Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-06-2024 09:56

General

  • Target

    bbdc50a409493a675c15ff7873171c308df7c484cf8ba885f1ace3c19ef19294.exe

  • Size

    253KB

  • MD5

    e7208a8bcf7ba018829dfc724a6fd348

  • SHA1

    116d66e15e78b5739c926890edf8fc9ca56a745c

  • SHA256

    bbdc50a409493a675c15ff7873171c308df7c484cf8ba885f1ace3c19ef19294

  • SHA512

    28273d3d558f2eda81f64df6c9e0ebca9ec82f8f57b9f2eb2d122d80afb0ee5b1489484303f7ab6ded2430ca40c8d77e540bff25123967ec3357fab3497768ee

  • SSDEEP

    3072:CKs2murv7P87bIW89bUnOF+Pzb2bXk1/EBW3i59+Y9f2BSvupDhpbNDvPTzBDhsm:CTurvj0MUnP2bXe/EA3hYQou/pxkp0ZT

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 11 IoCs
  • Checks for any installed AV software in registry 1 TTPs 52 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbdc50a409493a675c15ff7873171c308df7c484cf8ba885f1ace3c19ef19294.exe
    "C:\Users\Admin\AppData\Local\Temp\bbdc50a409493a675c15ff7873171c308df7c484cf8ba885f1ace3c19ef19294.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:2748
    • C:\Windows\Temp\asw.0823071b187b5af6\avast_free_antivirus_setup_online_x64.exe
      "C:\Windows\Temp\asw.0823071b187b5af6\avast_free_antivirus_setup_online_x64.exe" /cookie:mmm_ava_012_999_a6h_m /ga_clientid:58891209-c0e0-472c-b650-cbe8bcde0e69 /edat_dir:C:\Windows\Temp\asw.0823071b187b5af6
      2⤵
      • Executes dropped EXE
      • Checks for any installed AV software in registry
      • Writes to the Master Boot Record (MBR)
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:440
      • C:\Windows\Temp\asw.6d7e615ab4a23e6e\instup.exe
        "C:\Windows\Temp\asw.6d7e615ab4a23e6e\instup.exe" /sfx:lite /sfxstorage:C:\Windows\Temp\asw.6d7e615ab4a23e6e /edition:1 /prod:ais /stub_context:b5cebbc0-2a2b-4bd6-aaab-7e83669a5455:9897680 /guid:55c4e2b6-d9db-452d-899e-a77d56e0f637 /ga_clientid:58891209-c0e0-472c-b650-cbe8bcde0e69 /cookie:mmm_ava_012_999_a6h_m /ga_clientid:58891209-c0e0-472c-b650-cbe8bcde0e69 /edat_dir:C:\Windows\Temp\asw.0823071b187b5af6
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks for any installed AV software in registry
        • Writes to the Master Boot Record (MBR)
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2132
        • C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\instup.exe
          "C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\instup.exe" /sfx /sfxstorage:C:\Windows\Temp\asw.6d7e615ab4a23e6e /edition:1 /prod:ais /stub_context:b5cebbc0-2a2b-4bd6-aaab-7e83669a5455:9897680 /guid:55c4e2b6-d9db-452d-899e-a77d56e0f637 /ga_clientid:58891209-c0e0-472c-b650-cbe8bcde0e69 /cookie:mmm_ava_012_999_a6h_m /edat_dir:C:\Windows\Temp\asw.0823071b187b5af6 /online_installer
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks for any installed AV software in registry
          • Writes to the Master Boot Record (MBR)
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:996
          • C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe
            "C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe" -checkGToolbar -elevated
            5⤵
            • Executes dropped EXE
            PID:2304
          • C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe
            "C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe" /check_secure_browser
            5⤵
            • Executes dropped EXE
            PID:2704
          • C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe
            "C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe" -checkChrome -elevated
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3460
          • C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe
            "C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AVFC
            5⤵
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:952
            • C:\Users\Public\Documents\aswOfferTool.exe
              "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AVFC
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2612
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4340 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1364

