0dbc254fb42ccb7eab3122ec98798233d83327b2d19e2a45706cb79101a843e1

Analysis

max time kernel
139s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Size

1.6MB
MD5

678507e1459f47a4d77aace80d42d52d
SHA1

80703904ffc940857ec8a10aca910b4eb26c6965
SHA256

0dbc254fb42ccb7eab3122ec98798233d83327b2d19e2a45706cb79101a843e1
SHA512

087d046dc4fb5e2bfb74bb16fa56e7d16c7f5aad19e4f14992dc167590f270d2d1b8da7e44172765999964a387488e0f64a813671e759d5a8bd958ed167fbe93
SSDEEP

49152:QN2OR9WF/G/ooooEYOKOhBVWKoJhymxwSe4v:i2FF/GYhBVWKoi3

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

icarus.exe2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus.exeicarus.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 7 IoCs

Processes:

icarus.exeicarus_ui.exeicarus.exeicarus.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid process

2560 icarus.exe
1212 icarus_ui.exe
472 icarus.exe
3712 icarus.exe
3628 aswOfferTool.exe
632 aswOfferTool.exe
2052 aswOfferTool.exe
Loads dropped DLL 5 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus.exeicarus.exeaswOfferTool.exeaswOfferTool.exe

pid process

560 2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
472 icarus.exe
3712 icarus.exe
632 aswOfferTool.exe
2052 aswOfferTool.exe

pid	process
2560	icarus.exe
1212	icarus_ui.exe
472	icarus.exe
3712	icarus.exe
3628	aswOfferTool.exe
632	aswOfferTool.exe
2052	aswOfferTool.exe

pid	process
560	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
472	icarus.exe
3712	icarus.exe
632	aswOfferTool.exe
2052	aswOfferTool.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

icarus.exeicarus.exeicarus_ui.exeicarus.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe

Modifies registry class 13 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus.exeicarus.exeicarus.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "f329ad4e-e697-4cae-a94c-899fd18251de"	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "f329ad4e-e697-4cae-a94c-899fd18251de"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "f329ad4e-e697-4cae-a94c-899fd18251de"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "f329ad4e-e697-4cae-a94c-899fd18251de"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAADgrRqCyPYkGujgNq3583jAQAAAACAAAAAAAQZgAAAAEAACAAAADeipa4kdMHFKKZWP6TK8M9RpqO9iPd2YhfsqfAqbp63wAAAAAOgAAAAAIAACAAAADHpXb+qHZOIf/Cd1/2pGKHiE6UY9+Utqva/Yeyb2vIMTAAAAD+213wQnCeA8DZsWbzu5nJB3j87gt51s/xeGFtgWGdQMlBvvf8NxR7Od7mHR1+G39AAAAA4u9b+xBE/fkkR+J9UcCRDXZRqwRB4UygILDToTmK0j59a0Mun5rYFq6V9be4oi5GVDyn8LlYt+1Gyhh8mefBaw=="	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

icarus_ui.exe

pid process

1212 icarus_ui.exe
1212 icarus_ui.exe

pid	process
1212	icarus_ui.exe
1212	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

Processes:

