060de87c45ceabc99e51135369b71048b9f15ca2c32dee32ed99dc3dadf01ab9

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
27/05/2024, 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avg_antivirus_free_setup.exe
Size

229KB
MD5

796ee1d354e110b802dff6873c9963a4
SHA1

4206d44bb07c3181030d498c34f924a4e07a8185
SHA256

060de87c45ceabc99e51135369b71048b9f15ca2c32dee32ed99dc3dadf01ab9
SHA512

208364bd6f95ee1ed5afd69ce2b9422350b40d87981c63b725d9532a44386019875889803b71ca8e90b51576f4565018d882326a71ed2c95916341140021e572
SSDEEP

3072:c2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhhWK0KL:c0KgGwHqwOOELha+sm2D2+UhngNQK4d

Score

6^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup.exe
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_online_setup.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 8 IoCs

pid	Process
3480	avg_antivirus_free_online_setup.exe
2384	icarus.exe
2624	icarus_ui.exe
1972	icarus.exe
1308	icarus.exe
1652	aswOfferTool.exe
4696	aswOfferTool.exe
3936	aswOfferTool.exe

Loads dropped DLL 6 IoCs

pid	Process
2600	avg_antivirus_free_setup.exe
3480	avg_antivirus_free_online_setup.exe
1972	icarus.exe
1308	icarus.exe
4696	aswOfferTool.exe
3936	aswOfferTool.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAALoh4Hv99ckicPRXIhXSjLgQAAAACAAAAAAAQZgAAAAEAACAAAADjAZhAR+LyfT4CJw0Dft8INEJMcu3AtAEzjDc16ev4fwAAAAAOgAAAAAIAACAAAAArZlIw2vzjjs1kTM2aURHF7gH1gG/xZdnT+vISHDjCvDAAAACw1lkApyNn+CEZ/NA3Tqm3ON7I8ChYyx2uoOTfyPB0JykTTiXdTOmJ/UccR8MuAXlAAAAA/mfoE8lUzvzXZytWSTSplzNIXsrGSrtuLt9O94tUQR6N8TGutapLdh7h4i4bbGZLvrP3dcukgTQ74UKbl4PBrQ=="	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "65a3d3b8-a777-4880-8fb8-aea357ae1934"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "65a3d3b8-a777-4880-8fb8-aea357ae1934"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "65a3d3b8-a777-4880-8fb8-aea357ae1934"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "65a3d3b8-a777-4880-8fb8-aea357ae1934"	avg_antivirus_free_online_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2624	icarus_ui.exe
2624	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeRestorePrivilege	2384	icarus.exe
Token: SeTakeOwnershipPrivilege	2384	icarus.exe
Token: SeRestorePrivilege	2384	icarus.exe
Token: SeTakeOwnershipPrivilege	2384	icarus.exe
Token: SeRestorePrivilege	2384	icarus.exe
Token: SeTakeOwnershipPrivilege	2384	icarus.exe
Token: SeRestorePrivilege	2384	icarus.exe
Token: SeTakeOwnershipPrivilege	2384	icarus.exe
Token: SeDebugPrivilege	2384	icarus.exe
Token: SeDebugPrivilege	2624	icarus_ui.exe
Token: SeRestorePrivilege	1972	icarus.exe
Token: SeTakeOwnershipPrivilege	1972	icarus.exe
Token: SeRestorePrivilege	1972	icarus.exe
Token: SeTakeOwnershipPrivilege	1972	icarus.exe
Token: SeRestorePrivilege	1972	icarus.exe
Token: SeTakeOwnershipPrivilege	1972	icarus.exe
Token: SeRestorePrivilege	1972	icarus.exe
Token: SeTakeOwnershipPrivilege	1972	icarus.exe
Token: SeRestorePrivilege	1308	icarus.exe
Token: SeTakeOwnershipPrivilege	1308	icarus.exe
Token: SeRestorePrivilege	1308	icarus.exe
Token: SeTakeOwnershipPrivilege	1308	icarus.exe
Token: SeRestorePrivilege	1308	icarus.exe
Token: SeTakeOwnershipPrivilege	1308	icarus.exe
Token: SeRestorePrivilege	1308	icarus.exe
Token: SeTakeOwnershipPrivilege	1308	icarus.exe
Token: SeDebugPrivilege	1972	icarus.exe
Token: SeDebugPrivilege	1308	icarus.exe
Token: SeDebugPrivilege	1652	aswOfferTool.exe
Token: SeImpersonatePrivilege	1652	aswOfferTool.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3480	avg_antivirus_free_online_setup.exe
2624	icarus_ui.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2624	icarus_ui.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 3480	2600	avg_antivirus_free_setup.exe	81
