6174b78835db0d54f99b53df75f5f2a4f7294e35c404448f55069a78047e259e

Analysis

max time kernel
247s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avg_antivirus_free_setup.exe
Size

229KB
MD5

17b75739e76022b30f1f568192c30db2
SHA1

671422d2ebb2fd87ecd48743cc0f679564ae6502
SHA256

6174b78835db0d54f99b53df75f5f2a4f7294e35c404448f55069a78047e259e
SHA512

978aaac3772e57dcdfeb0f1bd4a053297cd7723a1c4cce1dd35937952124d01cfefb56a8d5f45acea899ffe57f734152b6fc6a522134a5558a026cd402931e88
SSDEEP

3072:A2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhhXK0K3:A0KgGwHqwOOELha+sm2D2+UhngN9K4a

Score

6^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_setup.exe
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_online_setup.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 8 IoCs

pid	Process
2740	avg_antivirus_free_online_setup.exe
376	icarus.exe
3964	icarus_ui.exe
1332	icarus.exe
3076	icarus.exe
2444	aswOfferTool.exe
3980	aswOfferTool.exe
3436	aswOfferTool.exe

Loads dropped DLL 6 IoCs

pid	Process
2704	avg_antivirus_free_setup.exe
2740	avg_antivirus_free_online_setup.exe
1332	icarus.exe
3076	icarus.exe
3980	aswOfferTool.exe
3436	aswOfferTool.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "5ac9882c-8b29-455c-b8a8-663eec8916ea"	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	avg_antivirus_free_online_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "5ac9882c-8b29-455c-b8a8-663eec8916ea"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "5ac9882c-8b29-455c-b8a8-663eec8916ea"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "5ac9882c-8b29-455c-b8a8-663eec8916ea"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA00MlovBMMEOTsU49zmEr4AQAAAACAAAAAAAQZgAAAAEAACAAAADRTAdQUAfdmNddogWTBUuvoGn3Qpk4DgXQEgXOCGhrrwAAAAAOgAAAAAIAACAAAABDJOQM4w/Oy+HD204TOFUDN3g4EiyrBaXaQANrfm3EajAAAADRefBGH5ac8rsjjhjK5MKyEc7Mk6cyjtKRhxXAcW4tIvzi+HiXxuVhLXvTo0joZDJAAAAAc3RwaviwuBKIC5lvWEVpWPZ6rweXkk4cCj5OuEAvAXa8jmDmMNVEfHbtUXJt3HYyeS5RVEsJKC1AbmkWM37tBA=="	avg_antivirus_free_online_setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3964	icarus_ui.exe
3964	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeRestorePrivilege	376	icarus.exe
Token: SeTakeOwnershipPrivilege	376	icarus.exe
Token: SeRestorePrivilege	376	icarus.exe
Token: SeTakeOwnershipPrivilege	376	icarus.exe
Token: SeRestorePrivilege	376	icarus.exe
Token: SeTakeOwnershipPrivilege	376	icarus.exe
Token: SeRestorePrivilege	376	icarus.exe
Token: SeTakeOwnershipPrivilege	376	icarus.exe
Token: SeDebugPrivilege	376	icarus.exe
Token: SeDebugPrivilege	3964	icarus_ui.exe
Token: SeRestorePrivilege	1332	icarus.exe
Token: SeTakeOwnershipPrivilege	1332	icarus.exe
Token: SeRestorePrivilege	1332	icarus.exe
Token: SeTakeOwnershipPrivilege	1332	icarus.exe
Token: SeRestorePrivilege	1332	icarus.exe
Token: SeTakeOwnershipPrivilege	1332	icarus.exe
Token: SeRestorePrivilege	1332	icarus.exe
Token: SeTakeOwnershipPrivilege	1332	icarus.exe
Token: SeRestorePrivilege	3076	icarus.exe
Token: SeTakeOwnershipPrivilege	3076	icarus.exe
Token: SeRestorePrivilege	3076	icarus.exe
Token: SeTakeOwnershipPrivilege	3076	icarus.exe
Token: SeRestorePrivilege	3076	icarus.exe
Token: SeTakeOwnershipPrivilege	3076	icarus.exe
Token: SeRestorePrivilege	3076	icarus.exe
Token: SeTakeOwnershipPrivilege	3076	icarus.exe
Token: SeDebugPrivilege	1332	icarus.exe
Token: SeDebugPrivilege	3076	icarus.exe
Token: SeDebugPrivilege	2444	aswOfferTool.exe
Token: SeImpersonatePrivilege	2444	aswOfferTool.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2740	avg_antivirus_free_online_setup.exe
3964	icarus_ui.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3964	icarus_ui.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2740	2704	avg_antivirus_free_setup.exe	88
PID 2704 wrote to memory of 2740	2704	avg_antivirus_free_setup.exe	88