icarus.exeicarus_ui.exeicarus.exeicarus.exeaswOfferTool.exe

description	pid	process
Token: SeRestorePrivilege	2560	icarus.exe
Token: SeTakeOwnershipPrivilege	2560	icarus.exe
Token: SeRestorePrivilege	2560	icarus.exe
Token: SeTakeOwnershipPrivilege	2560	icarus.exe
Token: SeRestorePrivilege	2560	icarus.exe
Token: SeTakeOwnershipPrivilege	2560	icarus.exe
Token: SeRestorePrivilege	2560	icarus.exe
Token: SeTakeOwnershipPrivilege	2560	icarus.exe
Token: SeDebugPrivilege	2560	icarus.exe
Token: SeDebugPrivilege	1212	icarus_ui.exe
Token: SeRestorePrivilege	472	icarus.exe
Token: SeTakeOwnershipPrivilege	472	icarus.exe
Token: SeRestorePrivilege	472	icarus.exe
Token: SeTakeOwnershipPrivilege	472	icarus.exe
Token: SeRestorePrivilege	472	icarus.exe
Token: SeTakeOwnershipPrivilege	472	icarus.exe
Token: SeRestorePrivilege	472	icarus.exe
Token: SeTakeOwnershipPrivilege	472	icarus.exe
Token: SeDebugPrivilege	472	icarus.exe
Token: SeRestorePrivilege	3712	icarus.exe
Token: SeTakeOwnershipPrivilege	3712	icarus.exe
Token: SeRestorePrivilege	3712	icarus.exe
Token: SeTakeOwnershipPrivilege	3712	icarus.exe
Token: SeRestorePrivilege	3712	icarus.exe
Token: SeTakeOwnershipPrivilege	3712	icarus.exe
Token: SeRestorePrivilege	3712	icarus.exe
Token: SeTakeOwnershipPrivilege	3712	icarus.exe
Token: SeDebugPrivilege	3712	icarus.exe
Token: SeDebugPrivilege	3628	aswOfferTool.exe
Token: SeImpersonatePrivilege	3628	aswOfferTool.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus_ui.exe

pid process

560 2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
1212 icarus_ui.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

icarus_ui.exe

pid process

1212 icarus_ui.exe

pid	process
560	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
1212	icarus_ui.exe

pid	process
1212	icarus_ui.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus.exeicarus.exe

description	pid	process	target process
PID 560 wrote to memory of 2560	560	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe	icarus.exe
PID 560 wrote to memory of 2560	560	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe	icarus.exe
PID 2560 wrote to memory of 1212	2560	icarus.exe	icarus_ui.exe
PID 2560 wrote to memory of 1212	2560	icarus.exe	icarus_ui.exe
PID 2560 wrote to memory of 472	2560	icarus.exe	icarus.exe
PID 2560 wrote to memory of 472	2560	icarus.exe	icarus.exe
PID 2560 wrote to memory of 3712	2560	icarus.exe	icarus.exe
PID 2560 wrote to memory of 3712	2560	icarus.exe	icarus.exe
PID 472 wrote to memory of 3628	472	icarus.exe	aswOfferTool.exe
PID 472 wrote to memory of 3628	472	icarus.exe	aswOfferTool.exe
PID 472 wrote to memory of 3628	472	icarus.exe	aswOfferTool.exe
PID 472 wrote to memory of 2052	472	icarus.exe	aswOfferTool.exe
PID 472 wrote to memory of 2052	472	icarus.exe	aswOfferTool.exe
PID 472 wrote to memory of 2052	472	icarus.exe	aswOfferTool.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:560

C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\icarus.exe
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\icarus-info.xml /install /sssid:560
2⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2560

C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\icarus_ui.exe
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\icarus_ui.exe /sssid:560 /er_master:master_ep_19246600-aa60-4139-9f95-89fad70b7887 /er_ui:ui_ep_8f29fdf5-042a-462c-8316-af0d336a893f
3⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\icarus.exe
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\icarus.exe /sssid:560 /er_master:master_ep_19246600-aa60-4139-9f95-89fad70b7887 /er_ui:ui_ep_8f29fdf5-042a-462c-8316-af0d336a893f /er_slave:avg-av_slave_ep_31b9e03e-a49f-4042-82c2-19709bd09f8d /slave:avg-av
3⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:472

C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\aswOfferTool.exe
"C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3628

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:632

C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\aswOfferTool.exe
"C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\aswOfferTool.exe" -checkChrome -elevated
4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2052

C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av-vps\icarus.exe
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av-vps\icarus.exe /sssid:560 /er_master:master_ep_19246600-aa60-4139-9f95-89fad70b7887 /er_ui:ui_ep_8f29fdf5-042a-462c-8316-af0d336a893f /er_slave:avg-av-vps_slave_ep_1ea842f2-809e-4b21-8232-6680d0ccc1ce /slave:avg-av-vps
3⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
62KB

MD5
846ef462d35ee5bd8ecb3a54592b9ccd

SHA1
4f7af1eb8857c8ea477195b74e957eaf0c4be25d

SHA256
5f2cd0d142131120ef6aa39373e83451db51f61b2a7058223f55dca62129f46c

SHA512
c2469d533ff96b30d693b62409c643ccc52a23bd29a4744d3124fe5def9a96b34c78b57ec04fb5bf9e131130d3059ec635e65b94731f74be0c230cb983d9c184

