40dd915ee43a59273bd3aafe509c34aa43ddb57886810bfc2058ccf096e172a3

Analysis

max time kernel
1633s
max time network
1587s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
10/03/2024, 01:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

avast_vpn_online_setup.exe
Size

1.4MB
MD5

fe13cf35280e8af0a10a34c9ad680e64
SHA1

8d5d1afddb660faf47c5f1a38a3da3321157d9bf
SHA256

40dd915ee43a59273bd3aafe509c34aa43ddb57886810bfc2058ccf096e172a3
SHA512

27449f6ca2d667f305b8fdefa287e2bab3221e3dbe8915f7040500faff6d14ab049d1a0a940a77ead408555ef87a5b03ba655e2e5f765b49a4c8e3981365d35d
SSDEEP

24576:QqM0QHRzf+BooooEJ8GYgqGneBPuzBCxxAih0lhSMXlhebzCkAYt:k0Oz2BooooEJsgmPmBCxG/kb3AYt

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	avast_vpn_online_setup.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 3 IoCs

pid	Process
3628	icarus.exe
4092	icarus_ui.exe
4500	icarus.exe

Loads dropped DLL 1 IoCs

pid	Process
4500	icarus.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "874b4ee6-8382-435d-aa5c-419207e3236a"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAkN/ktm2rAkS+f/X3BojdGgQAAAACAAAAAAAQZgAAAAEAACAAAACWbqhOFWrcdrCc8Jf0UoHqKC6JgWpLPdlAeDecZJrnrQAAAAAOgAAAAAIAACAAAADImuPVDdMBdH7D71jX3nH58yn6xr8KBZGIlggO2k/7SGAAAADbW1Fs/lGGIvPJrVmt6RHAWC8/zaXgO/ueL0bcl/qgDComXmzvP1ABaVsNNJmpkbHLRpTlKSz1CbpZZUHLJjYgo9qgITEQTqK6aqgwPI1oQ6UGcqP+OMGnIxjXFIoVFUFAAAAA1IwfGWQXcPPkS7c3PQdqYTYqxHTZLHMdmuA2ggn7MGgb8xEKzXYZ7oD4QCnmcpqx4JZbq1wg9D7whhBW2eMaUQ=="	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "874b4ee6-8382-435d-aa5c-419207e3236a"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2"	icarus.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4092	icarus_ui.exe
4092	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 51 IoCs

description	pid	Process
Token: SeDebugPrivilege	3628	icarus.exe
Token: SeDebugPrivilege	4092	icarus_ui.exe
Token: SeDebugPrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe
Token: SeShutdownPrivilege	3628	icarus.exe
Token: SeCreatePagefilePrivilege	3628	icarus.exe
Token: SeShutdownPrivilege	4092	icarus_ui.exe
Token: SeCreatePagefilePrivilege	4092	icarus_ui.exe
Token: SeShutdownPrivilege	4500	icarus.exe
Token: SeCreatePagefilePrivilege	4500	icarus.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3660	avast_vpn_online_setup.exe
4092	icarus_ui.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4092	icarus_ui.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 3628	3660	avast_vpn_online_setup.exe	73
PID 3660 wrote to memory of 3628	3660	avast_vpn_online_setup.exe	73
PID 3628 wrote to memory of 4092	3628	icarus.exe	74
PID 3628 wrote to memory of 4092	3628	icarus.exe	74
PID 3628 wrote to memory of 4500	3628	icarus.exe	75
PID 3628 wrote to memory of 4500	3628	icarus.exe	75

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\avast_vpn_online_setup.exe
"C:\Users\Admin\AppData\Local\Temp\avast_vpn_online_setup.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus.exe
  C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\icarus-info.xml /install /sssid:3660
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3628
- - C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus_ui.exe
    C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus_ui.exe /sssid:3660 /er_master:master_ep_bb0b3193-3d67-4dad-b3b8-65ef54c9cb60 /er_ui:ui_ep_cdc2bb22-ad11-40a9-b1f4-a95abd2cb150
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4092
- - C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\icarus.exe
    C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\icarus.exe /sssid:3660 /er_master:master_ep_bb0b3193-3d67-4dad-b3b8-65ef54c9cb60 /er_ui:ui_ep_cdc2bb22-ad11-40a9-b1f4-a95abd2cb150 /er_slave:avast-vpn_slave_ep_e53f1a73-affc-4e66-85c6-82ff15bda40c /slave:avast-vpn
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Avast Software\Icarus\Logs\icarus.log