PID 2600 wrote to memory of 3480	2600	avg_antivirus_free_setup.exe	81
PID 2600 wrote to memory of 3480	2600	avg_antivirus_free_setup.exe	81
PID 3480 wrote to memory of 2384	3480	avg_antivirus_free_online_setup.exe	83
PID 3480 wrote to memory of 2384	3480	avg_antivirus_free_online_setup.exe	83
PID 2384 wrote to memory of 2624	2384	icarus.exe	84
PID 2384 wrote to memory of 2624	2384	icarus.exe	84
PID 2384 wrote to memory of 1972	2384	icarus.exe	85
PID 2384 wrote to memory of 1972	2384	icarus.exe	85
PID 2384 wrote to memory of 1308	2384	icarus.exe	86
PID 2384 wrote to memory of 1308	2384	icarus.exe	86
PID 1308 wrote to memory of 1652	1308	icarus.exe	87
PID 1308 wrote to memory of 1652	1308	icarus.exe	87
PID 1308 wrote to memory of 1652	1308	icarus.exe	87
PID 1308 wrote to memory of 3936	1308	icarus.exe	90
PID 1308 wrote to memory of 3936	1308	icarus.exe	90
PID 1308 wrote to memory of 3936	1308	icarus.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\avg_antivirus_free_setup.exe
"C:\Users\Admin\AppData\Local\Temp\avg_antivirus_free_setup.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\Temp\asw.f15ff7fbdc4434f4\avg_antivirus_free_online_setup.exe
  "C:\Windows\Temp\asw.f15ff7fbdc4434f4\avg_antivirus_free_online_setup.exe" /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /ga_clientid:8b2248f6-97f8-45fc-988b-564c88522e16 /edat_dir:C:\Windows\Temp\asw.f15ff7fbdc4434f4
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\icarus.exe
    C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\icarus-info.xml /install /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.f15ff7fbdc4434f4 /track-guid:8b2248f6-97f8-45fc-988b-564c88522e16 /sssid:3480
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\icarus_ui.exe
      C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\icarus_ui.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.f15ff7fbdc4434f4 /track-guid:8b2248f6-97f8-45fc-988b-564c88522e16 /sssid:3480 /er_master:master_ep_45028030-12f0-4dd6-bb7d-3f4b64752347 /er_ui:ui_ep_9680ed4e-4af0-4999-9f24-f912f949fdd0
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:2624
  - - C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av-vps\icarus.exe
      C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av-vps\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.f15ff7fbdc4434f4 /track-guid:8b2248f6-97f8-45fc-988b-564c88522e16 /sssid:3480 /er_master:master_ep_45028030-12f0-4dd6-bb7d-3f4b64752347 /er_ui:ui_ep_9680ed4e-4af0-4999-9f24-f912f949fdd0 /er_slave:avg-av-vps_slave_ep_6907a030-8a41-4074-bb69-0d4c8e200e72 /slave:avg-av-vps
      4⤵
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1972
  - - C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\icarus.exe
      C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-FAD /edat_dir:C:\Windows\Temp\asw.f15ff7fbdc4434f4 /track-guid:8b2248f6-97f8-45fc-988b-564c88522e16 /sssid:3480 /er_master:master_ep_45028030-12f0-4dd6-bb7d-3f4b64752347 /er_ui:ui_ep_9680ed4e-4af0-4999-9f24-f912f949fdd0 /er_slave:avg-av_slave_ep_61db9491-be3d-431b-a978-0a3263e6020d /slave:avg-av
      4⤵
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1308
    - - C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1652
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4696
    - - C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
61KB

MD5
2cf5bae625ea90fcc69c25171cd4c37e

SHA1
c4ccbc8fddc561bc82b18cd439703dfbc345f0b8

SHA256
0c7f9a37924f9bbd2f2152267dabde76307d9dcf5aa638248cea79c7728fe24d

SHA512
f24db3706a0c1d0281a83206bed34472b4670726a61d2c888954c21152e8f99c22bdbab8ad26aadb979fa47ef8c34a7b9d1f9146a8d97487c5cc9aad71b8b437