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
62KB

MD5
2dd45d870f19dd591922441a84432642

SHA1
b38720ef966b90c713056530b94f3a2e36562178

SHA256
53955fedb2252dbf5de06aacc5adf332fb2e83b8cd863efe3037bd489ef58d59

SHA512
82be5ded6f5ba455faab21fc8c0dea3805a9f1286a1ac3bae7158e96e5fe1ec05676622e20db687c0499455862d622f5cb6634e9a09ddf591d58008995f6ca43

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
174KB

MD5
a91029bd184b1205c192f9cbb29edb3a

SHA1
48afa0190795c8691740b2643289177b2966178c

SHA256
b19201a622c2d5c6207a25ae4a9b2752ed4afa23cbfb1f4efbe01338c2b823bf

SHA512
8071b1e3bf2c92d877d3ef324ed9265e2d7e619853cfd10f60279cb405642c4b468d2ff50efdff69362d70de0863cb6d9fb4a430564e0f6aee69009edd05bac2

Download Submit
C:\ProgramData\AVG\Icarus\Logs\report.log

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
11KB

MD5
c20bf65681d7c9dc4b54caac3eeb14b0

SHA1
3a48c7491ed79527a278186152b0b592458490d4

SHA256
c6da51a5e81cf78f9aabf018ee4ff7ff2b917c306863aaa2b8ab1955d91af4e7

SHA512
d8fd1cc3ec5e80d18861f1fdd38168e2d745ff50657e5f68a07af0197c19c5b1d13a4122025ab59e13925c3f256f35a72088c6b9025b749526a0eecad8f389d2

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
13KB

MD5
392a8fe30c91ce5cab7331ebb8410982

SHA1
a5f047e51c3ead48595e63a845f8c47f5942c458

SHA256
61086a1785f3f8940ea0cb20d101ca52ce4e42d4ff357b42037ee73f028a1b6f

SHA512
4c52d852bbbe1c85aaef06f91d197f445194bb2af4985c88f50c7248f44ac3da0410279512d891fc26496f42a2604da263adf7f0456527f76ec8fcf7d4f459f1

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
278B

MD5
b8853a8e6228549b5d3ad97752d173d4

SHA1
cd471a5d57e0946c19a694a6be8a3959cef30341

SHA256
8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9

SHA512
cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
168f03c5c241049561d93853fa2304dc

SHA1
ee086aa5bc60436a75015003cb2dd27ae57620ff

SHA256
374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e

SHA512
169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
38f0e791f93ad720b268d5bcc003ae5a

SHA1
03731548bc6e0e71e91bc1336c209561c3d73a69

SHA256
331448d691ee042feb9c96d79ed28ce0718893743adea9163c835053af7600b3

SHA512
91fd5e89c377e10b38e0a89ad8dee73a52f6297e319b73a984a520242b1c5db1fd5d906279b5ee11335cc4fe8a7bb1e980b5e36a232888614f53d8d9fb982302

Download Submit
C:\Users\Public\Documents\gcapi.dll

Filesize
867KB

MD5
3ead47f44293e18d66fb32259904197a

SHA1
e61e88bd81c05d4678aeb2d62c75dee35a25d16b

SHA256
e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905

SHA512
927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av-vps\config.def

Filesize
583B

MD5
88b8bbca6adfb658e9f64786290b1508

SHA1
a7e19f0be671882e7c0de8d546482d20045139de

SHA256
a98977649c4c1e25f732e3023515cac1cf5d54df88d58c170dde6f895bc695fc

SHA512
b7329cac2951e04645771d207dc0c095fe81dfa17bd3df185f4da1e1cc4f726750a48921fd97345b6777638e212624d4f0d3824d39f363d9421bbbffd44f3968

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av-vps\icarus_product.dll

Filesize
856KB

MD5
d428d101ceb8f6920115c6303577d3cd

SHA1
9f5ce80423540f1eab82e7af5c51f5a64cfdae1c

SHA256
5eb025c377218709a8a53743f910e4d2aa86fa28e1cd9e60b5db6270d5af3faf

SHA512
9b0cceea15ad2aefad7439de00b3f4cd5a822b060c0c45a47fda56764084e4bfc7954b1dc88b80bba04828dda09066edb4f888480d8cffa9d78408d8aa0e0503

