e1c2d482dbaf5814baa67c3ee21f62516b573676a90057c9f6544c7f887b33c9

Analysis

max time kernel
147s
max time network
43s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
27/06/2023, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Avast Cleanup Premium.exe
Size

78.0MB
MD5

0384071f9689dd73ab62e01ea41d10c3
SHA1

0543f15b99f606b8f5d01f5b80cdec9d8b7a1a13
SHA256

e1c2d482dbaf5814baa67c3ee21f62516b573676a90057c9f6544c7f887b33c9
SHA512

01dd6d1efca9362759e65e666cf92294dcedada5edc1e7dc9458811c9ac1953ffd4ca98fb8c96aa7770533ac168c603c337f17ee430af6557b6cc0a4486f31c3
SSDEEP

1572864:g/5BlBjXG7qJomGLGH+RXY3TRyU1lRs29Qq2AEs:AlB2GJodGuY3TDyq2AEs

Score

7^/10

bootkit persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
872	TuneupSvc.exe
1248	TuneupUI.exe

Loads dropped DLL 60 IoCs

pid	Process
1624	Avast Cleanup Premium.exe
1624	Avast Cleanup Premium.exe
1624	Avast Cleanup Premium.exe
1624	Avast Cleanup Premium.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
872	TuneupSvc.exe
1624	Avast Cleanup Premium.exe
1624	Avast Cleanup Premium.exe
1624	Avast Cleanup Premium.exe
1624	Avast Cleanup Premium.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe
1248	TuneupUI.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	TuneupSvc.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	TuneupUI.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	TuneupSvc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	TuneupSvc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	TuneupSvc.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: 33	1624	Avast Cleanup Premium.exe
Token: SeIncBasePriorityPrivilege	1624	Avast Cleanup Premium.exe
Token: 33	1624	Avast Cleanup Premium.exe
Token: SeIncBasePriorityPrivilege	1624	Avast Cleanup Premium.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	872	TuneupSvc.exe
Token: SeIncBasePriorityPrivilege	872	TuneupSvc.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe
Token: 33	1248	TuneupUI.exe
Token: SeIncBasePriorityPrivilege	1248	TuneupUI.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
872	TuneupSvc.exe
1248	TuneupUI.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 872	1624	Avast Cleanup Premium.exe	28
PID 1624 wrote to memory of 872	1624	Avast Cleanup Premium.exe	28
PID 1624 wrote to memory of 872	1624	Avast Cleanup Premium.exe	28
PID 1624 wrote to memory of 872	1624	Avast Cleanup Premium.exe	28
PID 1624 wrote to memory of 872	1624	Avast Cleanup Premium.exe	28
PID 1624 wrote to memory of 872	1624	Avast Cleanup Premium.exe	28
PID 1624 wrote to memory of 872	1624	Avast Cleanup Premium.exe	28
PID 1624 wrote to memory of 1248	1624	Avast Cleanup Premium.exe	29
PID 1624 wrote to memory of 1248	1624	Avast Cleanup Premium.exe	29
PID 1624 wrote to memory of 1248	1624	Avast Cleanup Premium.exe	29
PID 1624 wrote to memory of 1248	1624	Avast Cleanup Premium.exe	29
PID 1624 wrote to memory of 1248	1624	Avast Cleanup Premium.exe	29
PID 1624 wrote to memory of 1248	1624	Avast Cleanup Premium.exe	29
PID 1624 wrote to memory of 1248	1624	Avast Cleanup Premium.exe	29

C:\Users\Admin\AppData\Local\Temp\Avast Cleanup Premium.exe
"C:\Users\Admin\AppData\Local\Temp\Avast Cleanup Premium.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\stubexe\0x1826AD1C7EF976A9\TuneupSvc.exe
  "C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\stubexe\0x1826AD1C7EF976A9\TuneupSvc.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Writes to the Master Boot Record (MBR)
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  PID:872
- C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\stubexe\0x3731D7DD2EDB9325\TuneupUI.exe
  "C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\stubexe\0x3731D7DD2EDB9325\TuneupUI.exe" /864A627C-C6B2-464A-AA13-25D62F282BD8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  PID:1248

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\meta\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe.__meta__

Filesize
32B

MD5
72bf372c726419a6bf94750d927a95f6

SHA1
fa4d5a144a3c639b592f0299e90c90a2b9ff32e8

SHA256
00ae37fe2dea3cc2ec6fc23bccf63c12fa737c34c0aaab7df67e49fde411ffcc

SHA512
7626fecac1b0d1122d394d953db0c617bd5e28ef8ef2a5c3104ad829282b7f0c11f7d5c3fb026dfc33b1c232b90122f760a0caa80546fc02c54437a7b6fb27e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\meta\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe.__meta__

Filesize
32B

MD5
72bf372c726419a6bf94750d927a95f6

SHA1
fa4d5a144a3c639b592f0299e90c90a2b9ff32e8

SHA256
00ae37fe2dea3cc2ec6fc23bccf63c12fa737c34c0aaab7df67e49fde411ffcc

SHA512
7626fecac1b0d1122d394d953db0c617bd5e28ef8ef2a5c3104ad829282b7f0c11f7d5c3fb026dfc33b1c232b90122f760a0caa80546fc02c54437a7b6fb27e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\meta\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupUI.exe.__meta__

Filesize
32B

MD5
500cb2abe329e85d52adf9c6e7f94c83

SHA1
d80b693d15a8dfc317749d0f28792c24854e2bb9

SHA256
e54f568e63367463757e896279d495fad46ecd8bdd255e68fb8bb6bbce09c007

SHA512
081cdc81471ab97423d6292e3e0c11c6eba4cd1c5bf3539ac8d8f3e8b17fb4760299ee1bd33093a0b9ee5964284b0c40bab1cb1685ce6b701bf6779edf082e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe

