101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe
Size

236KB
MD5

b90572d29f92a88509ebd6f8ff097509
SHA1

5c52222fb58c98bd97abc9d236d3eff31b5f2d58
SHA256

101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0
SHA512

de1762cf0eb6a694d331bba372e77ddd1b22a2e8e5d31b0ee29f68285e382954d2604de4c466683423bc50d3dfe10ad30dd63306e06731c4482bebcae4a8041e
SSDEEP

3072:pl1JbTkyv8chtbsWAgRtsMUh6wogvb5dhIWd+MtWzALXJV0pWPGWgNXVFmtAG3EI:plPTrt8gRCZogvbD9VWz2o4j3EV3qN

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
2148	avg_antivirus_free_online_setup.exe
2496	icarus.exe
4048	icarus_ui.exe
4976	icarus.exe
2724	icarus.exe
2620	aswOfferTool.exe
4672	aswOfferTool.exe
752	aswOfferTool.exe

Loads dropped DLL 6 IoCs

pid	Process
2940	101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe
2148	avg_antivirus_free_online_setup.exe
2724	icarus.exe
4976	icarus.exe
4672	aswOfferTool.exe
752	aswOfferTool.exe

Writes to the Master Boot Record (MBR) 1 TTPs 5 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avg_antivirus_free_online_setup.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avg_antivirus_free_online_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe

Modifies registry class 13 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "1f373dbf-5bc7-4bad-8074-5d111b241e68"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4"	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "1f373dbf-5bc7-4bad-8074-5d111b241e68"	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAE+nMqiNb10SvSmQjvepaBgQAAAACAAAAAAAQZgAAAAEAACAAAADrTZ9F7sM+r12BNWcurqizerouc0wQ3diMQXN8USJzKAAAAAAOgAAAAAIAACAAAABfL23I6WFu5a9oJCx0MA5T7m1g6kBWbcbGHSZIxMkNGjAAAAA/Lkl+FpnPEa1VyAlPnoOORQeIm6m21kVLzFT0Vft3/tCpAHn2kgpoa1OoAs8jeCNAAAAACad2sAwo1qcGV9InfT3BxbL6yfsc9okPqrc/Wyoo0VRfuIcYD2UdBcSgyzLF5+A83yI+XSKNAYurQRF3hdchIg=="	avg_antivirus_free_online_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "1f373dbf-5bc7-4bad-8074-5d111b241e68"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "1f373dbf-5bc7-4bad-8074-5d111b241e68"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4048	icarus_ui.exe
4048	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeRestorePrivilege	2496	icarus.exe
Token: SeTakeOwnershipPrivilege	2496	icarus.exe
Token: SeRestorePrivilege	2496	icarus.exe
Token: SeTakeOwnershipPrivilege	2496	icarus.exe
Token: SeRestorePrivilege	2496	icarus.exe
Token: SeTakeOwnershipPrivilege	2496	icarus.exe
Token: SeRestorePrivilege	2496	icarus.exe
Token: SeTakeOwnershipPrivilege	2496	icarus.exe
Token: SeDebugPrivilege	2496	icarus.exe
Token: SeDebugPrivilege	4048	icarus_ui.exe
Token: SeRestorePrivilege	2724	icarus.exe
Token: SeTakeOwnershipPrivilege	2724	icarus.exe
Token: SeRestorePrivilege	2724	icarus.exe
Token: SeTakeOwnershipPrivilege	2724	icarus.exe
Token: SeRestorePrivilege	2724	icarus.exe
Token: SeTakeOwnershipPrivilege	2724	icarus.exe
Token: SeRestorePrivilege	2724	icarus.exe
Token: SeTakeOwnershipPrivilege	2724	icarus.exe
Token: SeRestorePrivilege	4976	icarus.exe
Token: SeTakeOwnershipPrivilege	4976	icarus.exe
Token: SeRestorePrivilege	4976	icarus.exe
Token: SeTakeOwnershipPrivilege	4976	icarus.exe
Token: SeRestorePrivilege	4976	icarus.exe
Token: SeTakeOwnershipPrivilege	4976	icarus.exe
Token: SeRestorePrivilege	4976	icarus.exe
Token: SeTakeOwnershipPrivilege	4976	icarus.exe
Token: SeDebugPrivilege	4976	icarus.exe
Token: SeDebugPrivilege	2724	icarus.exe
Token: SeDebugPrivilege	2620	aswOfferTool.exe
Token: SeImpersonatePrivilege	2620	aswOfferTool.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2148	avg_antivirus_free_online_setup.exe
4048	icarus_ui.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4048	icarus_ui.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2148	2940	101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe	87
PID 2940 wrote to memory of 2148	2940	101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe	87
PID 2940 wrote to memory of 2148	2940	101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe	87
PID 2148 wrote to memory of 2496	2148	avg_antivirus_free_online_setup.exe	104
PID 2148 wrote to memory of 2496	2148	avg_antivirus_free_online_setup.exe	104
PID 2496 wrote to memory of 4048	2496	icarus.exe	105
PID 2496 wrote to memory of 4048	2496	icarus.exe	105
PID 2496 wrote to memory of 4976	2496	icarus.exe	107
PID 2496 wrote to memory of 4976	2496	icarus.exe	107
PID 2496 wrote to memory of 2724	2496	icarus.exe	108
PID 2496 wrote to memory of 2724	2496	icarus.exe	108
PID 4976 wrote to memory of 2620	4976	icarus.exe	109
PID 4976 wrote to memory of 2620	4976	icarus.exe	109
PID 4976 wrote to memory of 2620	4976	icarus.exe	109
PID 4976 wrote to memory of 752	4976	icarus.exe	112
PID 4976 wrote to memory of 752	4976	icarus.exe	112
PID 4976 wrote to memory of 752	4976	icarus.exe	112