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av-vps\product-def.xml

Filesize
58KB

MD5
54bf9f03ce1f9d59b7a2824dda1c1dd7

SHA1
0202395296f71303be0c47f7cc0af68d78d49f3c

SHA256
48811b526bf1c87df01bb9d06dbdc17eae026796b9257ca0fda8499a3cc7e9e6

SHA512
ab7849aa839ea5c4948e722b6d795f33184bcd5b9665f527fcc6218072ca6186d82bf322e769e541460db48eb75b92ee8b3c0d16d9705165440020200b76fabf

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av-vps\product-info.xml

Filesize
5KB

MD5
a62e3b91316e822c1ec827d5a898b331

SHA1
22873b77a7e51228b64304358aaa41b0fcce7ce4

SHA256
ef98b737e1a1fcc5a4f9930d9d2e259d2a1192d124b6c42b8e7d3269c22eb042

SHA512
fabe3e0f28852dbabb4b570876e17a6285c11fecd8d847e3021b63257ae2a524924bbc43855ac2aaf932bbb7bac8a00b7489c2a15ed3b5b14729581a25a5069e

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\aswOfferTool.exe

Filesize
2.3MB

MD5
540ba85561d8f29851603be4faab266a

SHA1
88caf855b9eef93980277312321951e1675e2035

SHA256
4aa31f81f324df466e31325ffd707dce1780ebef732cc8d2ce6ce02d7140173b

SHA512
293f33ebe731c3aac5b1a981a2f92952b28199b968080a0f0822b0f262e215c776bd7c8549284bb17e811bee89fd6886c8a96e28cc509a0e954ad88bcd76f618

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\config.def

Filesize
757B

MD5
264d61ef38e6f06891da07c11bf71436

SHA1
e4a258aa41ce4aaacdfa7f5c0f6f11d4859fe1b2

SHA256
96976bd5ecb653aded30321685e44a59886901652c031de101e3a13326d61387

SHA512
c818737bcb76b4d50673c8007118320f0b6081108f4934016a04167d5a8f4835393274438769e05276c5db79c5d9f5e4e3748788a1439c974bdf16b3d5dd6890

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\config.def.edat

Filesize
20KB

MD5
8b374b550adbf0e900f081394490e8a6

SHA1
c99ddd3cd3c107624d891901704da201b6c34975

SHA256
f3b71692fdbbcd129b14c8ceedde570d7f15154de92bafd0fbfc5914c7aa3b3d

SHA512
8357bfdeb55c29292cdabe56b1afb6aa0a5c0e8f8e60c0bd6f0a2a5e95ab24142745a9b595dd557372af52945f5a567a8741224c10b2329e2abe2f2d2bea4ab4

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\edition.edat

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\avg-av\icarus_product.dll

Filesize
6.0MB

MD5
3de8201916344b1a766908e492bd1019

SHA1
2dbdd5a0d85fdbc46892cfeb576ef559f022807f

SHA256
e3ef98cb25785ff1df992b116eb238a80eab17977c72f7dcd8bfeb15981c3371

SHA512
370b33e3f5aadc5a33971c143f200e2bc14e7718b154cf0707f2d6b640734369f64cb594b444231c652b9ff03917a3899e9924274458f48a764276ea5ae859f9

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\bug_report.exe

Filesize
4.7MB

MD5
31e948ad14e9e68685c69b3d46d71b38

SHA1
9136c6b0e0f266132e9e802d3e5e9f510ea608ff

SHA256
5445a6af3bf675fb142d6dd3365c3d1f65967338bfdce8596543c1bcc1a88a46

SHA512
b20fae2a75b757a502c7f261571a6ae1ff1bf98fb0719abba8a3de27685dffd4e7564c06624fbe2b51d2eb7c39be6de76f88026276128710d7e26be7c2d12043