Filesize
44KB

MD5
69bb1de523a2570a1bfc06d662c4ef3f

SHA1
d80e4ccbba561d3cd655a11d0ba56dbf5ea3c04c

SHA256
969969d93a0f11527c5cb375c65e6a5b6c28aa88bfec6cd8504e942dd69b67b2

SHA512
0e15d4c276b7d6e604340646e22197fa1be0fa019048f0fdd1d95ce24a6460894f20dd24b23ee1cfd7ef2ef4a28e483df71625a6928b9bf5e16a76f18c6e3c16

Download Submit
C:\ProgramData\Avast Software\Icarus\Logs\sfx.log

Filesize
10KB

MD5
62cccae0818d54a4bcd07843b634322b

SHA1
6f50f20f1b6ed85e196eb738a45631aae400e2dc

SHA256
7c8971be6623f7ab779aa85b50bf4bdce9da5557b4d93b3d5e2526eb307579ca

SHA512
76afc96a2b4dc49cfb97d5eed4bfb74f2e3a19d7ef1ecd66deb4ece3cc1aad453425e450aa501cb8380e0ea5a0612eac73553e5a9353795defec513c3193b078

Download Submit
C:\ProgramData\Avast Software\Icarus\Logs\sfx.log

Filesize
10KB

MD5
8d3b86ac6ca527386ada7038b666a07e

SHA1
58c85764140bfe1fa144d62f028ee28e68212f25

SHA256
16b17e303315b73f69516ec4dff3931f4ce6fd7379e30dc90a16b6119c14cb08

SHA512
9bfb4c05704127f3eacffe426a6a3fa241bb12be24957e310ead131330abfe1a03324bcc2d479df37aac0a5acaa657ed701aa0e326b872350e101a57cd5217e4

Download Submit
C:\ProgramData\Avast Software\Icarus\Logs\sui.log

Filesize
16KB

MD5
0e37b8c532aabb3dec88bc2c2ba3c7fe

SHA1
32e33bd492cf4ecd0cb26cc8d48254c147ef408d

SHA256
171beb406f4a1fc024dfc0f7a91bcc3a82e251cdaa3fcd820917211fc8af684e

SHA512
48f9e6cb8441bf9e111da9cd4d80e2984c8e3e8112e5e33b63adb60ff3e5525afebe5ea5c7470349d5d3a245db9f7a6fb3fd60273dabd6fadd1752e499246ddd

Download Submit
C:\ProgramData\Avast Software\Icarus\settings\proxy.ini

Filesize
214B

MD5
d6de6577f75a4499fe64be2006979ae5

SHA1
0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69

SHA256
87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9

SHA512
cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
22417b5d5eb168147f2c237d658a7163

SHA1
6ae67daf07c0a187f397923ecba497e5ab01ed58

SHA256
f1945b77f21bf5b8174bc94d0d69d4446baffd6808185554f8ae541e4254ecb1

SHA512
392b79a63b451495cc81877c288c0068d6c159bf0d7ce9ac0cc290128e57a5a1ebe0569dcbab85433448b3c1928be03cf01300ec7ae99573cfc4ef8c4c9b3cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
6f56906bb1b2452d49f37ae4493f96a9

SHA1
c5b1e919c9fb5ed96c04ddf84c0d03073449c9e3

SHA256
0dfd1e74a7b91693cba32182c31c53af0c82db56ff6ab7aac26137089e3da8d1

SHA512
39595227fd6d4ea9495c1e08b34a8df7c5ea63ef805326e93c55e73c20b1617f3699a51e42520b2244a524d78130e36a8eeeceb69222677b1021c34781b3d7d9

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\bug_report.exe

Filesize
2.2MB

MD5
c99d5f2dd6bad3a34db26df52e44172a

SHA1
a14b346d64616de9e18f80db7e4d59979fefc677

SHA256
3662cd28c7d1c55c49e2ccbf872eb45e7266e9dbaf54b856750b921d045b9188

SHA512
222921b0528fe91a52e1671813fa15b4b3b63f2e8ed84e1d6f5797d45c48dc556b2182abd0b993ed91508d3781d542d18ed8e6f848f6d18d3735b6c3b6608210

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\config.def

Filesize
438B

MD5
98a7279694d8416c0439ae4dc7d817ed

SHA1
cb872492c840e22f7b9064d34ca073b3d8baf878

SHA256
04ffdcb7378e9cd2cfb7d8869ba39e6c4d68442b4afb1cf24fb631c11108961e

SHA512
09ee889725aec0e2d2881a02e740298eb5ebc7bd9b08efa4b65af8cf105ecef1acb4a9ba247b62ee35c17e8fefdb2ede575bd63cb8c6f593e9d9b8d285ac4b1b