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe
"C:\Users\Admin\AppData\Local\Temp\101108589837f4d10ff229ed51adb4914f7d2bd6e7db4a1e2501ee718d2fe6d0.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\Temp\asw.d921080318f531a6\avg_antivirus_free_online_setup.exe
  "C:\Windows\Temp\asw.d921080318f531a6\avg_antivirus_free_online_setup.exe" /cookie:mmm_bav_tst_007_402_a:dlid_FREEGSR /ga_clientid:9fc99a5b-ea0b-4cc1-a5ff-8f692cabaf21 /edat_dir:C:\Windows\Temp\asw.d921080318f531a6 /geo:GB
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\icarus.exe
    C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\icarus-info.xml /install /cookie:mmm_bav_tst_007_402_a:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.d921080318f531a6 /geo:GB /track-guid:9fc99a5b-ea0b-4cc1-a5ff-8f692cabaf21 /sssid:2148
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\icarus_ui.exe
      C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\icarus_ui.exe /cookie:mmm_bav_tst_007_402_a:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.d921080318f531a6 /geo:GB /track-guid:9fc99a5b-ea0b-4cc1-a5ff-8f692cabaf21 /sssid:2148 /er_master:master_ep_a9bb97b7-0891-45a2-9a38-dd0fd6725c46 /er_ui:ui_ep_335d961e-69e2-4479-a9c7-f48203da8aeb
      4⤵
      Executes dropped EXE
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:4048
  - - C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\icarus.exe
      C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\icarus.exe /cookie:mmm_bav_tst_007_402_a:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.d921080318f531a6 /geo:GB /track-guid:9fc99a5b-ea0b-4cc1-a5ff-8f692cabaf21 /sssid:2148 /er_master:master_ep_a9bb97b7-0891-45a2-9a38-dd0fd6725c46 /er_ui:ui_ep_335d961e-69e2-4479-a9c7-f48203da8aeb /er_slave:avg-av_slave_ep_255ddec8-1671-4f73-8d2a-9f4952dfc1d5 /slave:avg-av
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4976
    - - C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2620
      - C:\Users\Public\Documents\aswOfferTool.exe
        
        "C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4672
    - - C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\aswOfferTool.exe
        
        "C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\aswOfferTool.exe" -checkChrome -elevated
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:752
  - - C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av-vps\icarus.exe
      C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av-vps\icarus.exe /cookie:mmm_bav_tst_007_402_a:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.d921080318f531a6 /geo:GB /track-guid:9fc99a5b-ea0b-4cc1-a5ff-8f692cabaf21 /sssid:2148 /er_master:master_ep_a9bb97b7-0891-45a2-9a38-dd0fd6725c46 /er_ui:ui_ep_335d961e-69e2-4479-a9c7-f48203da8aeb /er_slave:avg-av-vps_slave_ep_b407dee7-0980-47f7-9815-2e8bfdec95ea /slave:avg-av-vps
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
64KB

MD5
cccf42c71963e12fbf92491afdd830f5

SHA1
ae73f8a49a1e5542a5549df8c05793e8c3c3f7b0

SHA256
926a33694b83d8266b2a1af43769c7f86ce1e3166fd5cf6d932732c035da33b5

SHA512
bab6531db261ea005fba7b2f795c89df8311844e09f7c4a2e026a51802e007ae1ec063dadc087bea75577df649017bd6d7dbb5361098af2869c8776607401af5

