01e51b0029cd7af73a46ede5d0b6bf0a3f799e568af52a06fb49e3e4aa9785fa

Analysis

max time kernel
294s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
20/04/2023, 15:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

~.exe
Size

256KB
MD5

56354f6191810e362bf2ae7b3f6e82b4
SHA1

98260eb9dbec4ef777939937b4ca797ac336e3ff
SHA256

95c16c2f74bfe9878117d341d4b259c5327f87fc10e8407b27e9a905aff0ac11
SHA512

fb40abe4838e4026a4b1c826566454ff181e68bf7f7929777f2ea63e55a8242c65f12dffb274e8c46f5f1bcb7f42661c41e7b2a62ed39050814a45de54ab8b30
SSDEEP

6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPnAeb:bCfLZadcM24fRNXe

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
5112	avast_free_antivirus_setup_online_x64.exe
408	instup.exe
4156	instup.exe
4416	aswOfferTool.exe
4312	aswOfferTool.exe
3840	aswOfferTool.exe
1412	aswOfferTool.exe
2252	aswOfferTool.exe

Loads dropped DLL 12 IoCs

pid	Process
4900	~.exe
408	instup.exe
408	instup.exe
408	instup.exe
408	instup.exe
4156	instup.exe
4156	instup.exe
4156	instup.exe
4156	instup.exe
4156	instup.exe
3840	aswOfferTool.exe
2252	aswOfferTool.exe

Checks for any installed AV software in registry 1 TTPs 52 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key opened	\Registry\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\SetupLog = "C:\\ProgramData\\Avast Software\\Persistent Data\\Avast\\Logs\\Setup.log"	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LicenseFile	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\burger_client	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\TempFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\DataFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\WOW6432Node\Avira\Antivirus	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CertificateFile	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ReportFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\settings	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	avast_free_antivirus_setup_online_x64.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\Instup_IgnoredDownloadTypes	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\JournalFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\MovedFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties\UseRegistry = "1"	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\properties	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ProgramFolder	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ChestFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\LogFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\FwDataFolder	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\ShepherdDebug	instup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Avast Software\Avast\CrashGuardProcessWatcherExclusions	instup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avast_free_antivirus_setup_online_x64.exe
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	instup.exe
File opened for modification	\??\PhysicalDrive0	~.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	avast_free_antivirus_setup_online_x64.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	instup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	avast_free_antivirus_setup_online_x64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	instup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	instup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "6"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "67"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "22"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Actualizando paquete: instup_x64_ais"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Actualizando paquete: sbr_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "13"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "56"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "63"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "0"	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "7"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Archivo descargado: offertool_x64_ais-a03.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "18"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "95"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Archivo descargado: sbr_x64_ais-a03.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "2"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "47"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "65"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "75"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "62"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "75"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "27"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "84"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Actualizando paquete: instcont_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "52"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "70"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "19"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "29"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "89"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "93"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "1"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "40"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "23"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "87"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "35"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Actualizando paquete: offertool_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\SfxInstProgress = "100"	avast_free_antivirus_setup_online_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Archivo descargado: servers.def.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "16"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "66"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Installation_Main = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "100"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "0"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "34"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "88"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "9"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "71"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Comprobando condiciones de instalación"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "46"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "62"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Archivo descargado: avbugreport_x64_ais-a03.vpx"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "91"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Actualizando paquete: avdump_x86_ais"	instup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage	avast_free_antivirus_setup_online_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "42"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "45"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Actualizando paquete: setgui_x64_ais"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "64"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "68"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Main = "87"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Extrayendo archivo: AvBugReport.exe"	instup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_Description = "Resolución de DNS"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "51"	instup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AvastPersistentStorage\InstupProgress_UpdateSetup_Syncer = "15"	instup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5112	avast_free_antivirus_setup_online_x64.exe
5112	avast_free_antivirus_setup_online_x64.exe
4156	instup.exe
4156	instup.exe
4156	instup.exe
4156	instup.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 32	5112	avast_free_antivirus_setup_online_x64.exe
Token: SeDebugPrivilege	408	instup.exe
Token: 32	408	instup.exe
Token: SeDebugPrivilege	4156	instup.exe
Token: 32	4156	instup.exe
Token: SeDebugPrivilege	1412	aswOfferTool.exe
Token: SeImpersonatePrivilege	1412	aswOfferTool.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
408	instup.exe
4156	instup.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 5112	4900	~.exe	85
PID 4900 wrote to memory of 5112	4900	~.exe	85
PID 5112 wrote to memory of 408	5112	avast_free_antivirus_setup_online_x64.exe	87
PID 5112 wrote to memory of 408	5112	avast_free_antivirus_setup_online_x64.exe	87
PID 408 wrote to memory of 4156	408	instup.exe	90
PID 408 wrote to memory of 4156	408	instup.exe	90
PID 4156 wrote to memory of 4416	4156	instup.exe	91
PID 4156 wrote to memory of 4416	4156	instup.exe	91
PID 4156 wrote to memory of 4416	4156	instup.exe	91
PID 4156 wrote to memory of 4312	4156	instup.exe	92
PID 4156 wrote to memory of 4312	4156	instup.exe	92
PID 4156 wrote to memory of 4312	4156	instup.exe	92
PID 4156 wrote to memory of 3840	4156	instup.exe	93
PID 4156 wrote to memory of 3840	4156	instup.exe	93
PID 4156 wrote to memory of 3840	4156	instup.exe	93
PID 4156 wrote to memory of 1412	4156	instup.exe	94
PID 4156 wrote to memory of 1412	4156	instup.exe	94
PID 4156 wrote to memory of 1412	4156	instup.exe	94