PID 2704 wrote to memory of 2740	2704	avg_antivirus_free_setup.exe	88
PID 2740 wrote to memory of 376	2740	avg_antivirus_free_online_setup.exe	92
PID 2740 wrote to memory of 376	2740	avg_antivirus_free_online_setup.exe	92
PID 376 wrote to memory of 3964	376	icarus.exe	93
PID 376 wrote to memory of 3964	376	icarus.exe	93
PID 376 wrote to memory of 1332	376	icarus.exe	98
PID 376 wrote to memory of 1332	376	icarus.exe	98
PID 376 wrote to memory of 3076	376	icarus.exe	99
PID 376 wrote to memory of 3076	376	icarus.exe	99
PID 3076 wrote to memory of 2444	3076	icarus.exe	100
PID 3076 wrote to memory of 2444	3076	icarus.exe	100
PID 3076 wrote to memory of 2444	3076	icarus.exe	100
PID 3076 wrote to memory of 3436	3076	icarus.exe	103
PID 3076 wrote to memory of 3436	3076	icarus.exe	103
PID 3076 wrote to memory of 3436	3076	icarus.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\avg_antivirus_free_setup.exe
"C:\Users\Admin\AppData\Local\Temp\avg_antivirus_free_setup.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\Temp\asw.e784e661606178c1\avg_antivirus_free_online_setup.exe
  "C:\Windows\Temp\asw.e784e661606178c1\avg_antivirus_free_online_setup.exe" /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-HP /ga_clientid:03e3a42f-584b-4e24-80cb-319baaa1d958 /edat_dir:C:\Windows\Temp\asw.e784e661606178c1
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\icarus.exe
    C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\icarus-info.xml /install /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-HP /edat_dir:C:\Windows\Temp\asw.e784e661606178c1 /track-guid:03e3a42f-584b-4e24-80cb-319baaa1d958 /sssid:2740
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:376
  - - C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\icarus_ui.exe
      C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\icarus_ui.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-HP /edat_dir:C:\Windows\Temp\asw.e784e661606178c1 /track-guid:03e3a42f-584b-4e24-80cb-319baaa1d958 /sssid:2740 /er_master:master_ep_549a4c67-1308-44cc-b5a7-e0e20c7885f0 /er_ui:ui_ep_4e51616d-ae49-4e29-b506-93ac568b64dc
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:3964
  - - C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av-vps\icarus.exe
      C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av-vps\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-HP /edat_dir:C:\Windows\Temp\asw.e784e661606178c1 /track-guid:03e3a42f-584b-4e24-80cb-319baaa1d958 /sssid:2740 /er_master:master_ep_549a4c67-1308-44cc-b5a7-e0e20c7885f0 /er_ui:ui_ep_4e51616d-ae49-4e29-b506-93ac568b64dc /er_slave:avg-av-vps_slave_ep_6ddc3c59-d327-425f-a713-04e90a4c4d6f /slave:avg-av-vps
      4⤵
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1332
  - - C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\icarus.exe
      C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\icarus.exe /cookie:mmm_bav_998_999_000_m:dlid_FREEGSR-HP /edat_dir:C:\Windows\Temp\asw.e784e661606178c1 /track-guid:03e3a42f-584b-4e24-80cb-319baaa1d958 /sssid:2740 /er_master:master_ep_549a4c67-1308-44cc-b5a7-e0e20c7885f0 /er_ui:ui_ep_4e51616d-ae49-4e29-b506-93ac568b64dc /er_slave:avg-av_slave_ep_88cf84f1-d3fc-4e5d-8409-544830e0cc7f /slave:avg-av
      4⤵
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3076
    - - C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2444
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3980
    - - C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
117KB

MD5
ab996a22b18c4ec889d9bc4c9f4bc240

SHA1
964a2d692eb9b6dfa444416bfa6f0b95a93cbb49

SHA256
f780a7aa32469e8f4fbd87aacc5df088fbd9030afc0089854b316c142f270cd8

SHA512
ace67114669f72c87f4b8dde9bcaab89c9b1760beb4206c22bc789fe24d68f827a96e40835d85bff5feaf1e61e0fc7d8d58f951f371f34125cb81fae5765e144

