060de87c45ceabc99e51135369b71048b9f15ca2c32dee32ed99dc3dadf01ab9

Analysis

max time kernel
93s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avg_antivirus_free_setup.exe
Size

229KB
MD5

796ee1d354e110b802dff6873c9963a4
SHA1

4206d44bb07c3181030d498c34f924a4e07a8185
SHA256

060de87c45ceabc99e51135369b71048b9f15ca2c32dee32ed99dc3dadf01ab9
SHA512

208364bd6f95ee1ed5afd69ce2b9422350b40d87981c63b725d9532a44386019875889803b71ca8e90b51576f4565018d882326a71ed2c95916341140021e572
SSDEEP

3072:c2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhhWK0KL:c0KgGwHqwOOELha+sm2D2+UhngNQK4d

Score

6^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup.exe
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_online_setup.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 8 IoCs

pid	Process
3640	avg_antivirus_free_online_setup.exe
796	icarus.exe
4424	icarus_ui.exe
1512	icarus.exe
4744	icarus.exe
1332	aswOfferTool.exe
3884	aswOfferTool.exe
3180	aswOfferTool.exe

Loads dropped DLL 6 IoCs

pid	Process
1060	avg_antivirus_free_setup.exe
3640	avg_antivirus_free_online_setup.exe
1512	icarus.exe
4744	icarus.exe
3884	aswOfferTool.exe
3180	aswOfferTool.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "9073729d-af4c-4865-84fd-2c310745afef"	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "9073729d-af4c-4865-84fd-2c310745afef"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAURL0dvRrV0CMuZFL2/N/WQQAAAACAAAAAAAQZgAAAAEAACAAAAAfTXcj9SWbELOcJAwgbLDhVBy4rynRH1Psrqtulj5zdQAAAAAOgAAAAAIAACAAAADp6BAA8xfCAbKnEN64G6G2HFJikVd+zF/gze6FjxSWHTAAAABZBAYWuWgWS0XQ9IL7Bp2oumqi2s4jufUcH+R9S07wjIKwp2ym13kC2bqlv2on04ZAAAAA+fOU6oLY4Id4TBMILF8QR5DaG/S8C/bMcsqFQMzlzyVDl2fuBMfbcVc2H32BXJuayDGpwq9678jL7ya/Q5x6aA=="	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "9073729d-af4c-4865-84fd-2c310745afef"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "9073729d-af4c-4865-84fd-2c310745afef"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4424	icarus_ui.exe
4424	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeRestorePrivilege	796	icarus.exe
Token: SeTakeOwnershipPrivilege	796	icarus.exe
Token: SeRestorePrivilege	796	icarus.exe
Token: SeTakeOwnershipPrivilege	796	icarus.exe
Token: SeRestorePrivilege	796	icarus.exe
Token: SeTakeOwnershipPrivilege	796	icarus.exe
Token: SeRestorePrivilege	796	icarus.exe
Token: SeTakeOwnershipPrivilege	796	icarus.exe
Token: SeDebugPrivilege	796	icarus.exe
Token: SeDebugPrivilege	4424	icarus_ui.exe
Token: SeRestorePrivilege	1512	icarus.exe
Token: SeTakeOwnershipPrivilege	1512	icarus.exe
Token: SeRestorePrivilege	1512	icarus.exe
Token: SeTakeOwnershipPrivilege	1512	icarus.exe
Token: SeRestorePrivilege	1512	icarus.exe
Token: SeTakeOwnershipPrivilege	1512	icarus.exe
Token: SeRestorePrivilege	1512	icarus.exe
Token: SeTakeOwnershipPrivilege	1512	icarus.exe
Token: SeRestorePrivilege	4744	icarus.exe
Token: SeTakeOwnershipPrivilege	4744	icarus.exe
Token: SeRestorePrivilege	4744	icarus.exe
Token: SeTakeOwnershipPrivilege	4744	icarus.exe
Token: SeRestorePrivilege	4744	icarus.exe
Token: SeTakeOwnershipPrivilege	4744	icarus.exe
Token: SeRestorePrivilege	4744	icarus.exe
Token: SeTakeOwnershipPrivilege	4744	icarus.exe
Token: SeDebugPrivilege	1512	icarus.exe
Token: SeDebugPrivilege	4744	icarus.exe
Token: SeDebugPrivilege	1332	aswOfferTool.exe
Token: SeImpersonatePrivilege	1332	aswOfferTool.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3640	avg_antivirus_free_online_setup.exe
4424	icarus_ui.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4424	icarus_ui.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 3640	1060	avg_antivirus_free_setup.exe	85
PID 1060 wrote to memory of 3640	1060	avg_antivirus_free_setup.exe	85