C:\Users\Admin\AppData\Local\Temp\~.exe
"C:\Users\Admin\AppData\Local\Temp\~.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\Temp\asw.30fe111ec369cc02\avast_free_antivirus_setup_online_x64.exe
  "C:\Windows\Temp\asw.30fe111ec369cc02\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_tst_007_402_a /ga_clientid:b6d0bb32-c25a-4685-85b0-446499064f32 /edat_dir:C:\Windows\Temp\asw.30fe111ec369cc02
  2⤵
  - Executes dropped EXE
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Windows\Temp\asw.2fbb3dec382f5888\instup.exe
    "C:\Windows\Temp\asw.2fbb3dec382f5888\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.2fbb3dec382f5888 /edition:1 /prod:ais /guid:4ec23932-e107-4f86-89d0-c5ca39ecdb5b /ga_clientid:b6d0bb32-c25a-4685-85b0-446499064f32 /cookie:mmm_ava_tst_007_402_a /ga_clientid:b6d0bb32-c25a-4685-85b0-446499064f32 /edat_dir:C:\Windows\Temp\asw.30fe111ec369cc02
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:408
  - - C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\instup.exe
      "C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.2fbb3dec382f5888 /edition:1 /prod:ais /guid:4ec23932-e107-4f86-89d0-c5ca39ecdb5b /ga_clientid:b6d0bb32-c25a-4685-85b0-446499064f32 /cookie:mmm_ava_tst_007_402_a /edat_dir:C:\Windows\Temp\asw.30fe111ec369cc02 /online_installer
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks for any installed AV software in registry
      Writes to the Master Boot Record (MBR)
      Checks processor information in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4156
    - - C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe" -checkGToolbar -elevated
        5⤵
        Executes dropped EXE
        
        PID:4416
    - - C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe" /check_secure_browser
        5⤵
        Executes dropped EXE
        
        PID:4312
    - - C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3840
    - - C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe
        
        "C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1412
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2252

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

Filesize
1KB

MD5
fbd0fd226218fa54f3b9ff4f8bd0685d

SHA1
1c6e4a48c291dafcfeaae5ad07bcad76c3d579f1

SHA256
00289e3f6c307a1147f464e0d2c9b7bf42f7adea2338ea6553e4c30271523e70

SHA512
78bf5b91340a670296c30a3f328de3e4d1afe96dc280fe541d3e18ae5a03da4e73149a4b1c12dc0f77362eeaaf99a168d5e45841e50d46fbe9f9126bec472d2d

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log

Filesize
26KB

MD5
6d9826f438af31b99c5bf2c82dc702cc

SHA1
70a6768108cbd17a2709f780f899fc1884ef397c

SHA256
b98c4d6347dc5736423940df92ff9ecca8fbebb34437b93855cfd08fc721dd42

SHA512
38003ddad8bacb5554633e39198171f8a7ba79272afd1d6edb42c94d2b1bf5b47507ddc0d2bb110631111fbbeff86c426b4f433329075b7cf28ca52fc0bf039d

Download Submit
C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log

Filesize
142B

MD5
e9e1edd7bebbafcd15e5e1f3788db899

SHA1
509183693dc884813563f01c271c1c05f469743b

SHA256
5da44c32a374d15b79247606af899ac9bc4658a19b308eebd70e61af6b5331d0

SHA512
b6505e9b11256eee8940b822f1a132aaa7737ef0244b435bf9f9a663032c8b9630a296b37c8e2e059041907d02e059c0b179559a163acbd321e9ad416552a8a1