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
124KB

MD5
7c62194af9bf551cb8bde17df7c521e2

SHA1
814f32d4d6d2d26d33c33d92bed53a66589e8348

SHA256
3c37807a0a664014546015e6d8b21cd2227662a57990a3d8b15e315f32525bda

SHA512
cc24d787551ebcb94d5b10f12ed3f274804b9caf34dc94075b0cf5d29d4b382089eb51cd71ca0163b011ce515644510b3a3a3c1529757ab6df59956094d05b94

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
127KB

MD5
63bc69ac462c113024eb1581fa8e9635

SHA1
a6945d5dbae6c6d9e1f3a2d946da9c8ef38dbc2c

SHA256
51dcc3d7166a7a3850937dad92c25ef7ef50bf310032a96e983b4bac8e0f3a76

SHA512
bf3618088e7a5c36a098bd17e032b9228d5cc828a24c6a40301899510fb1041706e871b808640865db002f0991f0256dd278f192d97a52adb38dff4b0da6b146

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
13KB

MD5
0bac3bd0810eddbf121e5d0f922c949c

SHA1
775cd9a17b9e7715186d227608a57fbbd6fc424d

SHA256
0e9db112394a25fbe498ca9d9081fdf87e3f85042fe6fc154d93235c923dcc84

SHA512
6e66229c0036f2fa21aa54daec211c45354318f518b566e2ec06fbb4e4b4b56cdd45ff5b3b1448beb3e485955917470144afa496ac2f44613b74b82fcf9881d0

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
18KB

MD5
86a09f608928060ca40474a0de28c5dd

SHA1
331c55eed939671cbf3c04c11e4ae25ee30ddbe6

SHA256
f55bc126a77b78d3e49305053af239c7c377f83eed5ac47706aa11235933f060

SHA512
c6ec63f44bcdaa86dc504e2c42a1e1951605262ab98534d39daf04705e91a7ddb07fa66345c1ca99f39de3dd79131d23c05206cf44f9e3ee57ceeb37afc2bc01

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
278B

MD5
b8853a8e6228549b5d3ad97752d173d4

SHA1
cd471a5d57e0946c19a694a6be8a3959cef30341

SHA256
8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9

SHA512
cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
cf7d2ba867042501d22fe4651ec2084b

SHA1
ee2b6143daeb6693a034f46fa69cafeb798a7449

SHA256
50e2919ba15af354d757bdd8ae19eb931e4fb9ad8c0a05b6acab7a97898935a6

SHA512
4f8807fa9c3fb81b6a3b53396a0bc18aa7cb68f1a61b804c3b848f433baaed380baccdbfc50442dab5a225031ba8ad1e9c9024823ba3306f92334ee79d7ffe53

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
44f14c50d3fb602809a58568a138ad1d

SHA1
d791843304956cb7a2f1eeee05b9e4c835d9ab62

SHA256
77e19342b99dd30b73f059956fa0e19fe0b6e5626327a25ed35c70a46e114a58

SHA512
35f90e30f820e36f8482e7cd1432653488552bcece8f491c24f6d2ac84789bb08458cf5cda714d26cc5d9b01766a71971a2435a5cec64d026c299230230e48c8

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av-vps\config.def

Filesize
583B

MD5
88b8bbca6adfb658e9f64786290b1508

SHA1
a7e19f0be671882e7c0de8d546482d20045139de

SHA256
a98977649c4c1e25f732e3023515cac1cf5d54df88d58c170dde6f895bc695fc

SHA512
b7329cac2951e04645771d207dc0c095fe81dfa17bd3df185f4da1e1cc4f726750a48921fd97345b6777638e212624d4f0d3824d39f363d9421bbbffd44f3968

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av-vps\icarus.exe

Filesize
7.7MB

MD5
ace48977d073aa05e3412fd757f9f783

SHA1
21a90b75070f15bd958705506798a7a0b5e781ce

SHA256
600262a93c0f705e68bd3f888f3a0dba02ea67586f4528315b97c18af0c52b64

SHA512
e49d5ed1f70a3bce0d92328de4d81537f2d6c3d9304c416f3f1c5cb4fb214284c20bfcb5b5c9eb39756dae3a2a6ab2112b6d60d0d132f48dd7effcac650c4654

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av-vps\icarus_product.dll

Filesize
856KB

MD5
38743d7ee28b5699346b729279b911fa

SHA1
1ab272b677a59c6a34440b2bbdc2fb9863ce438c

SHA256
2c25e4e2298e5fa8d36f4778385836044fb5c474dac0a640bab3e5feda16da65

SHA512
983931599d4f447c9a768f3434dd07e4e7aec02907bbf26a7f63cfed810075ce3157da381a22eeb6739de7eeb7c1eee4fe0d21a5844beb10d3c8e00089d9c856