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Persistence

    Pre-OS Boot

    1
    T1542

    Bootkit

    1
    T1542.003

    Defense Evasion

    Pre-OS Boot

    1
    T1542

    Bootkit

    1
    T1542.003

    Discovery

    Software Discovery

    1
    T1518

    Security Software Discovery

    1
    T1518.001

    Query Registry

    1
    T1012

    System Information Discovery

    1
    T1082

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
      Filesize

      27KB

      MD5

      c8be734878bf01808f48dfb8dbe22086

      SHA1

      96124b2e2d42963102ea493094e5ec680064c23d

      SHA256

      420fba717929b81d16e644ed0f14a93d03ac183c4676110585234d915f578dbb

      SHA512

      6be875833d2fd2c811b6c12fd4c4b388170bb3b41a5f236e205ec426259189a431f5dba3f74841f917b7fbbfc139cbf8c33822897e7e5fafdb66c3d4a929d295

    • C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\Setup.log
      Filesize

      1KB

      MD5

      16e10629323067b179a0d0d0a734a854

      SHA1

      06a80722700fa689a64ef1fadbc73e70fd17d229

      SHA256

      d97e8b9dd69ab281c8eb65891e290369baeb11679ce828acbfaf86ccf085e9ca

      SHA512

      7a87195125e63fd29c4fdb261dacbd0d66b5359fe1fb4e9c53ce956df8aea85177989a19e807952b51d3b5e47f7b36519c7037287a1b9903409986ecaa8cd462

    • C:\ProgramData\Avast Software\Persistent Data\Avast\Logs\event_manager.log
      Filesize

      142B

      MD5

      92f7a7403dc656dbf95bff68161095ca

      SHA1

      323983e7bf2ddf1d019af490310a7a9cdb904cc6

      SHA256

      17ce269b6cc589cb8025d90f5f9fd54f906859c18f9bba06c703efd367d3c1ab

      SHA512

      2b119919de921732f89d75a87c59f03f9b3b393f23815954a7bf7006c3623541748f5c61a7723a5fb4925658cac0134e2cff23cc24ecc450044e763ea1c346bc

    • C:\Windows\Temp\asw.0823071b187b5af6\avast_free_antivirus_setup_online_x64.exe
      Filesize

      9.4MB

      MD5

      54aaadc43b9a0a026a86db8d350a2cd3

      SHA1

      d1b767200495717f9abbd808c3b38079c64be877

      SHA256

      de1fa4badf89ecf4beedfd8f00f79e145e3f492be540e0964ef7468213a20844

      SHA512

      1d75da2ad226d1a6e744854a49b05416db10d4ef68ddf0d7d2d93f01b30a28cb84ae2b1a9c9ddc1817781a98409ed9556c02822f57965ab6f8865e3c55c36f3a

    • C:\Windows\Temp\asw.0823071b187b5af6\ecoo.edat
      Filesize

      21B

      MD5

      245f1a8571179f960b43703c405e11ec

      SHA1

      ac9a4d13c7f9907a81f13c0419344d48fdda7e1c

      SHA256

      d30d2c1e8781e93bc5c713e7c01890c459c65e8bc356034ed74ae2d63dd288fe

      SHA512

      906e7e1b0b9666bf7925696b0e39af1dc6d601e717b585ef4efc03ba503fcff43acea7655419974cc1b7f379b5c1564cdd48bc75a23eec83a715cb66cb5e65c4

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\HTMLayout.dll
      Filesize

      4.0MB

      MD5

      39a20f9d67d6d4bac0ff081c62b13996

      SHA1

      b5b6b70e943a96a8697f07759245702e026be7e7

      SHA256

      825288012e4c15035b3d7fdfda396912b83992bf0683f9d2a5d55dfa1306b5a1

      SHA512

      798f6616b4f07bc75c5833a906735c1cc44d2ac044ceed4119005601e6f0266327ffb4819a44bac49bc0cde8b2ac7a021d098a12da586689de1119914e2032b0

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\Instup.dll
      Filesize

      18.1MB

      MD5

      3b6abc970f7227284d87acd2d95c7c5a

      SHA1

      02b1248aa23cb8aee91b06a9b8b044fa93b469b1

      SHA256

      ecf706e38e489c6840b68db5b6fdb4687a175ec6c325c8673f27f7cbf01234fa

      SHA512

      bd06e9599fee8ac872ad6cb5e539a78137daf8b831eb7be3df8bc773d91f9eb4883d01404b7c6724997e6ec1526af213ed1988780c9e40ba98227649ee91a2b1