PID 1060 wrote to memory of 3640	1060	avg_antivirus_free_setup.exe	85
PID 3640 wrote to memory of 796	3640	avg_antivirus_free_online_setup.exe	90
PID 3640 wrote to memory of 796	3640	avg_antivirus_free_online_setup.exe	90
PID 796 wrote to memory of 4424	796	icarus.exe	91
PID 796 wrote to memory of 4424	796	icarus.exe	91
PID 796 wrote to memory of 1512	796	icarus.exe	93
PID 796 wrote to memory of 1512	796	icarus.exe	93
PID 796 wrote to memory of 4744	796	icarus.exe	94
PID 796 wrote to memory of 4744	796	icarus.exe	94
PID 4744 wrote to memory of 1332	4744	icarus.exe	98
PID 4744 wrote to memory of 1332	4744	icarus.exe	98
PID 4744 wrote to memory of 1332	4744	icarus.exe	98
PID 4744 wrote to memory of 3180	4744	icarus.exe	101
PID 4744 wrote to memory of 3180	4744	icarus.exe	101
PID 4744 wrote to memory of 3180	4744	icarus.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\avg_antivirus_free_setup.exe
"C:\Users\Admin\AppData\Local\Temp\avg_antivirus_free_setup.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\Temp\asw.02ab0553f2530a95\avg_antivirus_free_online_setup.exe
  "C:\Windows\Temp\asw.02ab0553f2530a95\avg_antivirus_free_online_setup.exe" /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /ga_clientid:5f4ef386-e8f4-4a1e-9878-a0faf7aa6bb0 /edat_dir:C:\Windows\Temp\asw.02ab0553f2530a95
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3640
- - C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\icarus.exe
    C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\icarus-info.xml /install /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.02ab0553f2530a95 /track-guid:5f4ef386-e8f4-4a1e-9878-a0faf7aa6bb0 /sssid:3640
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:796
  - - C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\icarus_ui.exe
      C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\icarus_ui.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.02ab0553f2530a95 /track-guid:5f4ef386-e8f4-4a1e-9878-a0faf7aa6bb0 /sssid:3640 /er_master:master_ep_33ae4c40-2e01-4d0c-9c18-a8b653659ff4 /er_ui:ui_ep_ed20454f-8e0d-41b4-96f8-4ce66145d2f5
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4424
  - - C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av-vps\icarus.exe
      C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av-vps\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.02ab0553f2530a95 /track-guid:5f4ef386-e8f4-4a1e-9878-a0faf7aa6bb0 /sssid:3640 /er_master:master_ep_33ae4c40-2e01-4d0c-9c18-a8b653659ff4 /er_ui:ui_ep_ed20454f-8e0d-41b4-96f8-4ce66145d2f5 /er_slave:avg-av-vps_slave_ep_cf9fae01-7319-46a8-8ec3-7f66a558de2a /slave:avg-av-vps
      4⤵
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1512
  - - C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\icarus.exe
      C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.02ab0553f2530a95 /track-guid:5f4ef386-e8f4-4a1e-9878-a0faf7aa6bb0 /sssid:3640 /er_master:master_ep_33ae4c40-2e01-4d0c-9c18-a8b653659ff4 /er_ui:ui_ep_ed20454f-8e0d-41b4-96f8-4ce66145d2f5 /er_slave:avg-av_slave_ep_5d9db09e-0781-4d5e-8f20-0ece2b348cb6 /slave:avg-av
      4⤵
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4744
    - - C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1332
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3884
    - - C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
58KB

MD5
5278edbf5966d29f2b18b4417afc6aa3

SHA1
9882f3018898a97ec2318bdd3e479f0ea1c26be6

SHA256
2f99102ba9e49d2899f20cb319da1a82b996925d849a0a2562fbc1ce4d24cb8e

SHA512
205fef609e8f724de485999bb1218de55b42fe74cb179e7bb4735a1d9221eb98e51478df4917f5e6d4df9723d23c72b1b24391fc05eaec51716362b909b1ed75