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
71KB

MD5
808075f3796f56ab55f592d67bb0c693

SHA1
deb7fa2daebc2b63d9ac7fcd242dd20512477a3b

SHA256
9f809168baf4af69c952538643dd4f554b5c7923e23c0272c45d868718e860aa

SHA512
a3ca9e9bedd6f0d094d74e21cabe671d39472b61615e5a7dad9db1b93b03838709e1d23b894c273e15122ec953fbac091fb3bfefa5b363a1056b2616d3b4ed22

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
128KB

MD5
5956aa9970de49442359a1c0b745a3d1

SHA1
9aa1d203b2dd8e9be5c36f8cc53c6c6e9db5d08f

SHA256
2fc80f01654c7fdc409e01902d0a7144ce9c262d6d38f341ba130492694fd129

SHA512
f17efff812a7f893604dbfdc289d70dbf9508aeb661c52536a9f3aa7ac024a216a2a28342ff2c2b1c59621c30be1bd24f0b1705c39b056d1dcea8884b1515600

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
13KB

MD5
972612c9ceef116991254f2f420aaaaf

SHA1
489f2261bb93f779f5fe2c5aa3f685e3c14a9b95

SHA256
858728c6123b8a0c84e268a30da8bb96e12382ed2eba082cf23063caa9b6cc6c

SHA512
d23702172e7e8428a894bda5f89dbaf2bc4f8e6aa3e5eb68777ec3e9100657b473cbd15c33950ba5d39192ebdb2e41702cb9bd5545c78172ef66de20e276bd85

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
16KB

MD5
5232d33eb3f2c07532b6251259df2e11

SHA1
b6549df5e3cbb37e5969f0e6c5b64ce59032ddd8

SHA256
28362b8ed7ba7d2cac25489ae93db8df36c6af048e9000314f677eeee439e1e0

SHA512
a5ed8cc1cdca79268ae87476b782200e3737be0b27ba3147f3c5833830a12245555523448aa872f562405051bbdcb989ea7417cd83f8b00e9dd29cbae67d38ef

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
278B

MD5
b8853a8e6228549b5d3ad97752d173d4

SHA1
cd471a5d57e0946c19a694a6be8a3959cef30341

SHA256
8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9

SHA512
cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
168f03c5c241049561d93853fa2304dc

SHA1
ee086aa5bc60436a75015003cb2dd27ae57620ff

SHA256
374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e

SHA512
169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
6b6574e6c7491cccdd6e2cfbf05e8dc3

SHA1
954939626a0d09b6dc1f864e43b211795423af31

SHA256
1fc98c319fa973a1a4e5f393ad6701a33e177ffa15e160a6093b7a852b42c31a

SHA512
787829c7d733e05e9f76d6fd27449380cff11f2ac2c0bb606afce36b76cd5f0b2ae2e4d18e225ac74f40e80af3ee9bdd3d916299b7e93a7e656790a2f3353e21

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av-vps\config.def

Filesize
583B

MD5
88b8bbca6adfb658e9f64786290b1508

SHA1
a7e19f0be671882e7c0de8d546482d20045139de

SHA256
a98977649c4c1e25f732e3023515cac1cf5d54df88d58c170dde6f895bc695fc

SHA512
b7329cac2951e04645771d207dc0c095fe81dfa17bd3df185f4da1e1cc4f726750a48921fd97345b6777638e212624d4f0d3824d39f363d9421bbbffd44f3968

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av-vps\icarus.exe

Filesize
7.7MB

MD5
d4a25f1fb035722ff5bd2b14225397e6

SHA1
dbee26fb1e0bbc7532572b0d36a851fb13b9d726

SHA256
26d05ee137d76b2266d2b907b584b908661f07fad791ebb1a355c5378d9af775

SHA512
e870d9a6f60a05c2789b8996b031629951eefca4bd262285cf94233e9e8a4246df286e99f57f2e9d2849123c9d12436b71e4e967b700e68c30cc18bdfe44025d

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av-vps\icarus_product.dll

Filesize
856KB

MD5
12944ff977e49d3494863739a126ad27

SHA1
46372ee27fb8c9ddd6f239aab16a014f45bf4cd9

SHA256
4ceb166b78a9b1c31eff514995226747a4016fe68f0567896f5c0ec4d5904de1

SHA512
f8e5ba114da526ba9ba36ebeed6a8684520623aee043dae9a574f37d303cb7418758b26e524f2818342573de23ffc6fb3ec4b18e0b9e7a5e9da4c3a237f5d276

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av-vps\product-def.xml

Filesize
58KB

MD5
b56916ba5e723a79776529fcc10b18c1

SHA1
478503499bd69c04b62a0c265ac12ec9e68ad7b2

SHA256
026588b232f57854131e39a67e52b9eb1ed53c2d150388c2557d8794e91440a9

SHA512
a75ad55bdef9002e8c9cbdfa68b5c9aa3b6c4336d034600e3a7e8042155d40ed52dd2a3733d57e64a905fc02740acfbc04eaed570e8643e4efae4d712090ded5