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\Instup.exe
      Filesize

      3.6MB

      MD5

      4aed041ad383def5407e438fd5597675

      SHA1

      6a5d6ddeb83b4e6425cc77190b0539b6e5dffbc4

      SHA256

      1cb887579ece5a1d11832d0543f0b02c338ac8581d54909bc641abe13e294abf

      SHA512

      4b2c07668565f4a01f4e7f124e1050bd12228dc2547a00add12921b2300a71588387d8c2d3c0de4303222c5ea2e65bfafe2ab342417d2c5ab8ac300c40d5c171

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\New_180517e4\gcapi.dll
      Filesize

      867KB

      MD5

      3ead47f44293e18d66fb32259904197a

      SHA1

      e61e88bd81c05d4678aeb2d62c75dee35a25d16b

      SHA256

      e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

      SHA512

      927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\asw3f5da6f46c390b44.ini
      Filesize

      1KB

      MD5

      9929a08ded5edd34efefb669a51284fb

      SHA1

      90442a01a9efe1c1dd73f4a3b0498877711bb397

      SHA256

      05cc2cde750b3c238f99b8beff373f9ea9612f66d3d8fd1a1c764eafc2eb4647

      SHA512

      f8c3862d1ff00dafc022eec5c7106f5d06588ee7eff3060da9cbc8b4cb5b05f1e2ca68568a2a1c49cb32a7bd2c887e1a6fbb7816d894c62f81f0bd4ea1cfec91

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\avbugreport_x64_ais-a3d.vpx
      Filesize

      4.7MB

      MD5

      dd9112cf8378dd2dcd7da7652ab7ef4f

      SHA1

      edba0ad6afe5f7d5fef1a68fe6e298285302a205

      SHA256

      01a5da7bd76821e598dd0c145e402f01968a486ec0289304ecbc01e8e3e3545f

      SHA512

      a792118766c8aefdda2f3158e3f20235b3d45e2504a8aa131189034a4c1dce36ef304253794bd73eefa9de1b58666422cba7311e93588b6b05340c23c9b24502

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\avdump_x64_ais-a3d.vpx
      Filesize

      3.3MB

      MD5

      4dae0714e69b6d570b458d2d464ace66

      SHA1

      7b87175b6810ba49fff360affcd27b0b1c163899

      SHA256

      009a8b3c599329995ec197d1c9e5a13ad8bcf0888d6ef434d295b4a7e76ca3e7

      SHA512

      9c5cb5a9893276cc5bfb5baddcfe6584b78bd0387fc731f0e21f963d8515a42fc77b3b8a25291ab0b09910d72193a191cd3f72a2b0dd92f27c89f5a62251a02e

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\config.def
      Filesize

      28KB

      MD5

      da59c9092a31f572c882d563c600a34f

      SHA1

      0ec1cb7f7c16252d637d71e08e9363bfe96a5842

      SHA256

      563c4f5827c6f7a2a52d4dfe22f03e296751b1667566fe9a5ec4a7981c0f1766

      SHA512

      ee9ad7259df259dd6d444b6b8b933f2c6d928a3ed1f0de42598d09fdcdb0af2ae3f64dab888d3d5f4443a8b918e596f0ee28ee874fc9dfeeac422c3a9e107924

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\config.def
      Filesize

      29KB

      MD5

      e2754ccd58ea22c38ebc51e0cb4a7cbb

      SHA1

      0f7a62ce0cd301eb558ccd7e0964b0f7b58c4fcf

      SHA256

      7fb13f32ff72d3e3bf610209cc13e27f34a1b136d32d3d99b800e2ff161ec119

      SHA512

      d688f2b4ba396857c78426258cf2ff0d8bde23a8ebf9c192f315cad059c8290fd9b3690c9cccd9c28474cd860f3ce683be3ffae652e8a93f8b23f4d3784a5260

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\config.def
      Filesize

      36KB

      MD5

      b967e8988fbaa130437c03e6287bbde0

      SHA1

      5232786528a58b8d8ff54a7f4513fbe1b3c1a6f2

      SHA256

      3ab5a6e58fcaaca7f2230493326968b47693d2232a2fe6c223946a14907fed66

      SHA512

      87f0fc084cdbbb35075eef1b11000be72d251bcfa8525c707a83202019f390ce1e3911342f5bd7830b29b8c4d39f744a1b37fe327a92e49bd06d73c8dca9fecf

