Техническая информация
Изменения в файловой системе
Создает следующие файлы
- %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log.tmp.e5246867-d2e6-446b-8789-a88d13d00124
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\setupui.cont
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus_rvrt.exe.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\dump_process.exe.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\bug_report.exe.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\product-def.xml.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\product-def.xml
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus.exe.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus_product.dll.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus_rvrt.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus_product.dll
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus_product.dll.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus_rvrt.exe.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\bug_report.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\aswoffertool.exe.lzma
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\aswoffertool.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\dump_process.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\bug_report.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\product-info.xml
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\config.def
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus_product.dll
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\product-info.xml
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\config.def
- %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log.tmp.6553b18b-e633-41ca-9d20-30fee64e54a5
- %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\gcapi_17140752983048.dll
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\bug_report.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\product-def.xml
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\dump_process.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus_ui.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus.exe
- %TEMP%\d566d7d7-dcd6-471c-8109-be0ad33199e3
- %TEMP%\6358c710-b89f-46b9-93f2-f6cac44f5286
- %TEMP%\f07d8c6a-04b6-4025-869c-70a788d7b5c0
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\67c1dde0-269c-474e-a32f-02be13d583c3
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\icarus_mod.dll
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\product-info.xml
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\84c49358-0e48-4aa5-88f3-d2b4b46d381f
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\icarus.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\c474bdf1-2f54-4e48-91c5-2ac9bf918d4b
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\icarus_ui.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\74f5bcf2-034e-414c-bc52-91e10d0b30eb
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\dump_process.exe
- C:\users\public\documents\aswoffertool.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus_rvrt.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\cf64e038-33b2-44de-bc13-954fd15da548
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\product-def.xml
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\9fc404a3-93f1-4195-970f-0ba71d9f4a13
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\setupui.cont
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\edition.edat
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\config.def.edat
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\icarus-info.xml
- %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log.tmp.f9337a94-a73e-44ad-9823-adcbae6e14ea
- %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log
- %ALLUSERSPROFILE%\avg\icarus\settings\proxy.ini
- %ALLUSERSPROFILE%\avg\icarus\logs\sui.log.tmp.a9c57e26-bb19-45e4-bdc4-9e8f641ecce2
- %ALLUSERSPROFILE%\avg\icarus\logs\sui.log
- %ALLUSERSPROFILE%\avg\icarus\logs\report.log
- %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\e9986722-30a6-4079-93c4-541a4340845b
- C:\users\public\documents\gcapi_17140752991480.dll
Удаляет следующие файлы
- C:\users\public\documents\gcapi_17140752991480.dll
- C:\users\public\documents\aswoffertool.exe
- %WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\gcapi_17140752983048.dll
Перемещает следующие файлы
- %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log.tmp.e5246867-d2e6-446b-8789-a88d13d00124 в %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log
- %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log.tmp.f9337a94-a73e-44ad-9823-adcbae6e14ea в %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log
- %ALLUSERSPROFILE%\avg\icarus\logs\sui.log.tmp.a9c57e26-bb19-45e4-bdc4-9e8f641ecce2 в %ALLUSERSPROFILE%\avg\icarus\logs\sui.log
- %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log.tmp.6553b18b-e633-41ca-9d20-30fee64e54a5 в %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log
Сетевая активность
Подключается к
- 'ho####.avcdn.net':443
- 'an####ics.avcdn.net':443
- 'pk#.goog':80
- 'an#####cs.ff.avast.com':443
- 'sh####rd.avcdn.net':443
TCP
Запросы HTTP GET
- http://pk#.goog/gsr1/gsr1.crt
Другие
- 'ho####.avcdn.net':443
- 'an####ics.avcdn.net':443
- 'sh####rd.avcdn.net':443
UDP
- DNS ASK an####ics.avcdn.net
- DNS ASK ho####.avcdn.net
- DNS ASK pk#.goog
- DNS ASK an#####cs.ff.avast.com
- DNS ASK sh####rd.avcdn.net
Другое
Создает и запускает на исполнение
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\icarus.exe' /icarus-info-path:%WINDIR%\Temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\icarus-info.xml /install /sssid:1224
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\icarus_ui.exe' /sssid:1224 /er_master:master_ep_24c229e1-7801-4567-bc7a-0289889a5365 /er_ui:ui_ep_e992e4ae-87f5-4fd9-8535-d868678cc446
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus.exe' /sssid:1224 /er_master:master_ep_24c229e1-7801-4567-bc7a-0289889a5365 /er_ui:ui_ep_e992e4ae-87f5-4fd9-8535-d868678cc446 /er_slave:avg-av-vps_slave_ep_b01578c6-7c4c-4fbf-afc8-2747c6a69c50 /slave...
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus.exe' /sssid:1224 /er_master:master_ep_24c229e1-7801-4567-bc7a-0289889a5365 /er_ui:ui_ep_e992e4ae-87f5-4fd9-8535-d868678cc446 /er_slave:avg-av_slave_ep_11437743-ae7c-4365-ba4b-30a7a1a1f2c3 /slave:avg...
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\aswoffertool.exe' -checkChromeReactivation -elevated -bc=AWFA
- 'C:\users\public\documents\aswoffertool.exe' -checkChromeReactivation -bc=AWFA
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\common\icarus_ui.exe' /sssid:1224 /er_master:master_ep_24c229e1-7801-4567-bc7a-0289889a5365 /er_ui:ui_ep_e992e4ae-87f5-4fd9-8535-d868678cc446' (со скрытым окном)
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av-vps\icarus.exe' /sssid:1224 /er_master:master_ep_24c229e1-7801-4567-bc7a-0289889a5365 /er_ui:ui_ep_e992e4ae-87f5-4fd9-8535-d868678cc446 /er_slave:avg-av-vps_slave_ep_b01578c6-7c4c-4fbf-afc8-2747c6a69c50 /slave...' (со скрытым окном)
- '%WINDIR%\temp\asw-c79fec96-9631-44fb-ad82-efcf5a7a96f4\avg-av\icarus.exe' /sssid:1224 /er_master:master_ep_24c229e1-7801-4567-bc7a-0289889a5365 /er_ui:ui_ep_e992e4ae-87f5-4fd9-8535-d868678cc446 /er_slave:avg-av_slave_ep_11437743-ae7c-4365-ba4b-30a7a1a1f2c3 /slave:avg...' (со скрытым окном)
