Техническая информация
Изменения в файловой системе
Создает следующие файлы
- %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log.tmp.503cea83-982a-4732-b205-6bee844ac0cf
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\setupui.cont
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus.exe.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus_rvrt.exe.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus_product.dll.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\dump_process.exe.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\bug_report.exe.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\product-def.xml.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus_rvrt.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\product-def.xml
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus_product.dll
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\dump_process.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus_product.dll.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\bug_report.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus_rvrt.exe.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\aswoffertool.exe.lzma
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\aswoffertool.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\bug_report.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus_product.dll
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\product-info.xml
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\config.def
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\product-info.xml
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\config.def
- %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log.tmp.f981c43a-17b1-4ecc-a84e-dab251c6b1e9
- %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\gcapi_17235086681600.dll
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\bug_report.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\product-def.xml
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\dump_process.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus_ui.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus.exe
- %TEMP%\d566d7d7-dcd6-471c-8109-be0ad33199e3
- %TEMP%\6358c710-b89f-46b9-93f2-f6cac44f5286
- %TEMP%\f07d8c6a-04b6-4025-869c-70a788d7b5c0
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\ed9fc918-f58f-4937-937f-b73d31c1d7e6
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\icarus_mod.dll
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\product-info.xml
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\7f857ab0-de1a-452f-963e-7bd95dcc74ac
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\icarus.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\8324351a-70ce-4b32-a5d1-8f6651104c09
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\icarus_ui.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\d017dfac-fc0e-437f-b74b-4341b3b32da9
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\dump_process.exe
- C:\users\public\documents\aswoffertool.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus_rvrt.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\804fa863-892d-45bb-b03c-f0dfe801659b
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\product-def.xml
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\889a2eb5-7912-4335-9ad0-c9f23e53eceb
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\setupui.cont
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\edition.edat
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\config.def.edat
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\icarus-info.xml
- %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log.tmp.a1ce66f9-1630-44e3-acbf-e9cd78697da5
- %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log
- %ALLUSERSPROFILE%\avg\icarus\settings\proxy.ini
- %ALLUSERSPROFILE%\avg\icarus\logs\report.log
- %ALLUSERSPROFILE%\avg\icarus\logs\sui.log.tmp.a32e8506-b556-4dd9-8d53-497b2bafb431
- %ALLUSERSPROFILE%\avg\icarus\logs\sui.log
- %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\3b28a52f-195b-4410-a9e1-66cf6cb6e51a
- C:\users\public\documents\gcapi_1723508669852.dll
Удаляет следующие файлы
- C:\users\public\documents\gcapi_1723508669852.dll
- C:\users\public\documents\aswoffertool.exe
- %WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\gcapi_17235086681600.dll
Перемещает следующие файлы
- %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log.tmp.503cea83-982a-4732-b205-6bee844ac0cf в %ALLUSERSPROFILE%\avg\icarus\logs\sfx.log
- %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log.tmp.a1ce66f9-1630-44e3-acbf-e9cd78697da5 в %ALLUSERSPROFILE%\avg\icarus\logs\icarus.log
- %ALLUSERSPROFILE%\avg\icarus\logs\sui.log.tmp.a32e8506-b556-4dd9-8d53-497b2bafb431 в %ALLUSERSPROFILE%\avg\icarus\logs\sui.log
- %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log.tmp.f981c43a-17b1-4ecc-a84e-dab251c6b1e9 в %ALLUSERSPROFILE%\avg\icarus\logs\event_manager.log
Сетевая активность
Подключается к
- 'an####ics.avcdn.net':443
- 'ho####.avcdn.net':443
- 'pk#.goog':80
- 'an#####cs.ff.avast.com':443
- 'sh####rd.avcdn.net':443
TCP
Запросы HTTP GET
- http://pk#.goog/gsr1/gsr1.crt
Другие
- 'an####ics.avcdn.net':443
- 'ho####.avcdn.net':443
- 'sh####rd.avcdn.net':443
UDP
- DNS ASK an####ics.avcdn.net
- DNS ASK ho####.avcdn.net
- DNS ASK pk#.goog
- DNS ASK an#####cs.ff.avast.com
- DNS ASK sh####rd.avcdn.net
Другое
Создает и запускает на исполнение
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\icarus.exe' /icarus-info-path:%WINDIR%\Temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\icarus-info.xml /install /sssid:776
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\icarus_ui.exe' /sssid:776 /er_master:master_ep_ea0321a3-e668-4a90-8f5b-88d84c75c413 /er_ui:ui_ep_c63478c0-2211-4d76-a1f1-8f4c8956f3e3
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus.exe' /sssid:776 /er_master:master_ep_ea0321a3-e668-4a90-8f5b-88d84c75c413 /er_ui:ui_ep_c63478c0-2211-4d76-a1f1-8f4c8956f3e3 /er_slave:avg-av_slave_ep_7cbe8490-2992-42f2-80c3-cd1392d37bac /slave:avg-...
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus.exe' /sssid:776 /er_master:master_ep_ea0321a3-e668-4a90-8f5b-88d84c75c413 /er_ui:ui_ep_c63478c0-2211-4d76-a1f1-8f4c8956f3e3 /er_slave:avg-av-vps_slave_ep_970bcc2f-7af7-4741-bbfe-9479e00743ce /slave:...
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\aswoffertool.exe' -checkChromeReactivation -elevated -bc=AWFA
- 'C:\users\public\documents\aswoffertool.exe' -checkChromeReactivation -bc=AWFA
Запускает на исполнение
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\common\icarus_ui.exe' /sssid:776 /er_master:master_ep_ea0321a3-e668-4a90-8f5b-88d84c75c413 /er_ui:ui_ep_c63478c0-2211-4d76-a1f1-8f4c8956f3e3 (со скрытым окном)
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av\icarus.exe' /sssid:776 /er_master:master_ep_ea0321a3-e668-4a90-8f5b-88d84c75c413 /er_ui:ui_ep_c63478c0-2211-4d76-a1f1-8f4c8956f3e3 /er_slave:avg-av_slave_ep_7cbe8490-2992-42f2-80c3-cd1392d37bac /slave:avg-... (со скрытым окном)
- '%WINDIR%\temp\asw-684937bf-948a-4435-8434-f8f4abd0c080\avg-av-vps\icarus.exe' /sssid:776 /er_master:master_ep_ea0321a3-e668-4a90-8f5b-88d84c75c413 /er_ui:ui_ep_c63478c0-2211-4d76-a1f1-8f4c8956f3e3 /er_slave:avg-av-vps_slave_ep_970bcc2f-7af7-4741-bbfe-9479e00743ce /slave:... (со скрытым окном)