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\config.ini
      Filesize

      887B

      MD5

      6e177583e031cc9739f4f670410a9ce4

      SHA1

      60201de6eb0603cdc28868141087c769166d5a19

      SHA256

      b90eb02d081e11693c6e5ad97422643185b494cd0949737ec65839a099a2e10b

      SHA512

      6d84cc56380ab2a757d9910f103950619ddc5cba8d38fc2ac36ada4cb35d4a7790ede8ded586586cb9411327632012da3b2011234bee1d036dfed3fc51522e45

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\offertool_x64_ais-a3d.vpx
      Filesize

      2.3MB

      MD5

      83a59fb227b8146aec13b3e5183da115

      SHA1

      c0edcf17207414387cbd193503dec8fc3d88bf4c

      SHA256

      240f009ab1ce95fb23cb1c76f0c944e3acc8567b4198dd6d4de7d8bbf2979919

      SHA512

      317ac6ea8ea54f32614a3623bff1c0193c072c6ee8d845ab1b23575170fe1e1048f71847a23f4a6ef42e33466bd4c4d8a1fe10a2c7c48410c032287de3992560

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\part-jrog2-90.vpx
      Filesize

      211B

      MD5

      a3feee18df3f2ef19f6fe6f493afb123

      SHA1

      005ee607c0f3f6459a30675f906689616ddd99eb

      SHA256

      be994b277f65df1872557d53e7f55c62f3af4b50e744bca93998311363093ec9

      SHA512

      5881f379d63d58ed61467cf9a92cf53f40ed6aca9e6576af29a6dc4602e3200e4a6decb69b0dfac7ae9052de820f5132da881f2cc02a7c5ed0171eda05b241b9

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\part-prg_ais-180517e4.vpx
      Filesize

      74KB

      MD5

      2c670a43751b0f2adb2bbb0f5dd646bb

      SHA1

      74ad4b2eeb00c337bb4902def41353c44aef6e3a

      SHA256

      876f56bdbd1314c4f97757bbb341c908bc1de6acb5fbe8fdbbfdd2e3b1c55bdf

      SHA512

      bd5b7b4996f1c70adb77fb3b590a96cbe673253e05a10c94c2d38ee12d63995fc385c541eaacfd653ffd7e3629673fc539830943d9202ed2c9a04f2c42f8b4d7

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\part-setup_ais-180517e4.vpx
      Filesize

      4KB

      MD5

      67a540fcde81f108f7568628590ee342

      SHA1

      bd454d4203eb18115264fed792b4d5e41a2e2fb5

      SHA256

      328f4780c3389e61ea00604b5d5085e734adee7f162796f1130d5f36d0cf2924

      SHA512

      20586f6f537b18f7e3d0945e0dbf69e6bd62457a06c739268c9867b407e9071c0b82ba8adf166ac19c78e9f36f4d8ccceb85ce1dddc1d5c6b5b49c11fb602199

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\part-vps_windows-24061199.vpx
      Filesize

      7KB

      MD5

      d00a98ab97227224d17c17924aac4e5e

      SHA1

      9c6c80a4e6c799a3b562b2597fe567ff8bd5f404

      SHA256

      8a3b5176bff78d05a4589c08a9ba7b6af7de744cfbd45821b77816d7149fa842

      SHA512

      dd76fb5e3212f0beac81a559a4a438c11604a8c125e2e4567af4f33ee210f4aff48581033e447bfd3fafe675a60939a924e4027d3f30e49ebd1ce2ef017eb7f4

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\prod-pgm.vpx
      Filesize

      572B

      MD5

      d4f72d1329501105ec7111178ac7c98f

      SHA1

      17bfc1e8299b43c46b18442b7e74f84953dc6193

      SHA256

      e2919168247b931b6f7c3274c10e4b68ea9b3a67eeab74347b2ac49bea9b0aa7

      SHA512

      570ee9fb319cb6a291e57abe5cde166d74b82090f818d145d763ec05810184f4548275f2cc294c4bcf395da1cbe1d138b190292b71ea1ae836004eb391353329

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\prod-vps.vpx
      Filesize