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\dump_process.exe

Filesize
1.1MB

MD5
6526cc2f42187b4b6c34d1fbdc3da15f

SHA1
7c53fb157e0ef7a87d7110bc2f7c6a7f83803e05

SHA256
fa406fee2ed0889642ed968cc01e2d51a017d5e1c9d862b4cb6af3446f5c904b

SHA512
c9c79dd999dc9314db1c06a2e1f536bbb32c462f9866cc355bed32dfe729c185a82f69b830bf0933d26e4978d2c573ef9079f95041372f0af953cb3aa0716e3e

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\icarus.exe

Filesize
1.7MB

MD5
d957758c386347a1d41ea4f13d7684f3

SHA1
951575c69588a09bf7ef06837e76fca29c3790dd

SHA256
2a2ba2324d68f873dd70ab6c4eef9a2cb10c37b179b3d5e4473efb93891870f7

SHA512
8e0f9f1b701e61c4b2a43a895973def15aeb5cb66dd30d75a0236bfd6b603dafd92302da58bee95bd60677ccf5643f6130f22644605998cb09fca15694ec8198

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\icarus.exe

Filesize
2.4MB

MD5
0a341802739ccf54312a93f4b9a2d6a7

SHA1
1bf304dfca80f5dbe0adda452396f8345100e03e

SHA256
818d6f4282f3220dc4a40fff2b6cb637ac68fe46fda4e3da139b9e6b2562e553

SHA512
11c339840511b3bb3c685b98005342a8ff8ea339f27518a998fafaa935f62957f73dd4bbe72602d1b80d06e04b45ceebb210d50a855089b1eb50e7a8e4650b0e

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\icarus_product.dll

Filesize
57KB

MD5
f241d5dc6c4465f8912ef344b3dc9451

SHA1
e053f9ffc03e0c8119a19b7057cc76501a619214

SHA256
6f5570259cb6dd559f904a7d071bfd977beb8ae1ec516195bfdf1e3c41725b5e

SHA512
15a52aee0b9af874a61c113df906cf6c7d4e2a9cf53437401a50c968a57a5401ba625597a1b47dfdaf6d7043521f220923d699ef4ab028f332d006dd5b6d0fd9

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\icarus_ui.exe

Filesize
1.9MB

MD5
f183bfb830d51054484f88af4162e936

SHA1
bec8d8a98dbb81a4f5b86ead7158f49f44f84ccb

SHA256
d15e0014d88cde26546fd0b07171a387109732a0aa66b259bcf5e39f1b6c29b5

SHA512
a6dc41906757c90ea45011a35c8c6e93bf9d0cd5572dc2c4029fdd2cbf3316b920fa59da18f6ae21b4b8b18c010b26aa667eb67def0cdede0d9b9cfa5140606d

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\bug_report.exe

Filesize
2.0MB

MD5
b26275cfc05030699f222a64374908ef

SHA1
d61a800fbc9be0ecf21ac615043958cac4e1c495

SHA256
72d674f9333c1fef51a2512f1fc80cf25ea01c52710c216d114519b98b98e1a3

SHA512
125941de1fb8918e151d1d16486f12b52ef1f454969a8baedb908a9bda4a8e9dd08c480150e2114df847dee3027571b6a4a08e9d45eb2d178d63b8565056ef73

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus.exe

Filesize
4.0MB

MD5
e097ea8996c2c4a1c0bd48f5bf411eca

SHA1
ca2306d84e6ddea24b82b0185b1efc6fd8b9bdbe

SHA256
7b6fa55530810affe33468243184e259a0d08888e2e315db3c3589b18633f14d

SHA512
5fb79794b5d288afe809744e4f9ac8fdb8b42ea8a538c117283cb87bacd902f6a02fcd783fbc6c292c471bdf6b3ccabf570b04bea6fae34ccf0619639834a3cf

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus.exe

Filesize
2.0MB

MD5
702bb3cd6c1519a3b0052554cd662648

SHA1
eb50f1e3ac8f91ed7ec5f0b76c34099d2ab4bdb5

SHA256
6a6be948fb10126a6b38c9786b63673d6e542b83498c1fb261cbcb4e0c667f89

SHA512
2038ff0883a37da2df18c3d580c2970943959d83eb222c2ff16000a40c9f5ee2cbfd8de20db291bb55dc0782e82cd6f911f6b8e7b32a831ff90982aca1d24a9a