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av-vps\product-def.xml

Filesize
58KB

MD5
074397894d15befc2d80a72d87711d6a

SHA1
7a936d3240ee386ecec9afb05236252fbd922bd2

SHA256
207df4e06add462da454bdb4577f7b58a2cf1c5b3ea8ebd3be3b2db6f25c88e8

SHA512
8edfb07a5ee6d8586914ab6fc6e4f736e3031a8fd3188d1f337249013c093afde36bae9f3fd34a755a04581b6b7fa9f10acffdc5db705b4534af60ef1f3b12fd

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av-vps\product-info.xml

Filesize
5KB

MD5
5029b17f6ca72849ee345c3a5df8c478

SHA1
f9a4a38999e678d7660a5c7d009166710cda1b51

SHA256
389dcbd5ff998ded7cc9e4f2042927900c7023503b8f581b058b367cca63fc8f

SHA512
a57ba850be0f8e3557dd1988a9d6efe202f24c17794a0e74b09cc66a0061e6c36cdc397d28719990500910f0b8bdeecce5562b52802db3ac11fde71e65b1895a

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\aswOfferTool.exe

Filesize
2.3MB

MD5
540ba85561d8f29851603be4faab266a

SHA1
88caf855b9eef93980277312321951e1675e2035

SHA256
4aa31f81f324df466e31325ffd707dce1780ebef732cc8d2ce6ce02d7140173b

SHA512
293f33ebe731c3aac5b1a981a2f92952b28199b968080a0f0822b0f262e215c776bd7c8549284bb17e811bee89fd6886c8a96e28cc509a0e954ad88bcd76f618

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\config.def

Filesize
709B

MD5
6a47774e5420259e2af37a824f889aa9

SHA1
3255a3cfb96fe2358f7cddb87f446f458bd6cb1a

SHA256
bc30e575c481db1d09d012354bd1836abb8b52fc67d069ff50d5cc4d618e2565

SHA512
fea9b47b2b9bfd33a994dbb1cb3f8faea127e20499c79eea146ac7ccf80f3ada42f45b9c7a510c0e629fb566b1ad299a3e7d415dfe0d1220720035f1d6811263

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\config.def.edat

Filesize
20KB

MD5
8b374b550adbf0e900f081394490e8a6

SHA1
c99ddd3cd3c107624d891901704da201b6c34975

SHA256
f3b71692fdbbcd129b14c8ceedde570d7f15154de92bafd0fbfc5914c7aa3b3d

SHA512
8357bfdeb55c29292cdabe56b1afb6aa0a5c0e8f8e60c0bd6f0a2a5e95ab24142745a9b595dd557372af52945f5a567a8741224c10b2329e2abe2f2d2bea4ab4

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\edition.edat

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\avg-av\icarus_product.dll

Filesize
6.0MB

MD5
3de8201916344b1a766908e492bd1019

SHA1
2dbdd5a0d85fdbc46892cfeb576ef559f022807f

SHA256
e3ef98cb25785ff1df992b116eb238a80eab17977c72f7dcd8bfeb15981c3371

SHA512
370b33e3f5aadc5a33971c143f200e2bc14e7718b154cf0707f2d6b640734369f64cb594b444231c652b9ff03917a3899e9924274458f48a764276ea5ae859f9

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\bug_report.exe

Filesize
4.7MB

MD5
31e948ad14e9e68685c69b3d46d71b38

SHA1
9136c6b0e0f266132e9e802d3e5e9f510ea608ff

SHA256
5445a6af3bf675fb142d6dd3365c3d1f65967338bfdce8596543c1bcc1a88a46

SHA512
b20fae2a75b757a502c7f261571a6ae1ff1bf98fb0719abba8a3de27685dffd4e7564c06624fbe2b51d2eb7c39be6de76f88026276128710d7e26be7c2d12043

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\dump_process.exe

Filesize
3.3MB

MD5
b31e22903a16d20d86a80febf8007aae

SHA1
110207bba3f797e6db6256ab9146475ba95c57ef

SHA256
ba2f161b7f85a9d2db0a6d624b45543fe2d25f58419b588d2af767a571fea7bd

SHA512
28040932cd268fd064626b9c078f33e28d5f63806066af342f6752a86dbc4d6a3df26a0c4d4be63626e9bde5ddf9138248f5e4dcc0c588141369049c485ae39d