Filesize
8.3MB

MD5
2f734296e8490fb8983a4c82837605a2

SHA1
0ad670b972abc1c7e96404a67f20ed36f957913b

SHA256
15b3ee38a3931df48f3e7d15bf444bf0990452890b74699d3f9d52180c86c1ce

SHA512
06e557b2dd7ab504a043f95ba1667a385536e12f3d43244777929ab18b07ebc8e4fa3951fbcd8494cf540c05bb0830db3e0c806f76ccd3953415b16279c3a886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe

Filesize
8.3MB

MD5
2f734296e8490fb8983a4c82837605a2

SHA1
0ad670b972abc1c7e96404a67f20ed36f957913b

SHA256
15b3ee38a3931df48f3e7d15bf444bf0990452890b74699d3f9d52180c86c1ce

SHA512
06e557b2dd7ab504a043f95ba1667a385536e12f3d43244777929ab18b07ebc8e4fa3951fbcd8494cf540c05bb0830db3e0c806f76ccd3953415b16279c3a886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupUI.exe

Filesize
1.6MB

MD5
cfdf0a0846030ea88c6c81e076195b17

SHA1
449bc356834559976ff4faeeae28fbb6ddabd67b

SHA256
d709a0cc32a25652392dbf02d414158eb99e2d64b29f8f1f743aaca2b9392398

SHA512
98c19c86762aef65c8466c5f05df8491980b2f11b8ddc9a422e841f01585688701579e6e3ec5803e80a17b99dc1f8093387f697c2ce15d912bde2c10e5c32009

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\stubexe\0x1826AD1C7EF976A9\TuneupSvc.exe

Filesize
27KB

MD5
d6be6f7d0da63625528ace555b026d7d

SHA1
bc88792bfb566579b213f0b0c5cb773c6830c126

SHA256
013c80f39638beb1a745533ac616333e318964a13c89d81d57e4143b2abe8e93

SHA512
373170d9e00cbf6d740a58b503ff9b8dda9bf310e78a0a5fdc62c0b84c80a208f4b2885377cd48692457966e84c89703c3142091909ec318913c8ccb3a1dc4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\stubexe\0x3731D7DD2EDB9325\TuneupUI.exe.__tmp__

Filesize
27KB

MD5
d6be6f7d0da63625528ace555b026d7d

SHA1
bc88792bfb566579b213f0b0c5cb773c6830c126

SHA256
013c80f39638beb1a745533ac616333e318964a13c89d81d57e4143b2abe8e93

SHA512
373170d9e00cbf6d740a58b503ff9b8dda9bf310e78a0a5fdc62c0b84c80a208f4b2885377cd48692457966e84c89703c3142091909ec318913c8ccb3a1dc4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \roaming\meta\@APPDATACOMMON@\AVAST Software\Tuneup\avast5.ini.__meta__

Filesize
32B

MD5
04272361c48ff6253ed9eb2b5cd79473

SHA1
041e74af59a605552b352eba3462dd3930440317

SHA256
8807ded8fab8219b2a03c5768beab161b9862cc99ad7f8f70cb40e9b9102f91f

SHA512
f8a4e4162ed67054f6f8002a8a75a82410f3c298ae722ebec8e333be2c752767beee445e6cbcb51fc20f390cba01415cd2d510e149e436ed5fee4194afa0976c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \roaming\meta\@APPDATACOMMON@\AVAST Software\Tuneup\tuneupcfg.ini.__meta__

Filesize
32B

MD5
19e87a2546ac538dff02c4fb568ce37d

SHA1
c96073960c8d4b296f271fb0cc4fba2dfe7fc45d

SHA256
4d7d6e849a2b4a0e7d5a19b2684222f32ad60ef089caa7815677281876f00a1a

SHA512
84306a058eba8645238eddf6259143ecd12601aba89535d90da78d5a283edd9e4f2d8edd31a16cb5377f64fb5a2fa4b08898c55b25efd1ed4a503ab78d5dbc4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \roaming\meta\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\Setup\config.def.__meta__

Filesize
32B

MD5
20badcb0c6a113b49c99ba446898f058

SHA1
0811ff8887cda6761ae68f593bdce3bfc56d448f

SHA256
264ceeb0c21edca68d4eea07fdc9c8b3dae3b67438e7cf1a83c7a96b30f7922c

SHA512
ea41d305d8f1ad46b02320e06c0d0d074241473118008f27190b27ef112db2e5cb6e11db008852087bc69efe17d46ca1dadd17a4a6830ba93d54e5c20844c158

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \roaming\modified\@APPDATACOMMON@\AVAST Software\Subscriptions\license.avastgf

Filesize
32KB

MD5
a873b771532a7f945b9fc330150578a0

SHA1
9660a0af68bd47a18b6e8867bfda6d7e18be0187

SHA256
8c3b84adf63d1f45a1497e9a51458dce29a6a74db9bd6df9014067edd3934e95

SHA512
e0881c5d0a30442f64434e01dff809c270ad9584f5f52f487b6bfed2ce51f815e1b4294e2300543420eb5e24554f0b34d3a102e11fc5f7465721d9d5c2dda29e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \roaming\modified\@APPDATACOMMON@\AVAST Software\Tuneup\avast5.ini