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus_ui.exe

Filesize
2.6MB

MD5
a4be5705535d72d3c2752d7fe40d68cd

SHA1
84b520cf9db46837e210534d2e1c1225fa0275f3

SHA256
5a8eb006aa6443a0e10ba46dae0d762d2f4be83be3445b9e1e0743411ec23a72

SHA512
928e490f5eb395bc7cebc7e08eb8b2f80088e530c9144db62259ad6f20e4daf026ee46846fd94816d2d22d30ed5f3e80fecb744494d6a83060e91c8c60dcf412

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\icarus_ui.exe

Filesize
2.1MB

MD5
8e5136d883497ebd97f03a661773d1c2

SHA1
a26fa846b35454cc38fc13714f18e675826256f2

SHA256
be178df0311cc3869019232d064a8276d790eb6315829b3e553800bf768015bf

SHA512
2457cca9622f7a3c773853e5803826e639a871b675f4bb954310092438e6edaf85291ec539817b17f7b2797479e0ba0f5486aceb8c69c9198ac4693deb635b6b

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\product-def.xml

Filesize
226KB

MD5
fe3809de42a627031b2f721ac685e5e9

SHA1
f2dc62066393edc4c8fc76dfedcf85b7226c3ce6

SHA256
abc5957b1480399d2d5a4d877c981be930c7a2e9989c7ac91b280c18ee8608c1

SHA512
bc64a036b2e6238a4c1fceec8be17eaeac2fef3bb493ca50c44ec5583ff951c00272f05336c07deb95f4067312775db1a59a350bb4aa618f43680552f75f0339

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\product-info.xml

Filesize
8KB

MD5
659aefcfba62708f4a0f49f900875ca7

SHA1
38986a9a2577db3fe80f6739d32548a06b51f68b

SHA256
68229887fd84e4c97e04469473a1dd2e6a19a872bc157785574f422605a224fa

SHA512
1b06ffc2b72d5ba91675da8861191a10f022c7eac5e85c73e19aeb4bb97f7370e01802fd4112a49b8b28520723dac3d3c719b5f8cee11887f86abb879a818223

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\common\setupui.cont

Filesize
179KB

MD5
42607a78d51acb232f7b5aee35c81584

SHA1
59c5901a444d7916b0416e04fcc6810b1a967de7

SHA256
151e229cf01879fc31f211070ed50a46e556d37e5a91c40027a81181b28f6c4e

SHA512
27ab2ebdf8543449ac4a1e4f3aebc5d6e7fecf4a6868981b8519b6bc69f1344dedad792e6651746317e8d91d797ec912bece1023e774dc5bb9626e13c3ada606

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\ecoo.edat

Filesize
46B

MD5
63ad4623a90addc7f59f1fb7b2dd731a

SHA1
37e0ace9a2000c9ef3e31c2cbd9d843ab5aaaaa7

SHA256
9875a9f9a7e58e8c8132f215a3fdccd4d1fb6deff82ab1a30ce6ccf921248f5f

SHA512
6e187298235bb26726c233c60c919c7236a9ca5554f0dd57d4c7742af765726fbd44dd4755c69d6eb136017a0279546ec0c88c1769f861d7c55a5c275f0c2590

Download Submit
C:\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\icarus-info.xml

Filesize
1KB

MD5
b990b7fc18d85a24c14aebd08531b4dc

SHA1
e4e0df29c5d395119b659b922f427d27c93e3a74

SHA256
ff084226a254322c9a5d6425e25b779450942c32df6f4a80f6ca76f619881a78

SHA512
3b897ddeae5621e5a11b81b76f5cf827e8511d58ef52ea5574ea64a1778d58543c49259353edb61a0c7d42dbd38b3e7372c8e67048c14c9892e0cba1c528afd9

Download Submit
\Windows\Temp\asw-dda8604d-ad39-4a0c-b94d-a534346453af\avast-vpn\icarus_product.dll

Filesize
962KB

MD5
81f5e22e4474941ca8fb2a73cdb50df6

SHA1
0f741d44b25a5a65f1f369a688906fa50676e7a0

SHA256
5d61f6af7df1c79116498ed1614290d6f066dc3fae7291cf2e85b7153febea7c

SHA512
78e1e965428f246e60e5099665ec2673beec14af517564f0a22cc19006ae43ca290f3a235696a1835291df82fe51f75e814785df6f1361d1d6606d13d0275ee1

Download Submit