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
157KB

MD5
6360f37ca199e9277bdeacfb7c47d36b

SHA1
3e155b68daa3e0ca738e236e636b48d4f87eef29

SHA256
330424e9c12ec93f446615470a834c551d7f2fd0709f71fc0d2912e6d2a2c2f9

SHA512
d53a1b66c7b8362ff8e387823a2a4ec85c32dcdaa6710085e854b09640deb89eddbd0f0ea0c6cf70b5ff1bd84deaea500cfc0466fd024fcb5ebced31059b9fd2

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
13KB

MD5
50bdc893c1031128bd7d603f9f8192f6

SHA1
ff6b18e02e683dda48613f42df4c41bb27d8f268

SHA256
c33e44dc3623e1ff356e1e43ad4457e6740e4b3d4595fda04935558ba2432b96

SHA512
612ec37b39aa5e234b23bf3ee94cb7af94e96558f122a3238ea76abb0c436d82469cb7f3455b89344221624559bd350ab782ddf8b19d7e58788f129b62b952c6

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
16KB

MD5
8a8e948ad17755925702532276a70fa5

SHA1
bf776867094eae2b32627372d845b60cdc518ca0

SHA256
4411b285ee51d5a7d42277f3407d21f4fa5202220e29b75cef18392510b5e990

SHA512
afc94cb943cab9c049fc3790b5ae90a83b6dfab2f17f8923498276dfac7a2cbcbe96722281f63f953a0c5c89fb1097da154fb69b1f42e157b261507e39e9faa8

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
16KB

MD5
5121ef319dd8f2f9fb297a3862fcdfdc

SHA1
45e460313742cf3ab3e666bc85436dbd9ea20bfe

SHA256
e112077f4cd7ce8ea1d2351b4a5ed1433dd3603ca87b203a076ad80d89862591

SHA512
3471fdaf33a19c4d2e2198f8a78bd7a9f2e9c58c99c6dc7f35f2fa3713c0ccd22ca51f542c5bae3724902a833aa347588d9522824efbe04a5b6aaf6c798cd5b3

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
278B

MD5
b8853a8e6228549b5d3ad97752d173d4

SHA1
cd471a5d57e0946c19a694a6be8a3959cef30341

SHA256
8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9

SHA512
cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
168f03c5c241049561d93853fa2304dc

SHA1
ee086aa5bc60436a75015003cb2dd27ae57620ff

SHA256
374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e

SHA512
169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
ec4e1f7f2e3a54bd2ca95d1de9950927

SHA1
9e3154de622f26cb44f75c6d18c7b01f6a77bc12

SHA256
9dc5140642a404f410ffa8ef1f3fe940de5677ed55b6e5d4c2e9af777e6ef7d1

SHA512
efbd0876647a01817e0830e70718ab010a465cf3e8c22704e8b807eb46237ba695a2b37b7af80748323070a38d6dc3070be0d48a4ce2385f24a2f7ec6c346eea

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av-vps\bug_report.exe

Filesize
4.8MB

MD5
0c0f0ca2bb49dfa3743e9d4156007c70

SHA1
042fdfba346a89a83f0c782117038a82b29a28d1

SHA256
0e1865702916ae47aafc54c6199e3a73acb735ae888f9a8dd7bc4656268ef9ea

SHA512
e15f826ce67d4d5224cdcefc3194a5a9144e152ad16136f5774d2ca29484fc11e778e2e9d114af80ad2a99907bd4999e6eef95c7b7dbbe6a7829d67c1b6bbc92

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av-vps\config.def

Filesize
583B

MD5
88b8bbca6adfb658e9f64786290b1508

SHA1
a7e19f0be671882e7c0de8d546482d20045139de

SHA256
a98977649c4c1e25f732e3023515cac1cf5d54df88d58c170dde6f895bc695fc

SHA512
b7329cac2951e04645771d207dc0c095fe81dfa17bd3df185f4da1e1cc4f726750a48921fd97345b6777638e212624d4f0d3824d39f363d9421bbbffd44f3968

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av-vps\icarus_product.dll

Filesize
854KB

MD5
8dea9113f06c772b694076eb05e24af3

SHA1
4136e3908af8c5d45bcb687bd908578d9b491bef

SHA256
06e5db8b67e8ec03a308d576a4c5b169767075b04a550d7be7f98c4f6531c0cf

SHA512
eb8e5e2b7d85c0dfaf01e6a8b6db8363d8c3b82800ad686e2ddfcb654ce403f854262b969705d69b684dab58053bbf033a8aa3ca826e1677b2461f163987d128