Filesize
822B

MD5
70fcf9092ff46e0167d9a775c28dc1aa

SHA1
842e2be8b20671c4222310a1630b08e9b1955a07

SHA256
45607299adec91f3285a46d0e07828f40757692298bf0e5bef612f73733bce7d

SHA512
c68fb76d2a02b98d7d0fe87d403d0eab0376652631aef81d7ddd5f400e1080198f96db3d061688f5e326af6d0dcdea438c5f562e58b7e8a6fa9274489803a39e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \roaming\modified\@APPDATACOMMON@\AVAST Software\Tuneup\tuneupcfg.ini

Filesize
672B

MD5
87b64efd9a96db8cf022bee8c7b678ab

SHA1
35713ec343e300ac896d59a9ec2d165c0838757e

SHA256
b17e2d70667c189010352d03ae5072bece16efcb4e0841994bc713da63316005

SHA512
213f36fea33dd5469dbef79ea340e3fcc113d27ad7dc88d6011011d42f490fe66c2b7eac1d4c17d2e94d879928bf808b1ebd0473e574cdbc057dc051732ed70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \roaming\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\Setup\config.def

Filesize
1KB

MD5
e4fda3a83ecd48f59d813f1f1800ba41

SHA1
37c88d3ed954537aec0f873e8aea5b1c0564eba6

SHA256
4cb8b488683c99ead9404fba029bc56442e45a96764568855cbf5f6c1794ace6

SHA512
cb00517dca77eab1a8011ee8fca992d930da17824357919b1b08b7b874b2cd3b83647c5b3159c28d1d39c898d6ba3d53ee34dc0b74ba02685dea6cee0260721d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \xsandbox.bin

Filesize
16B

MD5
ec3d19e8e9b05d025cb56c2a98ead8e7

SHA1
748532edeb86496c8efe5e2327501d89ec1f13df

SHA256
edb7be3ef6098a1e24d0c72bbc6f968dea773951a0dd07b63bad6d9009ae3bf4

SHA512
175fb8432472b6795bb5db0eba61bc7b57331720825df5b048f3086815ba844df4f7e83e42ff9e8fe5ab01700675a774cb916677953d6e0088ffbf1fa2775349

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\Manifests\AvBugReport.exe_0x1aec2eef25bc929d2edc56d7225783c5.1.manifest.__tmp__

Filesize
977B

MD5
ee9538f18ba1eaa658460baa2fcf4b87

SHA1
638421f1181a9560445578518b92c49f88cbf902

SHA256
1558780d866537140bdbde8dd04e5131578430204db3d1bc5d36b6f3a05c81de

SHA512
a007196ce76366d2214c64bf0c6a103c74bbaaf2107218f4e4ccd6324086ccc6efbf1b880807684757ecfc51dcc048579a651ab23723d51abb721a6825668b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\Manifests\TuneupUI.exe_0xcfdf0a0846030ea88c6c81e076195b17.1.manifest

Filesize
1KB

MD5
432ab4b8cc489079bf21316d9f30407e

SHA1
d0dc6d24a3b884455b29876957d34002d2f81af6

SHA256
80ae4218a88e8857cc6b74997b90fcc62bc36b75437b494de9a187c7edf24994

SHA512
135836bc5bf72ff4554fe80cef120ea1a6ea4411873368d998c9a03a604be38d67010881a356794016b979b6c2961777371d4978b3a802ec2d4794c76dcc4916

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\Manifests\libEGL.dll_0x644bf0c5c7aa753f2d2061f963fc7eb8.2.manifest.__tmp__

Filesize
413B

MD5
c85878fb257526a2150e18418afaff9a

SHA1
6d289d8dc01878b76363230a6fc9b45f441211df

SHA256
345e408007eb977bfcf3107dbc21e32749ebcbfba6277d195c2fe5e88d11dd59

SHA512
1be52d75d9bdd0ee5bee6ea78b1e637a679aeff84d69382fe7bb0b630f170265c97d5de4f6588663df5e43795624ea039d715bcc539235fdd1c0b7d5943c9b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\aswCmnOS.dll\aswCmnOS.dll.manifest.__tmp__

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\TuneupSvc.exe_0x2F734296E8490FB8983A4C82837605A2.1.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\aswCmnBS.dll_0x51A1693D2349EFF672980681ADDB603A.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\aswCmnIS.dll_0x13B820529D74E6BA722D1007B3FE6826.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\aswCmnOS.dll_0x20A6C326A1F461D97D342C325F0398AC.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\aswIP.dll_0x68EB0775DD28A9B5188A99911892F9FB.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\commchannel.dll_0x3239BD49CF95AABF04EBBB3F1497070C.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\dll_loader.dll_0x10B1457891E733E7636D6A1071EDD157.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\module_lifetime.dll_0x4D6855F0609434AE63AF21057B209087.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\manifests\vaarclient.dll_0xB62713AD54E727AE6C6AABB661ACB41F.2.manifest

Filesize
595B

MD5
db4c534e81217f60669ddb7afd881b8c

SHA1
aca91a0f87c8da0afe5df45adc83b591e04a619c

SHA256
bddfd2cf1d9df4a56f4a8fc07ecaae86b6377dd8e2ee18ccb7f5a4c21fde6901

SHA512
2feefa598cda96c384141d6b9fd2f9617a8ca9bc994341385ebfb64dd1397595980021388266ae96287687de6c87a7d81e3e886a69ce5c198b0005438f0e43db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\tulogcollector.exe\tulogcollector.exe.manifest.__tmp__

Filesize
2KB

MD5
04acce1eb9af5d5b1d3cc438989de5f0

SHA1
251e9f1109a4556c2379d79e26a519b12a4b6aeb

SHA256
49a540806148504d609d8c3ac083629c29972015907e36d6d4937bc7b8835255

SHA512
96565b462315cb27055da83c60582058c3c7d32614207fac1a3cfe2cd5406fd5a7aed8e1af0dba5ffadb38879bab5c75ad51c114a7ec4e9d7ff0b9cf1fd2d476