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
83KB

MD5
351dad037897dbe754fe433ae533f4f2

SHA1
82e4c0c0244b2ae8e4856d86367c12e8ef4b1609

SHA256
aa00f21e866b0c9a44e10dd0a6fe742145bd37f9679717679a119e068805a2fd

SHA512
5a468eb7428696fffb925db3a463e388a418f07089670f693a0978fea73925ef84e92d2b1d7834d3ab71e42772a2b2af595dfeca32c0e9f1d8bc5c1552bc5074

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
85KB

MD5
e751e3e7720a210e616a37e9fdee176d

SHA1
c4acccfe572ff1590fa4aa182209bcaa8cd6600d

SHA256
42958f07fc33dfe93ebe9e699a4d437ec9b9f8be5e11410d9642448c035ba3ae

SHA512
fe0da2019f5ae805dc73dba0fea4637b930a1c20005bc77264b0aa3c5578394851fc6c00093d823cc68426c7d050d487006453f07c5d6d6a62b5a65d4c6b0d93

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
13KB

MD5
0068f7da77dc7ae91a9f380663c023fa

SHA1
a76c44396bc84aad7baa4b6be8993b4617441d43

SHA256
a5b972ceecb0d5c3e7072aaf9849b008c3a312200f97405e3e9082a2af4b0b6c

SHA512
1417f05e3eaa879b16854fbe6a9b43fc59a53938a097dc7d5e8ae120ffd8bf151262c985a18f5801dc38e173384727fcf531a7c528b6a85b223294d55f023d4d

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
12KB

MD5
00101b90d3ec1fac640bc1c87afe6198

SHA1
1b2f4e38de5c90184a73ab445b5b316990d920ad

SHA256
8734227fb5ca4d8b47a061dc0ab5f1043a2d365d1aea15ed4b9b112db3a5ba88

SHA512
a6cc4a9b5c527f33ef8cf9c7351fbc240faf1f836d2dbb685df922f11905f0068873e3830ad6b79ebefd98024dc80eb86628dbc4c8faeaa32024fb47bf493be3

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
278B

MD5
b8853a8e6228549b5d3ad97752d173d4

SHA1
cd471a5d57e0946c19a694a6be8a3959cef30341

SHA256
8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9

SHA512
cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
168f03c5c241049561d93853fa2304dc

SHA1
ee086aa5bc60436a75015003cb2dd27ae57620ff

SHA256
374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e

SHA512
169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
41729eb133b98276e4646dc9e1c22f7d

SHA1
68999eb8a613f442f439e85746812a41bd0905b9

SHA256
bed30792b81946decd8b0dfbc23a2a50cf278ac62827354eb355c8ca73decdd1

SHA512
58a2cfa3e7be7585c09ce8d351fbf0e810e0f8b07bc73242fcc8222adb12b0e9e17d048780beb7b855a1e764426676a92ed4a26226b41634a7a43a585a3510e8

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av-vps\config.def

Filesize
583B

MD5
88b8bbca6adfb658e9f64786290b1508

SHA1
a7e19f0be671882e7c0de8d546482d20045139de

SHA256
a98977649c4c1e25f732e3023515cac1cf5d54df88d58c170dde6f895bc695fc

SHA512
b7329cac2951e04645771d207dc0c095fe81dfa17bd3df185f4da1e1cc4f726750a48921fd97345b6777638e212624d4f0d3824d39f363d9421bbbffd44f3968

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av-vps\dump_process.exe

Filesize
3.4MB

MD5
c22d80d43019235520344972efec9ff2

SHA1
1a2b4b2a52d820f9233ca0201be9ee7f6d82adbc

SHA256
5841a3df4784e008b8f2c567f15bb28cdb4cb4ca35c750f1108dfb1ccb6011f0

SHA512
f1cadbc3077379a6d7e36b8cf3bc830f44b5e668d4a6c0ce6b62bde292498c4f41c6588c5eba2599aa67524acfd125b7f23c419ae2b4a8e4afea7708aad83edc

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av-vps\icarus_product.dll

Filesize
854KB

MD5
8dea9113f06c772b694076eb05e24af3

SHA1
4136e3908af8c5d45bcb687bd908578d9b491bef

SHA256
06e5db8b67e8ec03a308d576a4c5b169767075b04a550d7be7f98c4f6531c0cf

SHA512
eb8e5e2b7d85c0dfaf01e6a8b6db8363d8c3b82800ad686e2ddfcb654ce403f854262b969705d69b684dab58053bbf033a8aa3ca826e1677b2461f163987d128

