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\servers.def.vpx
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\servers.def.vpx
Filesize
2KB

MD5
f1c045f4903ecc27626dc8e970841666

SHA1
8510814ab05841671f3c5888ebce0b699254a198

SHA256
574315e65059c6a8e397bb6baaa4b4df24463bd4db9800734568135e64256856

SHA512
8d53fc069307c18bbbf8055213844c7651ba666e262857d1966fe76d518461b8f8d3ca7235e12939266c4c428752460da27d883eff23380548ef5f39cdd971e0

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\setgui_x64_ais-9fe.vpx
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\setgui_x64_ais-9fe.vpx
Filesize
4.0MB

MD5
b878c44792ec2d106804b3f2ec4f0daf

SHA1
3548b96858d94a371ed6cd59bc3368eba425a7e8

SHA256
f5aa4dbd7a740b0a790503397d0fb9cc58f798846979726543ee14f3739e0edb

SHA512
cf16da8ab4e59265b50b4ac4477272a31bd8027e871af646eddf94fc0556fabba42eeb7c20f6d8c076f572b81539cbe4a31b8f7fefd77a9c2af42a4a5fd66280

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\setup.def
Filesize
38KB

MD5
ff7a4fa85fe46439b3e3b5127d86f2c3

SHA1
bf1db13a8e29bf856a5d3dc1c95b215735f96442

SHA256
74d391ca8bbeb45d86fd04d77854a4ff5c351b5984f78d359560b07388869723

SHA512
fcbf80572a4cc0e2c25cce38863bea8f1c51e0cf80a2bcec6be902a4ab190f7b02dcfb4e3f2571012336a7e2ce1fa8227adbf7286f2453c180af44338228c756

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\uat64.dll
Filesize
29KB

MD5
d5bbac7eeb501e24a98e3f9a9aae82b0

SHA1
3eda0452f879fc0f2e31e547d1cf8c661538ab06

SHA256
00f4d6c6c2ec61faf69958173637a99a5d11bad8bca92c5e6cbb7175ebe79786

SHA512
01b5087a99340df085e3146d76e33d795c302c2c7f20ad81bc1c97ce4d3b0261f152d0db8c9832f5ef3572c51aa771e9cf083a7922640d9f7c4285fc59f8a31d

Download Submit
C:\Windows\Temp\asw.ccdfc0ea2c7dcb4f\uat64.vpx
Filesize
16KB

MD5
539b93be7af26db62254559199c77126

SHA1
30b80693ef44c2910296b78d903588547016bbab

SHA256
f196bcda2326b4d4851aaf055ecfdef1a4d1c201bd0f127b59390899ebf317e7

SHA512
77beac3867fe432d92613aaf56cdccb091388c6caddf7dcc29bde4e5a856f3ec7691e72c8bdba3c703e120515d98344c907feb0da2b1beb009003f88c0fd11e9

Download Submit
memory/492-402-0x000001FC421D0000-0x000001FC425CC000-memory.dmp

Filesize
4.0MB

Download