      343B

      MD5

      0066d9b938e4d92eed90d515c0da993f

      SHA1

      60f4f31c64671349b100505428a618c9a9033820

      SHA256

      bc659320e0681b00d3b5700251822db8e60e17daeeaae4b6cad83421aaf14209

      SHA512

      d28022752f3fe222d24eb30beb89dbecd25db7100dc362f79463afc45ace1166074ebca1a4c0931b457e1f5643a9644e268c1f0a65109a291ba3eb003f464e62

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\prod-vps.vpx
      Filesize

      340B

      MD5

      85f4992f7b075bcc8fc6cc4f5e24afd4

      SHA1

      abe54ed56c0d23d3e1184bd500ba0fb6cf03fdde

      SHA256

      3dc8281c192753aafe5408485d3344df73209c96989b0524fe2db5a081d848a0

      SHA512

      271ab9967418f12041eeecc39b16881d4f46b0ea4ab59b8dbf7c88c22ef99b1c069a1060f8f94784e39e37d6cc0e6bd68f734d41999055727cc1f12c29cc1ee1

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\sbr_x64_ais-a3d.vpx
      Filesize

      19KB

      MD5

      c137e649a83c0d6e99b40b7244015812

      SHA1

      6aaa485bec43f485b3863d525a8653d19949e005

      SHA256

      d54383d72f4ef21f157867ea9164ccdc3d6dd9c8de32a691a86c1f0c5a008f8f

      SHA512

      c38621980bb82a5fdf509d92167027c67db56c3b3d17c621ef732a98595d50788a4ea934fd19a93787f7d7defadb537036eb0e1464aec8ec1cf8dc6073cae88f

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\servers.def
      Filesize

      29KB

      MD5

      e76e81467cf59e07920fa8350f262269

      SHA1

      e0ab1867d50c7d6cf2f35ca00aa94564cde1ef94

      SHA256

      cd4ca129df4cda34752225d61dc5b810e768bdeb60b0b8fb3fba3826820761c8

      SHA512

      5b29f1f97e6ef1acc567beb1340d13a07c52d94cc6ae6284650c3e717f137af3db43b84a2904f26e772e524dc8e69cdb86eb8e98e9ec65323769171e0ee35070

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\servers.def.vpx
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\servers.def.vpx
      Filesize

      2KB

      MD5

      dc5709c442df025a33cb2ca0d22133af

      SHA1

      5007da1e31f4705932c1f272dd4975b14bef268d

      SHA256

      6530f71b39a09fec9fdf8f258a488640a2094dba5e4a32cf4aa4670fce805744

      SHA512

      c6938f9569e943bbc04fe39acdf8e7302b77124b7f1e2ccbb20ec01242238e81b6ab83730393fe61ce716cb1c4e7df064c65bc5ce84540371fcf6a50a615cb6b

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\setup.def
      Filesize

      38KB

      MD5

      98592e07fab8330e4b367ee1c2ee1a23

      SHA1

      aaaeddbb740f3fb46362ff6055b909e7215e7c22

      SHA256

      046d8d52a8da3a1e288aa24452ce97ed72f47c0f327177ac76373d1eacfc9b40

      SHA512

      1f734e991340156de357b638b562b6f95e762f1913953fab3b449ea6fa3fb081db02dfc3339a4dd1d5c82a0fe169d7a4d4699ce239900bd7e51372a561cc7511

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\uat64.dll
      Filesize

      29KB

      MD5

      c0719ef096798494a616f84f587282d7

      SHA1

      ee38158f887bc2189234330c4891f12f9d902d7a

      SHA256

      ba4d8d0ba809d934004da646ec31a72650dc16e4288404badd761e4bed6a982a

      SHA512

      7b22ac9c0c2c881674333d325363aa1d378d3b3c75700a7713a7f33b6ee144c43cd209d9fe9ff31a93b329881dc14c873cb2338af4695d44724afd5ddda5d298

    • C:\Windows\Temp\asw.6d7e615ab4a23e6e\uat64.vpx
      Filesize

      16KB

      MD5

      11bb373887fe44e1edea08b70c638095

      SHA1

      e887149cb489a3aec8092636379ac4c64e389089

      SHA256

      a2f66db4a802a3aeb977d40a22e399382d8b82da216645defa5b5009602fa358

      SHA512

      d9933cb1b8258f13b21d3bf6a648ed81de1608663e1166a8eaf1baea60f4bc5017ac218f277beb4e65e6719ca57d2910cd6c268ee8a5f8766c13680e86fba879