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\dump_process.exe

Filesize
3.3MB

MD5
b31e22903a16d20d86a80febf8007aae

SHA1
110207bba3f797e6db6256ab9146475ba95c57ef

SHA256
ba2f161b7f85a9d2db0a6d624b45543fe2d25f58419b588d2af767a571fea7bd

SHA512
28040932cd268fd064626b9c078f33e28d5f63806066af342f6752a86dbc4d6a3df26a0c4d4be63626e9bde5ddf9138248f5e4dcc0c588141369049c485ae39d

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\icarus.exe

Filesize
7.7MB

MD5
0cd5718f7f5f8529fe4ff773def52dac

SHA1
9ba08a6246011359f5493856ad5fc0355e0de4f5

SHA256
d52114b057504439df11368add0a66b037622f24e710731b1366efe271c9df78

SHA512
a2218dcd6f0a0e676c23106bd717b5eb22614b3900bee5d47ea80e1acc4b87859e6f6dfb63c0d3cdf3ec4f37c12407ef56c2c7964ae141b393c7e94368ca820a

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\icarus_mod.dll

Filesize
14KB

MD5
934c0e7759e708657c2f77eb75902ae0

SHA1
43a6abed472ca7d8d002e045031f900c4a67f9c7

SHA256
b9ca3d2e44af8cf61696ab10dd5bbd16ada02a32207e4ca454a4b9de6e472f2b

SHA512
2c34f98a5020496d1ba7529c5a1a36d6f0938edddb02d75a189e83be02de22bbb563a586bf8c3e090b510c0f24e586447ab237bfff09b166f49acca052d71e07

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\icarus_ui.exe

Filesize
11.7MB

MD5
cf058eaa95ead820532b59b686023e53

SHA1
49709cb9b40fa558e67e24357251dfe9041fc6b9

SHA256
66dc1ddc009eeac0da023172a5410a05d44324907f91fe4258420a9d17f7e859

SHA512
6b93b0f4c8b487ccfe6b687c47555b2124636d216cbb38cab0f387a1c51c19392ec026c60f023b3664c03d0414d663a5935060bd223344df3acb7dbd6971bc6f

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\product-def.xml

Filesize
1.3MB

MD5
7536a42465eaf94530982f592ee00f1f

SHA1
2c812dd88f83498f4a7fd9f1f801fb776dd2ad76

SHA256
2d97b73e44eddccbea3bc8edd9c1f3d2f2f242b4ee9d4792be50a0370c31fc46

SHA512
e045c2ae75a203c0771566050144f8bd63fac7098b0f24d02fe25dfaea3c08f640552d22f66f0d36b2fb4d5ce02d5be01694b7ba61b39dabe4843d74f6746b1c

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\product-info.xml

Filesize
9KB

MD5
bbe3743aeb4c47fecc4c94b9d5cf7d27

SHA1
067c289e203fab588aee2aa5dd2f3791e791adb3

SHA256
70c4b4989bcff73809711ccca4ac1bd0459c0814929398c23b6239c04c680f77

SHA512
72d231e4aa1d07f898470147f319dc011368dd89bc2aaeff19f27690bb4ff408e61c3855eeac8d9cdb5db910144c4f7e27a8983116598c0d5d8b705c98bf05de

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\common\setupui.cont

Filesize
381KB

MD5
1a91f1db1b66709aaf1a7373860791c0

SHA1
aaf8435a3379aea3272172a9d1b5c4d75b111e05

SHA256
4c3e3fd5b5731973696377d11d8b11553b039e1facbe1d652477178599ded37e

SHA512
65e4f888abeb06f84d885b31ca830eedbffbea5fe3f0e30dfba6fb47c8cfed18af61b726858281885fdd74b408e5f9587a267b114f9d35ddb3074ed02a7303f9

Download Submit
C:\Windows\Temp\asw-87d049a5-dcd0-48a7-a307-10fc29cb1d83\icarus-info.xml

Filesize
1KB

MD5
d33c569892ec7fe8f924a73596aa2224

SHA1
8d7a3afaaf9b611167d252dd803faec2bd324e68

SHA256
c8189bc4ea86cf3e1672d3bdf3e5d2e7c6ff0217c14320aa511b70cf86072fad

SHA512
758d7b01c5cc592f9d6e84f7fad264bcf60a5bfd60a93311055c5c394b51e3ccd57c79de73131ec2fe32f3618907138ffbc8a984a6bd941ba4f2c37a16cb9e52

Download Submit