Download Submit
C:\Users\Public\Documents\aswOfferTool.exe

Filesize
1.5MB

MD5
d95cee795cb83c1ab7e89a1f75461a47

SHA1
c0ae1a348469e81aea634b42f962202e46a580a6

SHA256
1d1aea8fc8364e78de9cc33b5d4fbc0dffcaae816fb52a0a6022341ecedf1ebd

SHA512
82658cc5304769279373f1acd863d87bf0796c9f34120d358658a60042780f4d58d8b02a63d9243f0a48a69bbe30cfbd5e46bcd9ff66856d6efa1a0a30918108

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\HTMLayout.dll

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\HTMLayout.dll

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\HTMLayout.dll

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\Instup.dll

Filesize
21.3MB

MD5
0c850f388279bc3da2032ed646cf605d

SHA1
f5a8e0c6ad149b1628840ea31ede32479f419cad

SHA256
9020c157c8e1dceb33de63536236831c4e4b7ac208104b349ad1589d5e35b194

SHA512
99fb95014bb393eb0624d1b632199b2aedb10a3c89a243dd02934133b02d6a03d0e697e20b28cbc393161bc1df9ae5337bdb6a55a2d12660bba46bc0bc7cb3d0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\Instup.dll

Filesize
21.3MB

MD5
0c850f388279bc3da2032ed646cf605d

SHA1
f5a8e0c6ad149b1628840ea31ede32479f419cad

SHA256
9020c157c8e1dceb33de63536236831c4e4b7ac208104b349ad1589d5e35b194

SHA512
99fb95014bb393eb0624d1b632199b2aedb10a3c89a243dd02934133b02d6a03d0e697e20b28cbc393161bc1df9ae5337bdb6a55a2d12660bba46bc0bc7cb3d0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\Instup.exe

Filesize
4.4MB

MD5
2867ea130a8933ce025c293d20481e91

SHA1
c47a8c65855835419fd82995a8aacaa06b11a7ac

SHA256
2b7ab04d1d325b83d225c2a5d2570020141640478b30b7367d9dbc3ddd9d5175

SHA512
1ef65447120ebf2703243842ed452900e4f3519116ea15435f579abc58dc8fe3e425d25a0d6b74ae3818cad271533cd5370ddc2ea25a74dc654d27e9a4bfe8cb

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\Instup.exe

Filesize
4.4MB

MD5
2867ea130a8933ce025c293d20481e91

SHA1
c47a8c65855835419fd82995a8aacaa06b11a7ac

SHA256
2b7ab04d1d325b83d225c2a5d2570020141640478b30b7367d9dbc3ddd9d5175

SHA512
1ef65447120ebf2703243842ed452900e4f3519116ea15435f579abc58dc8fe3e425d25a0d6b74ae3818cad271533cd5370ddc2ea25a74dc654d27e9a4bfe8cb

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\HTMLayout.dll

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\HTMLayout.dll

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\HTMLayout.dll

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\Instup.dll

Filesize
21.3MB

MD5
0c850f388279bc3da2032ed646cf605d

SHA1
f5a8e0c6ad149b1628840ea31ede32479f419cad

SHA256
9020c157c8e1dceb33de63536236831c4e4b7ac208104b349ad1589d5e35b194

SHA512
99fb95014bb393eb0624d1b632199b2aedb10a3c89a243dd02934133b02d6a03d0e697e20b28cbc393161bc1df9ae5337bdb6a55a2d12660bba46bc0bc7cb3d0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe

Filesize
1.5MB

MD5
d95cee795cb83c1ab7e89a1f75461a47

SHA1
c0ae1a348469e81aea634b42f962202e46a580a6

SHA256
1d1aea8fc8364e78de9cc33b5d4fbc0dffcaae816fb52a0a6022341ecedf1ebd

SHA512
82658cc5304769279373f1acd863d87bf0796c9f34120d358658a60042780f4d58d8b02a63d9243f0a48a69bbe30cfbd5e46bcd9ff66856d6efa1a0a30918108

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe

Filesize
1.5MB

MD5
d95cee795cb83c1ab7e89a1f75461a47

SHA1
c0ae1a348469e81aea634b42f962202e46a580a6

SHA256
1d1aea8fc8364e78de9cc33b5d4fbc0dffcaae816fb52a0a6022341ecedf1ebd

SHA512
82658cc5304769279373f1acd863d87bf0796c9f34120d358658a60042780f4d58d8b02a63d9243f0a48a69bbe30cfbd5e46bcd9ff66856d6efa1a0a30918108

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe

Filesize
1.5MB

MD5
d95cee795cb83c1ab7e89a1f75461a47

SHA1
c0ae1a348469e81aea634b42f962202e46a580a6

SHA256
1d1aea8fc8364e78de9cc33b5d4fbc0dffcaae816fb52a0a6022341ecedf1ebd

SHA512
82658cc5304769279373f1acd863d87bf0796c9f34120d358658a60042780f4d58d8b02a63d9243f0a48a69bbe30cfbd5e46bcd9ff66856d6efa1a0a30918108