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av-vps\product-def.xml

Filesize
57KB

MD5
f733c11e286e3c42bc471d4b5337cbf8

SHA1
104b521afbfd27a1c0490fbe377e224197c4c7ff

SHA256
2dba27b653d2e297651a05841c2fb8e63b349a367360ba4043b942bd23cb140c

SHA512
45f89277825edfc4d5adeac9a4637b5e23db4fac0db3f48ada73bf3191153cd8d827245eee451196040dda4085d7dc801a647563ed857521a5d59cd6a27dfa48

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av-vps\product-info.xml

Filesize
5KB

MD5
bb13b0af1abe613391e76d83976c32e7

SHA1
581c945295c940bcf11c82444334ce5cd32708b4

SHA256
49040e23292f74e0c02b648c741c1998858d2e9e72f78bbdae63d5eefb2c51ec

SHA512
6015f786c6aaa1cb85afae78071e063c84d013860619dcff89b13430e26c014b9f6b26493f989184a177a4e5854a9ed6704ab3aae25361f48e1a3f8159ff0f16

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\aswOfferTool.exe

Filesize
2.3MB

MD5
4ba75fbdc944ce051b0caa31b354fe3a

SHA1
a20f3e601f311c9fff4de672eae5bb033ed6dc6f

SHA256
80b6f07ece1e64e25c8f9ce2f4074a6af344b1900bbe823ea5b295476a209136

SHA512
e51cd73f155d75b682245d226cb4d9276719070ddd0df5e1779f9e92a89e232f828f33d55cdb2df99d70a7aa21b161fbf9c4978c3a74212716f99b7dcd03319a

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\config.def

Filesize
757B

MD5
264d61ef38e6f06891da07c11bf71436

SHA1
e4a258aa41ce4aaacdfa7f5c0f6f11d4859fe1b2

SHA256
96976bd5ecb653aded30321685e44a59886901652c031de101e3a13326d61387

SHA512
c818737bcb76b4d50673c8007118320f0b6081108f4934016a04167d5a8f4835393274438769e05276c5db79c5d9f5e4e3748788a1439c974bdf16b3d5dd6890

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\config.def.edat

Filesize
18KB

MD5
4bd76d327aaa89ff112d9a7bc99e34bb

SHA1
777c225d3b02c9d2a0c73453f27de2d7bfde30a6

SHA256
3c09cae25f464320bb5fc7853aa89d9538cf23c9de7763f2622516d2ebf9d1a6

SHA512
82fcfc869f59082525cd67b6f157f00016b841e1479e2b4eef4e461dc60602ea6244153343078c5e5e5cf28d32fd34ceb68c8c845501ebb9836c735941781538

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\edition.edat

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\avg-av\icarus_product.dll

Filesize
6.0MB

MD5
c759ccf61856d42470ce0cdb946ed5c1

SHA1
7cf21d64cec004b16d27edc5d9eaa606ff3f2093

SHA256
e5a82b8065ea7eb2689b9fe756ea781169a22736b6f706cfeecb1ab0d7fb0f53

SHA512
037260fb2fff4b1fc1402dc71a2527e5a8985de0c0af662fbc6d27453f875e90265a696d175f1ebb645ecca37dcaa1ef2cb415ef32f66454f44906deed0b1f07

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\bug_report.exe

Filesize
4.8MB

MD5
0c0f0ca2bb49dfa3743e9d4156007c70

SHA1
042fdfba346a89a83f0c782117038a82b29a28d1

SHA256
0e1865702916ae47aafc54c6199e3a73acb735ae888f9a8dd7bc4656268ef9ea

SHA512
e15f826ce67d4d5224cdcefc3194a5a9144e152ad16136f5774d2ca29484fc11e778e2e9d114af80ad2a99907bd4999e6eef95c7b7dbbe6a7829d67c1b6bbc92

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\icarus.exe

Filesize
7.7MB

MD5
97856ab19be2842f985c899ccde7e312

SHA1
4b33ff3baeba3b61ee040b1d00ebff0531cc21ef

SHA256
2569a72d3a55ea7ad690d708907245c221664c5c88cadbc19e1967135fa40514

SHA512
b2f57fd7c482977ebf52b49e50e57f60f1bf87be5bbf54c0dcfb3038c0f46b89c70f10161fab7585d01b90c4fdc00b86932444f32528fed04b514c6746bff29f