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\MSVCP140.dll

Filesize
429KB

MD5
d25c3ff7a4cbbffc7c9fff4f659051ce

SHA1
02fe8d84d7f74c2721ff47d72a6916028c8f2e8a

SHA256
9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5

SHA512
945fe55b43326c95f1eee643d46a53b69a463a88bd149f90e9e193d71b84f4875455d37fd4f06c1307bb2cdbe99c1f6e18cb33c0b8679cd11fea820d7e728065

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\VCRUNTIME140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
ec4f2cb68dcf7e96516eb284003be8bb

SHA1
fb9237719b5e21b9db176e41bdf125e6e7c01b11

SHA256
3816bbb7dd76d8fc6a7b83a0ed2f61b23dd5fc0843d3308ee077cb725d5c9088

SHA512
6cbda80c476a9fcf46458cac45229c96dc9df251230531e25088e834cd954db9ff4561e744f76495f9c57a4068b7635c72c6f9ff838436c54142297ee310b236

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
b9287eb7bcbfdcec2e8d4198fd266509

SHA1
1375b6ff6121ec140668881f4a0b02f0c517f6c7

SHA256
096409422ecd1894e4d6289fd2d1c7490bd83daff0c1e3d16c36c78bd477b895

SHA512
b86348d3f42d0ff465066a14c281088c73ec5e03efacdaabe27a410b054a8a81b438d7e5d030b0d95f53b07783911b8b8200581d4e0b6f1b3cc79f4aae1d67df

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
dbb81fcc74c59490008ee59bffff5a6d

SHA1
edbb465ab3bea3a4df3f05e5a4e816edbe195c3b

SHA256
f33e6ac5d3e1c4f1d89564fb6aeeac170486c073b67694380755049dbc48eec1

SHA512
2847a73e952bd5f2448264e0bfc8dc1dcd37f8b02d6d6f525ef0cb69c8e634fdcc4637876361b22c53244659039ed305c015435834b61eea15015fed45e9c374

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
f61b9ecb79cd20fc2e8fce87286cfe43

SHA1
7a48accbe43e156f886f1f2836f74e1043feec59

SHA256
bfa24f94ba095174b82d3657f8ecc689eab8ff380c69b1c9a7e311eb70d66386

SHA512
42ab62087bbc9fc9c9003ae96ebb9e9bbfa3db4eb74bd6746da035d53d1002015d8482ecb92620ec65c42b8b2b41d9b0a7793e105b0cf8cb6f713a2bc03241db

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
e4110aa5c8a32b63de2c85e0bc297c54

SHA1
6039680f47750cf56d0c9a1768de815a44b83de7

SHA256
01bb32d692b86ebb39a76893125e0f3aaf957c6e4bd682fb46eac32f6fb65be7

SHA512
0631ea8224403ca113dff9b17852e92c1fcb2820e4f335b668b12689d2a8f058ba33905692f2fd0f4897f8f766db816747ec95478d854b75a0803d2c899e6d98

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
00b548bf3eab7a6debce296ee5e877de

SHA1
ae18022eb78c192ac3baee32664b9eb011194772

SHA256
d592b91a087c001f9ea38dc5912a90c78fad3a368879d04fd7e5650ed374c8dc

SHA512
3ba15d9a0f1680c2b182cf04fbbfcb0d4f1b607519c161c590928930ad1b3eba8bd417575a51305b9552f0abf0064c74267336ec09cea709aed9228e4eac799e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
94e386a317faa200aa1dc270ce54e5fd

SHA1
e352ced285c04378bc3f6af4b30fa69df70b8974

SHA256
e4ccd13d5861e3e28984fc7263d79b580a0bc7bbe0d234ed8f1a69706ef908f3

SHA512
f622d303adecdce6ff88acc779d108556c2fdbe1f4140092d2d637c2fc1aaf651c1798291239e1334aabea702d7d380150922abd4e0122cbfc9c079a64dc0e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
e8ccecac4f06679b9d5e77333d216ee0

SHA1
377363813d0fc18083bdb0456a66efb6598a763a

SHA256
2cf24c6aac48261ab04eb616e85dd707417697764f860fc29dd3955dd2c49226

SHA512
e37db74e11138639e3bb02270589f977bfd803d450ff098d474ca461fd1fabc8e646a177a2082fd0a901fbe15225c4d352567a561c453f56ad8e0097838b945e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
42153324a982f848d7a49bb7406125c2

SHA1
f0878690d23ad0c905f0a6ec37e9ea1edb813195

SHA256
fcd8b213e2e9962b84d1eec4296bbefdf4465398a235e118be12c878fdc08c05

SHA512
1710b3fd90210dd6603f2104de249704cad9d83acdc0c6b96ac24e20c4913679b1e4ee41bb7812d919ba76cadb36f7bd8210ee127325fd9db6b542cf2d0b7f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
aad41d33906cfdb31681ce8276648481

SHA1
6367d1990873c5af2f5d05d31ea083fb8b127883

SHA256
242cb185643df586a5f55735e8810b8d2b6b095c78be206e42cdaae7665bb2cf

SHA512
43b2cf09fcb13211f5bcab6942050e03dfb9ce36b727727f7c764df3754f332f04dc81f411e55caeecfa676c43dd1e977f29b0042c485babaaad609c239a84a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
bc75b80a80802146e79c383c94542f06

SHA1
7da2020a855ea6c003d905551a28af456e7519c2

SHA256
81a7a98e11ae94236f34a82a0d450a1100a9b8e752205248de0037a764b91a07

SHA512
0b6a8f6809f1a39c90bfe58ef0d05d997be307cb18771ff8fed6539bf7e19ee8cc3bedc44e1c22f34441db9b82a6470d3814fc7465d1ea82fa30d37278a0fe65