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av-vps\product-info.xml

Filesize
5KB

MD5
c8e8e4cfb6db62d53931666fd856ee7c

SHA1
64ced5408ce2f48fce09769251a427ed012dbf9f

SHA256
218f5384ec37f48255a877e129d8b6c1fb9b13978a738c162003c003f51b864a

SHA512
2200ef836d506d67fc2811594bb2646fa8961accbe5214a84b42b9e9993f026f6da13d87f8973acba1c41829140a7e9c9fabd4e0916da5c8e494adb5e340acf1

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\aswOfferTool.exe

Filesize
2.3MB

MD5
e771d9772ebc6a5a15b0ea9e4a64ba7a

SHA1
f36375be540ab9831d546f007cee5582dfa55520

SHA256
ddf9ba1aa5130a36a4adab9fd7f28ea3701807c7aec98514e83c561359c12f00

SHA512
f1ad59d9468852d341563cbf42ca707b416e685866d2cfd7e74f5d4a0ae211376533419c8fb052a1bebfcec52852af6dd9fd22aac47983d05b04d3173198b2a9

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\config.def

Filesize
757B

MD5
264d61ef38e6f06891da07c11bf71436

SHA1
e4a258aa41ce4aaacdfa7f5c0f6f11d4859fe1b2

SHA256
96976bd5ecb653aded30321685e44a59886901652c031de101e3a13326d61387

SHA512
c818737bcb76b4d50673c8007118320f0b6081108f4934016a04167d5a8f4835393274438769e05276c5db79c5d9f5e4e3748788a1439c974bdf16b3d5dd6890

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\config.def.edat

Filesize
20KB

MD5
e16956d111d674a6d37ade3b7dd63b1c

SHA1
be435ddb156451a6417d42299d91d4972a34a9b3

SHA256
67dd20872ec1a4e1e12f66c3c5ed6d9e6543ed2857739086f3b0492700ba6c40

SHA512
2073b684b192c183d666efd4f635fde258fb469eaf605d23b9462eade867730c070a47829a47c63e64c4d697a8923544a5de37b6616bb8e2aeb12a9885d82231

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\dump_process.exe

Filesize
3.3MB

MD5
fca231a72f159864ef730897768fe097

SHA1
2c29bca3bc8f8fc5e86d35fd2cb91c0176ca309d

SHA256
9cadb56dc6bdef59526a6aca8423fbda0000124bf15228cd536bb178eeee812a

SHA512
fb4f1bdb2a40e02b10e2d8a290f9bee19d4ccbca33c0b9a056a0fb0536035361b853614dd1807461429b1aaffac034f26fa4e35ec01c04ad2d7423cc90a0d47f

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\edition.edat

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\avg-av\icarus_product.dll

Filesize
5.9MB

MD5
3f4bdb3fa0d5bc6f9cdbae36115e952e

SHA1
e6a7def41028ca6a154163e12cbdf1131f2c92fb

SHA256
95e7e44dbc8f6e4362d00031d403f24fe15918251c39310f40a9e2634549958f

SHA512
d41e069128800fc7004abf63143a20928995841ff6429d8d7e99aa2860f9efc6884e2f250fb17ccf8eb633c766c7c88673c542056dc1783c1e464d6ca6b5ab5d

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\bug_report.exe

Filesize
4.7MB

MD5
b269c45ca54af5b57a5b2115d9cdb8d5

SHA1
67d886792df5b3f718d5af2d77a3aa0532cae1c9

SHA256
d9367c5e474bca83cb06f583f2fb42ef2517d769cc82722201a0902c0b90a32a

SHA512
2df04cd928f2e9c871c5ccda5f033f784cc32385a94a4ea1d8a204f9dc335331fc65459387f9c24295155e0ea39ffde4a38965653968048d45dbab76e7f06106

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\icarus.exe

Filesize
7.7MB

MD5
251369428a0e2d87308e7a9faa387270

SHA1
89556991dbde37bd48ced113209bf451f7e4e74c

SHA256
2445f8a0b75beb1a77428c2d605189876222fb9d53e3b187f7b7fe8abe3386c0

SHA512
b720c02c0a359c10163ffbe8d00b456dbdbd26ae4c59098fb454cc3ab2ed4e9d710114eca3818cbbca201cf8366897d8bac213e9b0a5a677cd4453b7bf7efe5c