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe

Filesize
1.5MB

MD5
d95cee795cb83c1ab7e89a1f75461a47

SHA1
c0ae1a348469e81aea634b42f962202e46a580a6

SHA256
1d1aea8fc8364e78de9cc33b5d4fbc0dffcaae816fb52a0a6022341ecedf1ebd

SHA512
82658cc5304769279373f1acd863d87bf0796c9f34120d358658a60042780f4d58d8b02a63d9243f0a48a69bbe30cfbd5e46bcd9ff66856d6efa1a0a30918108

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswOfferTool.exe

Filesize
1.5MB

MD5
d95cee795cb83c1ab7e89a1f75461a47

SHA1
c0ae1a348469e81aea634b42f962202e46a580a6

SHA256
1d1aea8fc8364e78de9cc33b5d4fbc0dffcaae816fb52a0a6022341ecedf1ebd

SHA512
82658cc5304769279373f1acd863d87bf0796c9f34120d358658a60042780f4d58d8b02a63d9243f0a48a69bbe30cfbd5e46bcd9ff66856d6efa1a0a30918108

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\aswf2f3a844bcc46d0c.tmp

Filesize
19KB

MD5
73afb835ea55062e29a3c6bddd03cd4b

SHA1
67c0e0aeeb7e50b0f6a6798d4bc6bee83399f37c

SHA256
35138dceb7dedfa49a6b5e35cd6a2ba0d11679eb0e90aad64cf91fc5280d6299

SHA512
60e091b0ef23d9c64131c8ecd878c11af79d7cf5e373e39a3fa67c4ae23d3fe122961a9afc3036964b5c9105ac367715cdf2769b561b3e1ced3669d97cd0d467

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\instup.dll

Filesize
21.3MB

MD5
0c850f388279bc3da2032ed646cf605d

SHA1
f5a8e0c6ad149b1628840ea31ede32479f419cad

SHA256
9020c157c8e1dceb33de63536236831c4e4b7ac208104b349ad1589d5e35b194

SHA512
99fb95014bb393eb0624d1b632199b2aedb10a3c89a243dd02934133b02d6a03d0e697e20b28cbc393161bc1df9ae5337bdb6a55a2d12660bba46bc0bc7cb3d0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\instup.dll

Filesize
21.3MB

MD5
0c850f388279bc3da2032ed646cf605d

SHA1
f5a8e0c6ad149b1628840ea31ede32479f419cad

SHA256
9020c157c8e1dceb33de63536236831c4e4b7ac208104b349ad1589d5e35b194

SHA512
99fb95014bb393eb0624d1b632199b2aedb10a3c89a243dd02934133b02d6a03d0e697e20b28cbc393161bc1df9ae5337bdb6a55a2d12660bba46bc0bc7cb3d0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\New_170317aa\instup.exe

Filesize
4.4MB

MD5
2867ea130a8933ce025c293d20481e91

SHA1
c47a8c65855835419fd82995a8aacaa06b11a7ac

SHA256
2b7ab04d1d325b83d225c2a5d2570020141640478b30b7367d9dbc3ddd9d5175

SHA512
1ef65447120ebf2703243842ed452900e4f3519116ea15435f579abc58dc8fe3e425d25a0d6b74ae3818cad271533cd5370ddc2ea25a74dc654d27e9a4bfe8cb

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\asw43f84fd9ac69255a.tmp

Filesize
27KB

MD5
3c1b581bec0148e619cbf0c16940f90c

SHA1
e85e8f4cbe91e8f1fab2c5801b477f925ed58338

SHA256
0313159eb2c435c6fbc4b771f4e0e98fb385a474a0d23d15c52f9549b54822da

SHA512
bf2e8828a86f4098b90e0b525b34fdd0f4e3d3c810e61b01813fdb2e3b2c1be30a537eb78b01d70632f2803975661fc114853eca9bbdb56568a1b500dd26a155

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\asw50e70b079ce990b8.ini

Filesize
1KB

MD5
65e7c4a451bbfa50d21d4cd5c2f66f3b

SHA1
3e482ad34a3c2abdc7400aa7ced690a7cc4c49f3

SHA256
9df3223d75a2b45b37d7555afa2b9de0d3467cf95acc8e7482c315821f3d90d3

SHA512
f56a389216523ee01d915854dc6c36e21484eb32b6059717d129a6f940e6f9d6d2c8f08f2e6842846ef49b11488b95dec68e2750d062780da1e4ec6c6d94e9bd