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
1028042a84aefe816280f22a4517dc68

SHA1
b3437beb0e5a6a062678a0b32cea98f3c5e33580

SHA256
4a88f73cae12080b9a637f76f8ab1b8ac29829817ff03ddd611a25b6981ee573

SHA512
1da4a2d152943447950ae5de80360741c8a827647d1568c18b026376645f15cc9b5d1915dbdb43278adeac1423b20d6e1c97f6ad67ce724a0d91ec84c4e5250c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
b7e1023ebbf0e5018c58b5488c03a643

SHA1
b10d3a570d4a44b87480d015aac4d04ef3f0a355

SHA256
e7238f5e38d3991e9d6219255e8cd951d6dd431402c4b4b295a68bd43efa3d48

SHA512
c5536416aeba4b37931e2961a29ea4c8679f6d942289325c9067d46b36797e404c0d8dfd01ce997e89bd42a7f084029d2f2d3cd7485b8cec5e66db50ac1df565

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
2f10f2255271b09d58af75f58476899c

SHA1
ca37f8e4c99fb178e718e99eed286d1ef32b00fc

SHA256
24bc147f7c8a2dfcbe9296d83ce75a1f2c02076d8f6e6c81f6032c927ed5888a

SHA512
74d85f5a40bd22eb9c85973bda5e596c3688096dc78fb6984f84ded4757ae82d77894c4cae0f24de77d211bbd869f9a4120a104d7c2ed161b4bb7b8568cf5103

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
65fe48962755451a1a5bab26e6fd978d

SHA1
d1322c477fe4ff61eedf9433b8deddee27f5adb9

SHA256
5a3d9a0a2c1f9b14cb52d9cce92b761ec1fe0460ea7d994179c96648455ead84

SHA512
940269af2c3a8b5b43ca936df1bb5338ae5166f04c34a163b5938895d19bdd7eadc156add1b96b5508e06088419a7d8f466f40bf01e64b4c547fbc1b20328ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
a3eccd7f2f2c45d1553055593278645a

SHA1
23cd6aed1b198ca515d7adb213efae780fbf0537

SHA256
d51dfd972e6df5e8185dce0b4eb26dccb0527c5f1c63bc081677335f69b92b67

SHA512
1dbf60f5df95e72b98b72faccb52f83585bc0bc5b1f65c259e8568d812461b738bb37c96e72e2f272370788cc7dcd7a8e5a698d9fb2c773ce0e17978c19ef858

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
c8f1a3b19e5103751202010805bce5c9

SHA1
179cf585ce939d05f9610d4b684e4dda6f452f76

SHA256
d5e2fb8495bbbfb66b2612cd5179c1a5f4746dcdd043ecd474363ffe4a8deb4f

SHA512
879fbe66e5440cbe01bd1814a36345fce6454196c8457969d2ee9e93b749df91d0d95b1da1d368063b7ef2a3ed538449b456eb2c7507a27de60105a0d37dcb71

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
e0aeba2d9d9ae584d6c1aa0f5929526b

SHA1
3f97b977d8877398d350b373fd441867167bd2ba

SHA256
4eca5b9e5be5750b0bc03fd74b6d5e351cb6d70fd63d5f740a1a122f906390e0

SHA512
cfa02a7afa052c5149a741500063f110462d272af417c33bedeac6ad3af424b181144c8045adc04a44a54dffca4639ae3c135f23d64bcfb66f7d3aa980143799

Download Submit
C:\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\ucrtbase.DLL

Filesize
899KB

MD5
015b30309491a911e75748ad69c9e680

SHA1
2f2243b6ea99689cd54e45b67d9b7d98847f904c

SHA256
dd32570b8183a8b117233333153da29cc8d2ac5b1c868440dd852d9c3f77baf5

SHA512
51159e407021ce78ad64ea91a5e53f59ee15d6d74b9c2891cd6dd532cae3f1d388198e0cd78648ce067e82fa7f01050b4773d95c5c827439f094b289f0ee0ac8

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe

Filesize
8.3MB

MD5
2f734296e8490fb8983a4c82837605a2

SHA1
0ad670b972abc1c7e96404a67f20ed36f957913b

SHA256
15b3ee38a3931df48f3e7d15bf444bf0990452890b74699d3f9d52180c86c1ce

SHA512
06e557b2dd7ab504a043f95ba1667a385536e12f3d43244777929ab18b07ebc8e4fa3951fbcd8494cf540c05bb0830db3e0c806f76ccd3953415b16279c3a886

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe

Filesize
8.3MB

MD5
2f734296e8490fb8983a4c82837605a2

SHA1
0ad670b972abc1c7e96404a67f20ed36f957913b

SHA256
15b3ee38a3931df48f3e7d15bf444bf0990452890b74699d3f9d52180c86c1ce

SHA512
06e557b2dd7ab504a043f95ba1667a385536e12f3d43244777929ab18b07ebc8e4fa3951fbcd8494cf540c05bb0830db3e0c806f76ccd3953415b16279c3a886

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe

Filesize
8.3MB

MD5
2f734296e8490fb8983a4c82837605a2

SHA1
0ad670b972abc1c7e96404a67f20ed36f957913b

SHA256
15b3ee38a3931df48f3e7d15bf444bf0990452890b74699d3f9d52180c86c1ce

SHA512
06e557b2dd7ab504a043f95ba1667a385536e12f3d43244777929ab18b07ebc8e4fa3951fbcd8494cf540c05bb0830db3e0c806f76ccd3953415b16279c3a886