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\icarus_mod.dll

Filesize
14KB

MD5
f37b83a39f1c7b6a87d0c4b41091cd87

SHA1
e660152ef530d105975e9bab5858c0aeb4360701

SHA256
dbefc0c1a7785fe08ae05046f72095acf3f3bfc348d370c99e4ac05b09c7ef46

SHA512
3ec739c9feb5c9379f045c3dcc02258fb41ce8a4731fbad44ac16ea1ccdb8ba23602371cb60dca9ec17115fec8c5a3ad7b78c14069dc564d181e862b8b7d961d

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\icarus_ui.exe

Filesize
11.7MB

MD5
a8ac4e9fc79ef367d788f434d8e04d45

SHA1
827f9a298fc35d7a63bb6550a5aaade7207fdd84

SHA256
4d26a67d9fb882ba9ddb9a8f90cfc0a1f17c5f526abb83671f6b958f1bc3cd05

SHA512
0ee5405c95dbdcf82811866211e48d147837480e86cb5e724c285e382d7999164c15e5d60f3824a9d4979c301a781fbda0895e25db7169b5eb81cf4a95547b29

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\product-def.xml

Filesize
1.3MB

MD5
a61782bf711e98c41336c861994a5a65

SHA1
306964c8a142b3a6e0e826cca4db1fd948aa9c81

SHA256
26032ae10582074d1b38f8ad95372cfc56ce273d7a2766b2a0ddeabb1e90bf0f

SHA512
428cf6a6d5f5d56ef94bc48d8975398155f6b4a378ad29bf49a28c5d779e894bbaa9f406a46cbe45252a3ca8a1f0af97ad20f1aaa437c66ffe44534b6f00390c

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\product-info.xml

Filesize
9KB

MD5
1cd82588f7c425083e7c2df8d3a635da

SHA1
4c075d43b104d3bad2802e134844d64caf12998f

SHA256
275e2b5fda8c7924dac945914ca156e4b5a6d7c76947d7299a7b907d798de199

SHA512
f4e142f52a584324083f411b02e9189c5462c40c9a13d16808fd0adbe4cfa36ea01dfcacfba5b4e935ccf490fca5d4bdf0b0a5d11b2b5eddd51e5325f26ff5e4

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\common\setupui.cont

Filesize
381KB

MD5
8f4bc5b548488be6e6fb1f25ca839b65

SHA1
e1f5831f3dddeceb7d75413a64a0ee19077d1a78

SHA256
9fccf24557f7691f06726fa651a35b48bdbac4556cb63188ca7c8030c0426934

SHA512
7416a9b9d55ddafb16b5ffe7393e3d9d736a02cb0d57ee795103067304615d2796405d00a89782b83edc7a70722676fc571581ad58ffef9978635672441da92d

Download Submit
C:\Windows\Temp\asw-46a9de46-f948-4dc1-84e2-316e1dfb48f3\icarus-info.xml

Filesize
1KB

MD5
907800b4db9727830080dc4927849d05

SHA1
5b20cef4db66eaf660550ffc568db2894b7507fd

SHA256
84ab16dd9f90edd2694471b0354fda998dbddfe2c0e4e4d0b42c19fbcd6d69cd

SHA512
779f4899977dd317f596a02d3bf173f06b4da5bcd10677ae9efb040ab4b8223d1bbebc4d61db9bb41b6485c59307b01255938bed972510f2b2502f5c1c9deba1

Download Submit
C:\Windows\Temp\asw.e784e661606178c1\avg_antivirus_free_online_setup.exe

Filesize
1.6MB

MD5
89799311702bd341aa9b7daee903b5c2

SHA1
b32e451773202bbaa8106d6f6a72cad8c6ccfe3a

SHA256
fdd5db7b0ba463d31fc12a0478854e393e02102164f6b19cebb7cd3ac496e2d3

SHA512
2bfff85071aa51ab8e11207750845e4d4c89acd7e14ef095130aa701f2e8e9334b4e454c74471fe9564e0b2494a5e38c94555dc1a4331898a56db44bfcfbaea4

Download Submit
C:\Windows\Temp\asw.e784e661606178c1\ecoo.edat

Filesize
37B

MD5
65cddb95b81b0380109328ea2049737e

SHA1
c38fb2938756a4d0e370fc821f7cc9e85c7c0cc2

SHA256
0ad0b32afa73da0ff038cf153b0717a0105b6fd7b872cf81d9441d5a040f7309

SHA512
37dc0a673c2a5b6ce53aeb8c372053ec3f79f7e1a953f5fd4d6aa7ba7c29a981dfe71f3cf5ef3a064920e6a29f50aa9cf7a064452a3b3adcbc3c8e66a1d726e6

Download Submit