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av-vps\product-def.xml

Filesize
57KB

MD5
f733c11e286e3c42bc471d4b5337cbf8

SHA1
104b521afbfd27a1c0490fbe377e224197c4c7ff

SHA256
2dba27b653d2e297651a05841c2fb8e63b349a367360ba4043b942bd23cb140c

SHA512
45f89277825edfc4d5adeac9a4637b5e23db4fac0db3f48ada73bf3191153cd8d827245eee451196040dda4085d7dc801a647563ed857521a5d59cd6a27dfa48

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av-vps\product-info.xml

Filesize
5KB

MD5
bb13b0af1abe613391e76d83976c32e7

SHA1
581c945295c940bcf11c82444334ce5cd32708b4

SHA256
49040e23292f74e0c02b648c741c1998858d2e9e72f78bbdae63d5eefb2c51ec

SHA512
6015f786c6aaa1cb85afae78071e063c84d013860619dcff89b13430e26c014b9f6b26493f989184a177a4e5854a9ed6704ab3aae25361f48e1a3f8159ff0f16

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\aswOfferTool.exe

Filesize
2.3MB

MD5
4ba75fbdc944ce051b0caa31b354fe3a

SHA1
a20f3e601f311c9fff4de672eae5bb033ed6dc6f

SHA256
80b6f07ece1e64e25c8f9ce2f4074a6af344b1900bbe823ea5b295476a209136

SHA512
e51cd73f155d75b682245d226cb4d9276719070ddd0df5e1779f9e92a89e232f828f33d55cdb2df99d70a7aa21b161fbf9c4978c3a74212716f99b7dcd03319a

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\config.def

Filesize
757B

MD5
264d61ef38e6f06891da07c11bf71436

SHA1
e4a258aa41ce4aaacdfa7f5c0f6f11d4859fe1b2

SHA256
96976bd5ecb653aded30321685e44a59886901652c031de101e3a13326d61387

SHA512
c818737bcb76b4d50673c8007118320f0b6081108f4934016a04167d5a8f4835393274438769e05276c5db79c5d9f5e4e3748788a1439c974bdf16b3d5dd6890

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\config.def.edat

Filesize
18KB

MD5
4bd76d327aaa89ff112d9a7bc99e34bb

SHA1
777c225d3b02c9d2a0c73453f27de2d7bfde30a6

SHA256
3c09cae25f464320bb5fc7853aa89d9538cf23c9de7763f2622516d2ebf9d1a6

SHA512
82fcfc869f59082525cd67b6f157f00016b841e1479e2b4eef4e461dc60602ea6244153343078c5e5e5cf28d32fd34ceb68c8c845501ebb9836c735941781538

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\edition.edat

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\avg-av\icarus_product.dll

Filesize
6.0MB

MD5
c759ccf61856d42470ce0cdb946ed5c1

SHA1
7cf21d64cec004b16d27edc5d9eaa606ff3f2093

SHA256
e5a82b8065ea7eb2689b9fe756ea781169a22736b6f706cfeecb1ab0d7fb0f53

SHA512
037260fb2fff4b1fc1402dc71a2527e5a8985de0c0af662fbc6d27453f875e90265a696d175f1ebb645ecca37dcaa1ef2cb415ef32f66454f44906deed0b1f07

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\dump_process.exe

Filesize
3.4MB

MD5
c22d80d43019235520344972efec9ff2

SHA1
1a2b4b2a52d820f9233ca0201be9ee7f6d82adbc

SHA256
5841a3df4784e008b8f2c567f15bb28cdb4cb4ca35c750f1108dfb1ccb6011f0

SHA512
f1cadbc3077379a6d7e36b8cf3bc830f44b5e668d4a6c0ce6b62bde292498c4f41c6588c5eba2599aa67524acfd125b7f23c419ae2b4a8e4afea7708aad83edc

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\icarus.exe

Filesize
7.7MB

MD5
97856ab19be2842f985c899ccde7e312

SHA1
4b33ff3baeba3b61ee040b1d00ebff0531cc21ef

SHA256
2569a72d3a55ea7ad690d708907245c221664c5c88cadbc19e1967135fa40514

SHA512
b2f57fd7c482977ebf52b49e50e57f60f1bf87be5bbf54c0dcfb3038c0f46b89c70f10161fab7585d01b90c4fdc00b86932444f32528fed04b514c6746bff29f