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\TuneupSvc.exe

Filesize
8.3MB

MD5
2f734296e8490fb8983a4c82837605a2

SHA1
0ad670b972abc1c7e96404a67f20ed36f957913b

SHA256
15b3ee38a3931df48f3e7d15bf444bf0990452890b74699d3f9d52180c86c1ce

SHA512
06e557b2dd7ab504a043f95ba1667a385536e12f3d43244777929ab18b07ebc8e4fa3951fbcd8494cf540c05bb0830db3e0c806f76ccd3953415b16279c3a886

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\modified\@PROGRAMFILESX86@\AVAST Software\Avast Cleanup\commchannel.dll

Filesize
1.3MB

MD5
3239bd49cf95aabf04ebbb3f1497070c

SHA1
fb8ff94a856079af07da810c4d9e56f8bc74b053

SHA256
75c6e8d23f116ad3b876cca14c0e2ce605e2416b542385b64239d31ac2926a76

SHA512
f8dab59b4acb499f0a41169a753c52ef187ce914897689ca1d4cb64ee233f86ba4c305fefbf47b26e5e627ae29cd72921bb81601557ef131dc2cd6ba6f152843

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\stubexe\0x1826AD1C7EF976A9\TuneupSvc.exe

Filesize
27KB

MD5
d6be6f7d0da63625528ace555b026d7d

SHA1
bc88792bfb566579b213f0b0c5cb773c6830c126

SHA256
013c80f39638beb1a745533ac616333e318964a13c89d81d57e4143b2abe8e93

SHA512
373170d9e00cbf6d740a58b503ff9b8dda9bf310e78a0a5fdc62c0b84c80a208f4b2885377cd48692457966e84c89703c3142091909ec318913c8ccb3a1dc4cd

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\temp\872_00400000_tls.dll

Filesize
1024B

MD5
0290c502c5a132357c83b1fcb71f4ed4

SHA1
d087a69a16a258d126659ed999a863f4361ef4a6

SHA256
f46938e6d3178b648ac1b01a1704de4b6682ff212aac260cb51fc850cbe4b480

SHA512
70e2112ae7e847f8a447903212227bda52a9bc504d8b47805848705d142076d27d0a7c51013d7ab9c5f188f8ea8c492f2e8fea193e55f479aeed6ad6b2c8b223

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\temp\872_00eb0000_tls.dll

Filesize
1024B

MD5
3ff8c1fa7ac2187ba7007c61e5c8dd19

SHA1
c2120ec2e46c30c36e39a26042c400def99e911e

SHA256
95feb70544a4dcbf1770972a7c18426b4b3a12ced675a1125bbc7bdad351159b

SHA512
3c47fcab8016b8f3330ab7bb9737c075598721bdfd309686be955a9c89a6abaa1c03191356b4a934ee7d6e02c68f938313534b3350b70ee9263a650f76368cd3

Download Submit
\Users\Admin\AppData\Local\Temp\Data\Avast Cleanup \local\temp\872_74bc0000_tls.dll

Filesize
1024B

MD5
f322812d10897be0852cdbe10d4be3f2

SHA1
88d498d89bf25e5ea4cf1056c748c6dd6ab7ce9d

SHA256
77f94812cefff1066b81056673696359ce913e9eaed32b453738b38876090eea

SHA512
3a6132094b6176130ada856f3517959ea214bba720c626ed4e851e793975e2341359e95650f2645f5429ce4329ff58b59fcfb97eb3e140272116bd544599cfbc

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
ec4f2cb68dcf7e96516eb284003be8bb

SHA1
fb9237719b5e21b9db176e41bdf125e6e7c01b11

SHA256
3816bbb7dd76d8fc6a7b83a0ed2f61b23dd5fc0843d3308ee077cb725d5c9088

SHA512
6cbda80c476a9fcf46458cac45229c96dc9df251230531e25088e834cd954db9ff4561e744f76495f9c57a4068b7635c72c6f9ff838436c54142297ee310b236

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
b9287eb7bcbfdcec2e8d4198fd266509

SHA1
1375b6ff6121ec140668881f4a0b02f0c517f6c7

SHA256
096409422ecd1894e4d6289fd2d1c7490bd83daff0c1e3d16c36c78bd477b895

SHA512
b86348d3f42d0ff465066a14c281088c73ec5e03efacdaabe27a410b054a8a81b438d7e5d030b0d95f53b07783911b8b8200581d4e0b6f1b3cc79f4aae1d67df

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
dbb81fcc74c59490008ee59bffff5a6d

SHA1
edbb465ab3bea3a4df3f05e5a4e816edbe195c3b

SHA256
f33e6ac5d3e1c4f1d89564fb6aeeac170486c073b67694380755049dbc48eec1

SHA512
2847a73e952bd5f2448264e0bfc8dc1dcd37f8b02d6d6f525ef0cb69c8e634fdcc4637876361b22c53244659039ed305c015435834b61eea15015fed45e9c374

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
f61b9ecb79cd20fc2e8fce87286cfe43

SHA1
7a48accbe43e156f886f1f2836f74e1043feec59

SHA256
bfa24f94ba095174b82d3657f8ecc689eab8ff380c69b1c9a7e311eb70d66386

SHA512
42ab62087bbc9fc9c9003ae96ebb9e9bbfa3db4eb74bd6746da035d53d1002015d8482ecb92620ec65c42b8b2b41d9b0a7793e105b0cf8cb6f713a2bc03241db

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
e4110aa5c8a32b63de2c85e0bc297c54