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\asw50e70b079ce990b8.tmp

Filesize
30KB

MD5
0d1b76818fadfad3427c120f0d94c994

SHA1
c3cc237bf8c0850f5e466394c9c8d27aee4d6c27

SHA256
b5ef5ef37b97b6f37c9dbfe71d633d90c9fd8ac9c37d44175c2ca1efdbec3572

SHA512
e5be5478c00526a360a3882676b82e93f21918bea2a3a2ab5368b2504a5defaf62982135e11e26a5ac77723e730fcb58c1e3cc45800b2894f72a0254585a156e

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\avbugreport_x64_ais-a03.vpx

Filesize
4.8MB

MD5
3682ad9cae7b8baef837c05660beffd7

SHA1
07b0b1a97582094e497f35cc90b1146bde3ab69f

SHA256
ff930f3dc1f1e896bfe4780ba750c9b66cb8480d9a7b61760a8970877f87e31f

SHA512
f81355a6ef5053649468ba30564b9a3990e92fb8dce3b3fdb5cddcc5fd81e630fca3878f555793350c196d6419039203e3b1abbb5f29754d32e0c1411bdeefb8

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\avdump_x64_ais-a03.vpx

Filesize
1.0MB

MD5
b446d61c5aef2372c1519c62a9576b68

SHA1
0720f4c7401d7e84bf0f0d086466829158bc49df

SHA256
f12c90698d263eadf2708a6bfbef03c4b6f008aad674b0cd871b20de3421c2a8

SHA512
f356d106c3fe5e3eff216dc54294de035cdb6ca6ce45ef05ca72cc6cfcac1c9907ff84a75ba7b86008c3fecc878603aef62c6b644ac28589d3d73ea4bb094469

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\config.def

Filesize
26KB

MD5
3b865e130895b68f29e06d8c873ebcbf

SHA1
36b60f66e726433a7c3baacba7a7833b7ac44278

SHA256
ec2220bb2b23dd2e98afff05db85637827fb07e85c0617beac88ee26d024c363

SHA512
9d10b5f3c0c1ed21087a53230ce279fb3b115193b9674a46c5694dc44cd2ad5ca4c6ff4bf0b9fe0d11ce48a48b5c9d8b0f4059c8789103cc8943c28c374b4645

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\config.ini

Filesize
744B

MD5
f721c30c00d398d14c228d64e6a04a78

SHA1
2225ad08c04459724e2383be650e3f545972f4ee

SHA256
b8b29547af21a5f8f41eefaf3eb81e6741575c58a5327b2806e12156efac953f

SHA512
b8a575c6c8c48b1de1255450359b2937745fbf0a4453a462afe0280fc297524092aba5ad49c8322beb1838281c10b45e897b675ec261bc968724d0efd1357222

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\config.ini

Filesize
744B

MD5
f721c30c00d398d14c228d64e6a04a78

SHA1
2225ad08c04459724e2383be650e3f545972f4ee

SHA256
b8b29547af21a5f8f41eefaf3eb81e6741575c58a5327b2806e12156efac953f

SHA512
b8a575c6c8c48b1de1255450359b2937745fbf0a4453a462afe0280fc297524092aba5ad49c8322beb1838281c10b45e897b675ec261bc968724d0efd1357222

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\instcont_x64_ais-a03.vpx

Filesize
4.4MB

MD5
2867ea130a8933ce025c293d20481e91

SHA1
c47a8c65855835419fd82995a8aacaa06b11a7ac

SHA256
2b7ab04d1d325b83d225c2a5d2570020141640478b30b7367d9dbc3ddd9d5175

SHA512
1ef65447120ebf2703243842ed452900e4f3519116ea15435f579abc58dc8fe3e425d25a0d6b74ae3818cad271533cd5370ddc2ea25a74dc654d27e9a4bfe8cb

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\instup_x64_ais-a03.vpx

Filesize
21.3MB

MD5
0c850f388279bc3da2032ed646cf605d

SHA1
f5a8e0c6ad149b1628840ea31ede32479f419cad

SHA256
9020c157c8e1dceb33de63536236831c4e4b7ac208104b349ad1589d5e35b194

SHA512
99fb95014bb393eb0624d1b632199b2aedb10a3c89a243dd02934133b02d6a03d0e697e20b28cbc393161bc1df9ae5337bdb6a55a2d12660bba46bc0bc7cb3d0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\instup_x64_ais-a03.vpx