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\icarus_mod.dll

Filesize
14KB

MD5
d1ff8db70f98609d6d77c1aaeaab3bcd

SHA1
0056e4e0532073fbcecb03d1787cf2c6c8c4a8e4

SHA256
62255ac0c16be448f7810180fe8977219015a788d12e739a2d7054896c67ce39

SHA512
5c506ee95b0781b621e5e996e14e9d0c7c849a6767993def2dd74c8f25d6f995a60ef77f831b42d4537a7d28a79924ba01a918e760446b65dc3a264de5b19299

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\icarus_ui.exe

Filesize
11.8MB

MD5
7ebae16a6ea514e55f7160c3539261cc

SHA1
ae74b3af4926b6932aea68a32c7c8727d53a94e7

SHA256
f27f92f003505dbca839513d233198211860de0ef487973a5ce0761d8e8ebfb9

SHA512
f7c7c084517785f21ae0bd82509ddc31e985edbe9e07f275414806afa3f696037340ea0e6091221a5d81250adf170ca0fa4345915d000eaba6034a9db0f61369

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\product-def.xml

Filesize
1.3MB

MD5
d29cc35aeedc83b04874604da70e0f7c

SHA1
2d900b1705c5aca05801fb33cb53c15633e5c89e

SHA256
88554406caa420774a4798054a9ec22cbf7e4680cc7dda086ed54dd368adbcde

SHA512
59ea174fbfcb8b92fce26be35393d5844cfa3b0b770a1d880b9fd1e4ea7878166814494d1a22d74b485fd7a3ba132e0883e0526c0412df7cac56c40cf1507089

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\product-info.xml

Filesize
9KB

MD5
a0a024d730ff769527291351efdabb27

SHA1
351875cf5f84dd69113ad64532f9995b209930ac

SHA256
0ffad989a60a625f10dcc0cd8ac586767e6c68c2cf1ddec9eedfb66dcbe726ee

SHA512
da8e1c8c80491391658ffd2875501ed252f7930553d4cb6f26e8a8b9eca43821b7b75a342462ace579b354c57542853f90b80ed856288e05bd6ec4b1e8ce6a8a

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\common\setupui.cont

Filesize
385KB

MD5
50c6f100664620a3163b2166d436bd32

SHA1
096dd3b1d3a56d7f52751a7da69d6a59700bc283

SHA256
61edc543e208ddd4545fe3f62e02893d09185379a9c4a77a8e29ad4463f7088a

SHA512
bb0d61ab76749a7e657d66a42b34910d3dfab13d88e1f0273ff6675edb3d460400bcf6e7d17440b58bcc9357abb974177d5fbf314056e6fe293a567290657c78

Download Submit
C:\Windows\Temp\asw-af5f2493-85d4-44de-98a9-5832aa20a77e\icarus-info.xml

Filesize
1KB

MD5
1d10495b2648d1317ffcc3683a2d2b8a

SHA1
adce89a50ad48abb0d58a091c28788a771b7b45d

SHA256
ef6e7debb0116d86d98369a99bea8b6791124b58aee5d6b8eb6094da663c2da3

SHA512
195ff6f6df77a68b791e4c556ebf74e41ca1005bf3ec0a4b26ba26c25343f15d6910daa6ced1fd921b98313baf2fd79fc76e0345f1d26dd82012bb48df90e208

Download Submit
C:\Windows\Temp\asw.f15ff7fbdc4434f4\avg_antivirus_free_online_setup.exe

Filesize
1.5MB

MD5
4ebfd5b14965fb15861a08884975a7cf

SHA1
6dea349f6afb95e3554e917f878693efd7e2a5e6

SHA256
c8c9a933462f6495a39cf80c51b3972a720d3bd301d1a0cc4472479f981a8a7e

SHA512
f61bddd116d9c86523c9a3fde06604a3aacbe6de77522cd1f6198dacc0f1bbd4fe46af54a27e89c30666beb222580a4bea2c7d97a42830a84841083d8c1bec6f

Download Submit
C:\Windows\Temp\asw.f15ff7fbdc4434f4\ecoo.edat

Filesize
38B

MD5
aaa8f0ca4acc800e63ec0cc3f9598380

SHA1
ba82445e4b1eae5bed00d6e5a78411b05700d88d

SHA256
9fa614083ebc934b52510cc41eb3246e1b0d199329ab1fd3aea08a5bce62bcdf

SHA512
cffec5401f95e8ddfd9edf6c2ea072114d3be913fd48f874938524046f08dea246823ce042fb9d452692c90c50a215c3dcaa19c02270d93534b6ff2da0d88dc0

Download Submit