SHA1
6039680f47750cf56d0c9a1768de815a44b83de7

SHA256
01bb32d692b86ebb39a76893125e0f3aaf957c6e4bd682fb46eac32f6fb65be7

SHA512
0631ea8224403ca113dff9b17852e92c1fcb2820e4f335b668b12689d2a8f058ba33905692f2fd0f4897f8f766db816747ec95478d854b75a0803d2c899e6d98

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
00b548bf3eab7a6debce296ee5e877de

SHA1
ae18022eb78c192ac3baee32664b9eb011194772

SHA256
d592b91a087c001f9ea38dc5912a90c78fad3a368879d04fd7e5650ed374c8dc

SHA512
3ba15d9a0f1680c2b182cf04fbbfcb0d4f1b607519c161c590928930ad1b3eba8bd417575a51305b9552f0abf0064c74267336ec09cea709aed9228e4eac799e

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-convert-l1-1-0.dll

Filesize
22KB

MD5
94e386a317faa200aa1dc270ce54e5fd

SHA1
e352ced285c04378bc3f6af4b30fa69df70b8974

SHA256
e4ccd13d5861e3e28984fc7263d79b580a0bc7bbe0d234ed8f1a69706ef908f3

SHA512
f622d303adecdce6ff88acc779d108556c2fdbe1f4140092d2d637c2fc1aaf651c1798291239e1334aabea702d7d380150922abd4e0122cbfc9c079a64dc0e76

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
e8ccecac4f06679b9d5e77333d216ee0

SHA1
377363813d0fc18083bdb0456a66efb6598a763a

SHA256
2cf24c6aac48261ab04eb616e85dd707417697764f860fc29dd3955dd2c49226

SHA512
e37db74e11138639e3bb02270589f977bfd803d450ff098d474ca461fd1fabc8e646a177a2082fd0a901fbe15225c4d352567a561c453f56ad8e0097838b945e

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
20KB

MD5
42153324a982f848d7a49bb7406125c2

SHA1
f0878690d23ad0c905f0a6ec37e9ea1edb813195

SHA256
fcd8b213e2e9962b84d1eec4296bbefdf4465398a235e118be12c878fdc08c05

SHA512
1710b3fd90210dd6603f2104de249704cad9d83acdc0c6b96ac24e20c4913679b1e4ee41bb7812d919ba76cadb36f7bd8210ee127325fd9db6b542cf2d0b7f69

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-heap-l1-1-0.dll

Filesize
19KB

MD5
aad41d33906cfdb31681ce8276648481

SHA1
6367d1990873c5af2f5d05d31ea083fb8b127883

SHA256
242cb185643df586a5f55735e8810b8d2b6b095c78be206e42cdaae7665bb2cf

SHA512
43b2cf09fcb13211f5bcab6942050e03dfb9ce36b727727f7c764df3754f332f04dc81f411e55caeecfa676c43dd1e977f29b0042c485babaaad609c239a84a9

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
bc75b80a80802146e79c383c94542f06

SHA1
7da2020a855ea6c003d905551a28af456e7519c2

SHA256
81a7a98e11ae94236f34a82a0d450a1100a9b8e752205248de0037a764b91a07

SHA512
0b6a8f6809f1a39c90bfe58ef0d05d997be307cb18771ff8fed6539bf7e19ee8cc3bedc44e1c22f34441db9b82a6470d3814fc7465d1ea82fa30d37278a0fe65

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
1028042a84aefe816280f22a4517dc68

SHA1
b3437beb0e5a6a062678a0b32cea98f3c5e33580

SHA256
4a88f73cae12080b9a637f76f8ab1b8ac29829817ff03ddd611a25b6981ee573

SHA512
1da4a2d152943447950ae5de80360741c8a827647d1568c18b026376645f15cc9b5d1915dbdb43278adeac1423b20d6e1c97f6ad67ce724a0d91ec84c4e5250c

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
26KB

MD5
b7e1023ebbf0e5018c58b5488c03a643

SHA1
b10d3a570d4a44b87480d015aac4d04ef3f0a355

SHA256
e7238f5e38d3991e9d6219255e8cd951d6dd431402c4b4b295a68bd43efa3d48

SHA512
c5536416aeba4b37931e2961a29ea4c8679f6d942289325c9067d46b36797e404c0d8dfd01ce997e89bd42a7f084029d2f2d3cd7485b8cec5e66db50ac1df565

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
2f10f2255271b09d58af75f58476899c

SHA1
ca37f8e4c99fb178e718e99eed286d1ef32b00fc

SHA256
24bc147f7c8a2dfcbe9296d83ce75a1f2c02076d8f6e6c81f6032c927ed5888a

SHA512
74d85f5a40bd22eb9c85973bda5e596c3688096dc78fb6984f84ded4757ae82d77894c4cae0f24de77d211bbd869f9a4120a104d7c2ed161b4bb7b8568cf5103

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
24KB

MD5
65fe48962755451a1a5bab26e6fd978d

SHA1
d1322c477fe4ff61eedf9433b8deddee27f5adb9

SHA256
5a3d9a0a2c1f9b14cb52d9cce92b761ec1fe0460ea7d994179c96648455ead84

SHA512
940269af2c3a8b5b43ca936df1bb5338ae5166f04c34a163b5938895d19bdd7eadc156add1b96b5508e06088419a7d8f466f40bf01e64b4c547fbc1b20328ed7

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-string-l1-1-0.dll

Filesize
24KB

MD5
a3eccd7f2f2c45d1553055593278645a

SHA1
23cd6aed1b198ca515d7adb213efae780fbf0537

SHA256
d51dfd972e6df5e8185dce0b4eb26dccb0527c5f1c63bc081677335f69b92b67

SHA512
1dbf60f5df95e72b98b72faccb52f83585bc0bc5b1f65c259e8568d812461b738bb37c96e72e2f272370788cc7dcd7a8e5a698d9fb2c773ce0e17978c19ef858