Filesize
21.3MB

MD5
0c850f388279bc3da2032ed646cf605d

SHA1
f5a8e0c6ad149b1628840ea31ede32479f419cad

SHA256
9020c157c8e1dceb33de63536236831c4e4b7ac208104b349ad1589d5e35b194

SHA512
99fb95014bb393eb0624d1b632199b2aedb10a3c89a243dd02934133b02d6a03d0e697e20b28cbc393161bc1df9ae5337bdb6a55a2d12660bba46bc0bc7cb3d0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\offertool_x64_ais-a03.vpx

Filesize
1.5MB

MD5
d95cee795cb83c1ab7e89a1f75461a47

SHA1
c0ae1a348469e81aea634b42f962202e46a580a6

SHA256
1d1aea8fc8364e78de9cc33b5d4fbc0dffcaae816fb52a0a6022341ecedf1ebd

SHA512
82658cc5304769279373f1acd863d87bf0796c9f34120d358658a60042780f4d58d8b02a63d9243f0a48a69bbe30cfbd5e46bcd9ff66856d6efa1a0a30918108

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\part-jrog2-ae.vpx

Filesize
211B

MD5
7a4052f3778efb3ee04a3e0543be2f41

SHA1
c1b65eb9a4e5a043dc867d0df5bab9512aac29ce

SHA256
07bc8a5181a40239cca18ebe970b3122789da48eb7638fdd8e8204d1de02a714

SHA512
8c5b2b37cb218048537e8c5cd83f253738409d735ea118b2596d0515443549823ad1bb0d631c72e4a31f901e4f3ba16a435b9360b32973afd03c62d07255536d

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\part-prg_ais-170317aa.vpx

Filesize
73KB

MD5
332dfee9bb11bfc81862d6e4c3d4b3c4

SHA1
52b81242a52503b49240c21ecddfa302d8c23c4c

SHA256
34402b3de572c43aeee22948b565e519435ceeb134aeb2503055662be68f294c

SHA512
4e827970f8b32204aada61862fa62782eff62b46eb442edbabfc5bb0e5df183ae7be1b01baf7e6f4e86fef33c7d5ec96069046f60c0a3e9822310e672ce586a2

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\part-setup_ais-170317aa.vpx

Filesize
4KB

MD5
c5e5d2ffc13939196ccb76699fdd8437

SHA1
cbbe6f509574cc41395ce91d6e3bc494a4a08e59

SHA256
778206d3ec04e09a013987ac4f78535cf916863a80021b03cc06c8bb215ffd89

SHA512
20b104e5b292ee4c06616e02acec3ef8f2c877536b6e26a44a04c2b28a24eec07cc7539f6707639765ac0ce9e82df077a3e9d92383540a93bcc7175735a6d021

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\part-vps_windows-23041999.vpx

Filesize
7KB

MD5
08824572c43bd0959bc556f15bf45091

SHA1
ad6687302db7508148074bb6f2aa0bd816a86670

SHA256
0b790aa1f700e344bd4bd4a298da368124bf453db202599f572d04a0b87032ff

SHA512
9b2c99c6ca421fd7d44454be9fb96a2b9ac1dd7cc2bfd41fd869a4adf3e60122592a1b89aeb70f8855a29efa63b1dd06200114e6bb0a3884413ae3de6ce83ac0

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\prod-pgm.vpx

Filesize
573B

MD5
ed1797a76007b34e279d19348d39be79

SHA1
2acd7eb0ce19badd414e11dbc66b796ac4967916

SHA256
a21a9b4f058237a9ecda21007fd353dfe0bf2551e378f48c066038d642dd0aaa

SHA512
5725346eb9b455789463a3b58d81d9f6555d7f813d6e3492ec79a0dd564cb5a1459843f86048f9096c97c7c143687640d692da1cb8bdc339e3f0d6a9d47a3d3d

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\prod-vps.vpx

Filesize
342B

MD5
6faf4094f768d1a56228db0339ab1507

SHA1
b7ba7d8f8bfd4236ebd20fb7ff5b8f8c9db26e9a

SHA256
7bd97ae3a3e1c93b3a456b3963a6e07020c60a189dae878a16551917d4850c23

SHA512
caf0c8c4d373cfa60fabc1a40164c10911eb38cad6f830b0ee8da8f8a013662e07c8f2c699ad1f5593576ac78e8f5f716969278dd0f773f5b570f88c7f412635

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\prod-vps.vpx

Filesize
341B

MD5
c627f19e10d1b080d5884c3eac42d8a7

SHA1
6b12baf2650af45a5262d35b625e97f73a5f36be

SHA256
905b72d1d81091350b54f808d228e1387c19bdde47322ead7e28c232bf81f897

SHA512
bdd50fe8368bc3002d3c35f7d17741c37f5752d2167cc717be542b601a66e40b04ee6e0deb8e8cf2cbc156fe190e21122e4131bda19370d0dd79f199a96ab7de