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\icarus_mod.dll

Filesize
14KB

MD5
d1ff8db70f98609d6d77c1aaeaab3bcd

SHA1
0056e4e0532073fbcecb03d1787cf2c6c8c4a8e4

SHA256
62255ac0c16be448f7810180fe8977219015a788d12e739a2d7054896c67ce39

SHA512
5c506ee95b0781b621e5e996e14e9d0c7c849a6767993def2dd74c8f25d6f995a60ef77f831b42d4537a7d28a79924ba01a918e760446b65dc3a264de5b19299

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\icarus_ui.exe

Filesize
11.8MB

MD5
7ebae16a6ea514e55f7160c3539261cc

SHA1
ae74b3af4926b6932aea68a32c7c8727d53a94e7

SHA256
f27f92f003505dbca839513d233198211860de0ef487973a5ce0761d8e8ebfb9

SHA512
f7c7c084517785f21ae0bd82509ddc31e985edbe9e07f275414806afa3f696037340ea0e6091221a5d81250adf170ca0fa4345915d000eaba6034a9db0f61369

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\product-def.xml

Filesize
1.3MB

MD5
d29cc35aeedc83b04874604da70e0f7c

SHA1
2d900b1705c5aca05801fb33cb53c15633e5c89e

SHA256
88554406caa420774a4798054a9ec22cbf7e4680cc7dda086ed54dd368adbcde

SHA512
59ea174fbfcb8b92fce26be35393d5844cfa3b0b770a1d880b9fd1e4ea7878166814494d1a22d74b485fd7a3ba132e0883e0526c0412df7cac56c40cf1507089

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\product-info.xml

Filesize
9KB

MD5
a0a024d730ff769527291351efdabb27

SHA1
351875cf5f84dd69113ad64532f9995b209930ac

SHA256
0ffad989a60a625f10dcc0cd8ac586767e6c68c2cf1ddec9eedfb66dcbe726ee

SHA512
da8e1c8c80491391658ffd2875501ed252f7930553d4cb6f26e8a8b9eca43821b7b75a342462ace579b354c57542853f90b80ed856288e05bd6ec4b1e8ce6a8a

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\common\setupui.cont

Filesize
385KB

MD5
50c6f100664620a3163b2166d436bd32

SHA1
096dd3b1d3a56d7f52751a7da69d6a59700bc283

SHA256
61edc543e208ddd4545fe3f62e02893d09185379a9c4a77a8e29ad4463f7088a

SHA512
bb0d61ab76749a7e657d66a42b34910d3dfab13d88e1f0273ff6675edb3d460400bcf6e7d17440b58bcc9357abb974177d5fbf314056e6fe293a567290657c78

Download Submit
C:\Windows\Temp\asw-d7b6f41f-780f-4301-9688-6af05f25910d\icarus-info.xml

Filesize
1KB

MD5
25e7fdf711ec4e9ad723ef35640195b0

SHA1
dacca7313f6e918e7a422d382f6223bbf2b2839c

SHA256
663fa13919e2011575bb427a4af86f8e925e57ccf4157020ad04803848697e59

SHA512
08c591ee3db2103b18ecbf045c190dd2b358a6562b519bfe440c6b4c4661a4d732c8ed5f1eeb00af6fb02fa29a3a20940431a03548ca21119283e6a82416a55c

Download Submit
C:\Windows\Temp\asw.02ab0553f2530a95\avg_antivirus_free_online_setup.exe

Filesize
1.5MB

MD5
4ebfd5b14965fb15861a08884975a7cf

SHA1
6dea349f6afb95e3554e917f878693efd7e2a5e6

SHA256
c8c9a933462f6495a39cf80c51b3972a720d3bd301d1a0cc4472479f981a8a7e

SHA512
f61bddd116d9c86523c9a3fde06604a3aacbe6de77522cd1f6198dacc0f1bbd4fe46af54a27e89c30666beb222580a4bea2c7d97a42830a84841083d8c1bec6f

Download Submit
C:\Windows\Temp\asw.02ab0553f2530a95\ecoo.edat

Filesize
38B

MD5
aaa8f0ca4acc800e63ec0cc3f9598380

SHA1
ba82445e4b1eae5bed00d6e5a78411b05700d88d

SHA256
9fa614083ebc934b52510cc41eb3246e1b0d199329ab1fd3aea08a5bce62bcdf

SHA512
cffec5401f95e8ddfd9edf6c2ea072114d3be913fd48f874938524046f08dea246823ce042fb9d452692c90c50a215c3dcaa19c02270d93534b6ff2da0d88dc0

Download Submit