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
c8f1a3b19e5103751202010805bce5c9

SHA1
179cf585ce939d05f9610d4b684e4dda6f452f76

SHA256
d5e2fb8495bbbfb66b2612cd5179c1a5f4746dcdd043ecd474363ffe4a8deb4f

SHA512
879fbe66e5440cbe01bd1814a36345fce6454196c8457969d2ee9e93b749df91d0d95b1da1d368063b7ef2a3ed538449b456eb2c7507a27de60105a0d37dcb71

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
e0aeba2d9d9ae584d6c1aa0f5929526b

SHA1
3f97b977d8877398d350b373fd441867167bd2ba

SHA256
4eca5b9e5be5750b0bc03fd74b6d5e351cb6d70fd63d5f740a1a122f906390e0

SHA512
cfa02a7afa052c5149a741500063f110462d272af417c33bedeac6ad3af424b181144c8045adc04a44a54dffca4639ae3c135f23d64bcfb66f7d3aa980143799

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\msvcp140.dll

Filesize
429KB

MD5
d25c3ff7a4cbbffc7c9fff4f659051ce

SHA1
02fe8d84d7f74c2721ff47d72a6916028c8f2e8a

SHA256
9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5

SHA512
945fe55b43326c95f1eee643d46a53b69a463a88bd149f90e9e193d71b84f4875455d37fd4f06c1307bb2cdbe99c1f6e18cb33c0b8679cd11fea820d7e728065

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\ucrtbase.dll

Filesize
899KB

MD5
015b30309491a911e75748ad69c9e680

SHA1
2f2243b6ea99689cd54e45b67d9b7d98847f904c

SHA256
dd32570b8183a8b117233333153da29cc8d2ac5b1c868440dd852d9c3f77baf5

SHA512
51159e407021ce78ad64ea91a5e53f59ee15d6d74b9c2891cd6dd532cae3f1d388198e0cd78648ce067e82fa7f01050b4773d95c5c827439f094b289f0ee0ac8

Download Submit
\Users\Admin\AppData\Local\Temp\SPOON\CACHE\0x6D1AD04BBD6DF041\sxs\[email protected]\vcruntime140.dll

Filesize
81KB

MD5
a2523ea6950e248cbdf18c9ea1a844f6

SHA1
549c8c2a96605f90d79a872be73efb5d40965444

SHA256
6823b98c3e922490a2f97f54862d32193900077e49f0360522b19e06e6da24b4

SHA512
2141c041b6bdbee9ec10088b9d47df02bf72143eb3619e8652296d617efd77697f4dc8727d11998695768843b4e94a47b1aed2c6fb9f097ffc8a42ca7aaaf66a

Download Submit
memory/872-366-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-466-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-422-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-417-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-412-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-406-0x0000000075070000-0x0000000075072000-memory.dmp

Filesize
8KB

Download
memory/872-403-0x0000000000EB0000-0x0000000000F75000-memory.dmp

Filesize
788KB

Download
memory/872-398-0x0000000000EB0000-0x0000000000F75000-memory.dmp

Filesize
788KB

Download
memory/872-397-0x0000000000400000-0x0000000000C43000-memory.dmp

Filesize
8.3MB

Download
memory/872-383-0x0000000000400000-0x0000000000C43000-memory.dmp

Filesize
8.3MB

Download
memory/872-373-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-370-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-371-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/872-1319-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-367-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-369-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-365-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-467-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-468-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-469-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-481-0x0000000075060000-0x0000000075062000-memory.dmp

Filesize
8KB

Download
memory/872-364-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-363-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-362-0x0000000001C70000-0x0000000001FBC000-memory.dmp

Filesize
3.3MB

Download
memory/872-698-0x0000000074BB0000-0x0000000074BB2000-memory.dmp

Filesize
8KB

Download
memory/872-465-0x0000000000D90000-0x0000000000D9D000-memory.dmp

Filesize
52KB

Download
memory/872-1320-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1248-1086-0x0000000001850000-0x0000000001B9C000-memory.dmp

Filesize
3.3MB

Download
memory/1248-1209-0x0000000073FE0000-0x0000000073FE2000-memory.dmp

Filesize
8KB

Download
memory/1248-1449-0x0000000001850000-0x0000000001B9C000-memory.dmp

Filesize
3.3MB

Download
memory/1248-1089-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1248-1210-0x0000000073FB0000-0x0000000073FB2000-memory.dmp

Filesize
8KB

Download
memory/1624-68-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download
memory/1624-64-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-75-0x0000000010000000-0x000000001006B000-memory.dmp

Filesize
428KB

Download
memory/1624-70-0x0000000010000000-0x000000001006B000-memory.dmp

Filesize
428KB

Download
memory/1624-66-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-69-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-59-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-65-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-63-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-76-0x0000000010000000-0x000000001006B000-memory.dmp

Filesize
428KB

Download
memory/1624-60-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-61-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1191-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-62-0x0000000000A80000-0x0000000000DCC000-memory.dmp

Filesize
3.3MB

Download
memory/1624-77-0x0000000010000000-0x000000001006B000-memory.dmp

Filesize
428KB

Download
memory/1624-79-0x0000000010000000-0x000000001006B000-memory.dmp

Filesize
428KB

Download
memory/1624-78-0x0000000010000000-0x000000001006B000-memory.dmp

Filesize
428KB

Download
memory/1624-87-0x0000000010000000-0x000000001006B000-memory.dmp

Filesize
428KB

Download
memory/1624-1207-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download