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\servers.def

Filesize
29KB

MD5
f322c05d176f1f422687c46b3a155217

SHA1
3c94ba83f57bfd44133e057c808fb759927e9228

SHA256
0c4cec7d059871bee779af5dd1b80dff8370c6732228e7caf9215e2f593d5748

SHA512
d3a5930ae072403128dbd0dabe0d41fa6f9e6ea3d7ca70fcc988e3aa165fba428f747607baa30c19f122775e2cb39c5b50ebdefa91145091252ccd11ac365a42

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\servers.def

Filesize
29KB

MD5
f322c05d176f1f422687c46b3a155217

SHA1
3c94ba83f57bfd44133e057c808fb759927e9228

SHA256
0c4cec7d059871bee779af5dd1b80dff8370c6732228e7caf9215e2f593d5748

SHA512
d3a5930ae072403128dbd0dabe0d41fa6f9e6ea3d7ca70fcc988e3aa165fba428f747607baa30c19f122775e2cb39c5b50ebdefa91145091252ccd11ac365a42

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\servers.def.lkg

Filesize
29KB

MD5
f322c05d176f1f422687c46b3a155217

SHA1
3c94ba83f57bfd44133e057c808fb759927e9228

SHA256
0c4cec7d059871bee779af5dd1b80dff8370c6732228e7caf9215e2f593d5748

SHA512
d3a5930ae072403128dbd0dabe0d41fa6f9e6ea3d7ca70fcc988e3aa165fba428f747607baa30c19f122775e2cb39c5b50ebdefa91145091252ccd11ac365a42

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\servers.def.vpx

Filesize
2KB

MD5
eace36f864ae1892942fedc1a6c63c97

SHA1
c8cf45ee1d89c55c7aea490b83106d7fea54731b

SHA256
d10b59b09cdc3941055ba705ef540f4a767367edda21f267fd3cc5049925f17f

SHA512
fa1c66e87f2d1b040016787bf1acf8d7b11c60943c5e4ea18df99ca7fa494b6a69430e11d7c9f6c4e0a2aa3ed34c6c304e49b85e70ef0d38258edb6c518ad1cf

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\setgui_x64_ais-a03.vpx

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\setgui_x64_ais-a03.vpx

Filesize
4.0MB

MD5
e441fc6eaa2dfdd45e1aefbe7a704ebb

SHA1
79940b74a36090d29145a50ef55424210b83dffd

SHA256
0fcc95a4d46e375dbf2ec30130e054c2b601be16d5c87f3ea59fafd21d8d9ed5

SHA512
3ff5312204e1c36b2fb5739f4527dbdc4faa88bf127ca5ae64b8a45d7c4ed751e91b8b39207d7955153a0c0f299e4fb36ce080d097e0f6664374201f6e3fdb97

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\setup.def

Filesize
38KB

MD5
237b3a98decb46e71b6e5853d7f870d1

SHA1
2dcc67e442122e7d6833c686a9a30546f94ff050

SHA256
16e3d8e79367396f34a53d34cebf491c46dcc63a6426ebe101c6dce168ae144a

SHA512
89fd8028608ddc50f59790247cd82957109e38350dc5bd32c6b451e0ebf59e6870e5ee8ed766d2a7eb763bfba6d17988b6518e14e347c18be713fd0a581cb962

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\uat64.dll

Filesize
29KB

MD5
34c30295f51e0474f13018e1a1896ee4

SHA1
2d58fa2033351fafc85b11772fb5220979bd8b8b

SHA256
f6a1c83b11580dcf5117ac82b5a4f896728848d48ce384d2e157cfd0c6e2536b

SHA512
c315dd83712534ce84fa66512fe23ea8828429c5d544f827281b9ac65f6bc56185df8b6c6520be0ce05affbeeff1f0bb64ce318c7f84d5f302560319482e4429

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\uat64.dll

Filesize
29KB

MD5
34c30295f51e0474f13018e1a1896ee4

SHA1
2d58fa2033351fafc85b11772fb5220979bd8b8b

SHA256
f6a1c83b11580dcf5117ac82b5a4f896728848d48ce384d2e157cfd0c6e2536b

SHA512
c315dd83712534ce84fa66512fe23ea8828429c5d544f827281b9ac65f6bc56185df8b6c6520be0ce05affbeeff1f0bb64ce318c7f84d5f302560319482e4429

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\uat64.dll

Filesize
29KB

MD5
34c30295f51e0474f13018e1a1896ee4

SHA1
2d58fa2033351fafc85b11772fb5220979bd8b8b

SHA256
f6a1c83b11580dcf5117ac82b5a4f896728848d48ce384d2e157cfd0c6e2536b

SHA512
c315dd83712534ce84fa66512fe23ea8828429c5d544f827281b9ac65f6bc56185df8b6c6520be0ce05affbeeff1f0bb64ce318c7f84d5f302560319482e4429