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\icarus.exe

Filesize
7.7MB

MD5
0cd5718f7f5f8529fe4ff773def52dac

SHA1
9ba08a6246011359f5493856ad5fc0355e0de4f5

SHA256
d52114b057504439df11368add0a66b037622f24e710731b1366efe271c9df78

SHA512
a2218dcd6f0a0e676c23106bd717b5eb22614b3900bee5d47ea80e1acc4b87859e6f6dfb63c0d3cdf3ec4f37c12407ef56c2c7964ae141b393c7e94368ca820a

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\icarus_mod.dll

Filesize
14KB

MD5
934c0e7759e708657c2f77eb75902ae0

SHA1
43a6abed472ca7d8d002e045031f900c4a67f9c7

SHA256
b9ca3d2e44af8cf61696ab10dd5bbd16ada02a32207e4ca454a4b9de6e472f2b

SHA512
2c34f98a5020496d1ba7529c5a1a36d6f0938edddb02d75a189e83be02de22bbb563a586bf8c3e090b510c0f24e586447ab237bfff09b166f49acca052d71e07

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\icarus_ui.exe

Filesize
11.7MB

MD5
cf058eaa95ead820532b59b686023e53

SHA1
49709cb9b40fa558e67e24357251dfe9041fc6b9

SHA256
66dc1ddc009eeac0da023172a5410a05d44324907f91fe4258420a9d17f7e859

SHA512
6b93b0f4c8b487ccfe6b687c47555b2124636d216cbb38cab0f387a1c51c19392ec026c60f023b3664c03d0414d663a5935060bd223344df3acb7dbd6971bc6f

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\product-def.xml

Filesize
1.3MB

MD5
7536a42465eaf94530982f592ee00f1f

SHA1
2c812dd88f83498f4a7fd9f1f801fb776dd2ad76

SHA256
2d97b73e44eddccbea3bc8edd9c1f3d2f2f242b4ee9d4792be50a0370c31fc46

SHA512
e045c2ae75a203c0771566050144f8bd63fac7098b0f24d02fe25dfaea3c08f640552d22f66f0d36b2fb4d5ce02d5be01694b7ba61b39dabe4843d74f6746b1c

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\product-info.xml

Filesize
9KB

MD5
bbe3743aeb4c47fecc4c94b9d5cf7d27

SHA1
067c289e203fab588aee2aa5dd2f3791e791adb3

SHA256
70c4b4989bcff73809711ccca4ac1bd0459c0814929398c23b6239c04c680f77

SHA512
72d231e4aa1d07f898470147f319dc011368dd89bc2aaeff19f27690bb4ff408e61c3855eeac8d9cdb5db910144c4f7e27a8983116598c0d5d8b705c98bf05de

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\common\setupui.cont

Filesize
381KB

MD5
1a91f1db1b66709aaf1a7373860791c0

SHA1
aaf8435a3379aea3272172a9d1b5c4d75b111e05

SHA256
4c3e3fd5b5731973696377d11d8b11553b039e1facbe1d652477178599ded37e

SHA512
65e4f888abeb06f84d885b31ca830eedbffbea5fe3f0e30dfba6fb47c8cfed18af61b726858281885fdd74b408e5f9587a267b114f9d35ddb3074ed02a7303f9

Download Submit
C:\Windows\Temp\asw-cd8398b9-d544-4a02-b1cb-f9bc4f2e6f49\icarus-info.xml

Filesize
1KB

MD5
9108ea746524435786ff3029a836a691

SHA1
5925fef38a92eeae904e54492b78e4cbfed7f3fb

SHA256
9f576eafe462b42599a3d1fcc50ff1a6916c114c5d49f9beb9d10d8b4f4bba2a

SHA512
a0a5016f8a0555d648287e4253716a0d23bb6bfe6107deced17cf878a92beb0747bc36e1c4fc82609f21e6d979fa7c76f33a3ad95b1a0d4390afd04e06d96ebb

Download Submit
C:\Windows\Temp\asw.d921080318f531a6\avg_antivirus_free_online_setup.exe

Filesize
1.6MB

MD5
678507e1459f47a4d77aace80d42d52d

SHA1
80703904ffc940857ec8a10aca910b4eb26c6965

SHA256
0dbc254fb42ccb7eab3122ec98798233d83327b2d19e2a45706cb79101a843e1

SHA512
087d046dc4fb5e2bfb74bb16fa56e7d16c7f5aad19e4f14992dc167590f270d2d1b8da7e44172765999964a387488e0f64a813671e759d5a8bd958ed167fbe93

Download Submit