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\uat64.dll

Filesize
29KB

MD5
34c30295f51e0474f13018e1a1896ee4

SHA1
2d58fa2033351fafc85b11772fb5220979bd8b8b

SHA256
f6a1c83b11580dcf5117ac82b5a4f896728848d48ce384d2e157cfd0c6e2536b

SHA512
c315dd83712534ce84fa66512fe23ea8828429c5d544f827281b9ac65f6bc56185df8b6c6520be0ce05affbeeff1f0bb64ce318c7f84d5f302560319482e4429

Download Submit
C:\Windows\Temp\asw.2fbb3dec382f5888\uat64.vpx

Filesize
16KB

MD5
f0f4216820077f141b93e00ae89cf250

SHA1
b87d7866013ba646b520d52d3fbf58dd6a0c0dc2

SHA256
40d9dedffc307b2e6c3012a41767efbfa490cfc61a4e805a6e176fc23d52ec6c

SHA512
3a65fdccc9e903bf959138fbb9c77316dfdcd5d67e4af3db1b1efb7970ac2721f87d844c006bb2a2c1e897beb81deef345436f6609493ee2eac82fabab68a71e

Download Submit
C:\Windows\Temp\asw.30fe111ec369cc02\avast_free_antivirus_setup_online_x64.exe

Filesize
10.0MB

MD5
8cb214bdae852c44ec3ce2a61814d0f6

SHA1
24c4744fd23a3d63deb2e2940aad1d1f54c4cccb

SHA256
ed40295ca6a410cb9b3740271629ecaaa91b121db0f8eeeb76c1b32c30e774ae

SHA512
968ef5fb0a4230a21e1ff303bebb0edf9560ed145c278d4959c584ee685bc8f1396b2edcf46e81f66808c64b1c4e38d80f359afe486fc4c8415926b4a5a7b5a9

Download Submit
C:\Windows\Temp\asw.30fe111ec369cc02\avast_free_antivirus_setup_online_x64.exe

Filesize
10.0MB

MD5
8cb214bdae852c44ec3ce2a61814d0f6

SHA1
24c4744fd23a3d63deb2e2940aad1d1f54c4cccb

SHA256
ed40295ca6a410cb9b3740271629ecaaa91b121db0f8eeeb76c1b32c30e774ae

SHA512
968ef5fb0a4230a21e1ff303bebb0edf9560ed145c278d4959c584ee685bc8f1396b2edcf46e81f66808c64b1c4e38d80f359afe486fc4c8415926b4a5a7b5a9

Download Submit
C:\Windows\Temp\asw.30fe111ec369cc02\avast_free_antivirus_setup_online_x64.exe

Filesize
10.0MB

MD5
8cb214bdae852c44ec3ce2a61814d0f6

SHA1
24c4744fd23a3d63deb2e2940aad1d1f54c4cccb

SHA256
ed40295ca6a410cb9b3740271629ecaaa91b121db0f8eeeb76c1b32c30e774ae

SHA512
968ef5fb0a4230a21e1ff303bebb0edf9560ed145c278d4959c584ee685bc8f1396b2edcf46e81f66808c64b1c4e38d80f359afe486fc4c8415926b4a5a7b5a9

Download Submit
C:\Windows\Temp\asw.30fe111ec369cc02\ecoo.edat

Filesize
21B

MD5
58d47cfa451dfb6748be33a8f4069f49

SHA1
7ca703bc598c8ed5d98407833ecebe7d5efec80b

SHA256
8ebbec1ccab81b5ab09770e38ed72b0f830c5bbdabd1e68979c9dd79bb278883

SHA512
4f636e1664c3884f6406aede91d8c6e2a0cff876d1be45014307c8a247f267f8b8db8a67edf43ee989fd59e1a74ab047d96cbac308d57cb00576cf4af14d4afb

Download Submit
memory/4156-441-0x00000201A5930000-0x00000201A6E98000-memory.dmp

Filesize
21.4MB

Download
memory/4156-443-0x00000201A5930000-0x00000201A6E98000-memory.dmp

Filesize
21.4MB

Download
memory/4156-453-0x00000201A5930000-0x00000201A6E98000-memory.dmp

Filesize
21.4MB

Download
memory/4156-467-0x00000201A5930000-0x00000201A6E98000-memory.dmp

Filesize
21.4MB

Download
memory/4156-493-0x00000201A5930000-0x00000201A6E98000-memory.dmp

Filesize
21.4MB

Download