9f2f081989e20254a1523b509c9ca423133d29b501b05d1cd78535910b38435d

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe
Size

1.2MB
MD5

75e06ec160a3e36aa865bb82ef5388db
SHA1

6fdcf54040d8765152dff9be9b3d2521a1f435ab
SHA256

9f2f081989e20254a1523b509c9ca423133d29b501b05d1cd78535910b38435d
SHA512

9532ae171caf3230d8c9869f8e746fb0fff619b5995a71ace6096ad1b6173a8372d9236a5f2bde05d95aacba1f467dcab6957915b6a73d1a2eb8d2194d47fcb7
SSDEEP

24576:QT5G7jVW86sv5dfGgggg84NlBqGKZ4MjCw9no1B4e4VQ1ILJ:akVD5v6gggg8uKGKZRjdo1qe4m1ILJ

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 3 IoCs

pid	Process
2920	icarus.exe
1904	icarus_ui.exe
684	icarus.exe

Loads dropped DLL 6 IoCs

pid	Process
1160	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe
2920	icarus.exe
2920	icarus.exe
2920	icarus.exe
2920	icarus.exe
684	icarus.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA3xIr0hsIKEuRLlrnnV/GMAQAAAACAAAAAAAQZgAAAAEAACAAAAAgv6d5XqMWPHsgy4EYzHhKUPgWlbIsP9awWPtXadi+NAAAAAAOgAAAAAIAACAAAAAOreBKlp4WiZK4TbYuQ6CtfRjzI3NulL/zg2fkButAiGAAAABGepbVusK8NIl6pJN1aJ3IW9DVEPTz5o99YzsFydi6qXv8Oab3ct2b640sWb4IW8xp23g4QVgNV9mwO1mCLKuv7vbyb6wRKvstmTxC7iwGldskvHf+2b6Suy6uxBrEMnBAAAAAcf/f6GgURWx+ZGIEDTbwxj6T6I7Y/IYj3HrgGk6PdrSHjcKfLxV31OInqW/ruJWR5kGL3g9ID/wWUsg5ec1Icw=="	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "dc33938a-568c-41dd-bfe3-d21056607007"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2"	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "dc33938a-568c-41dd-bfe3-d21056607007"	icarus.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1904	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2920	icarus.exe
Token: SeDebugPrivilege	1904	icarus_ui.exe
Token: SeDebugPrivilege	684	icarus.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1160	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe
1904	icarus_ui.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1904	icarus_ui.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1160 wrote to memory of 2920	1160	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe	28
PID 1160 wrote to memory of 2920	1160	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe	28
PID 1160 wrote to memory of 2920	1160	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe	28
PID 1160 wrote to memory of 2920	1160	2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe	28
PID 2920 wrote to memory of 1904	2920	icarus.exe	29
PID 2920 wrote to memory of 1904	2920	icarus.exe	29
PID 2920 wrote to memory of 1904	2920	icarus.exe	29
PID 2920 wrote to memory of 684	2920	icarus.exe	30
PID 2920 wrote to memory of 684	2920	icarus.exe	30
PID 2920 wrote to memory of 684	2920	icarus.exe	30

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-28_75e06ec160a3e36aa865bb82ef5388db_magniber.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1160
- C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\icarus.exe
  C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\icarus-info.xml /install /sssid:1160
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\icarus_ui.exe
    C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\icarus_ui.exe /sssid:1160 /er_master:master_ep_d0b41e76-2e85-4054-9294-fb2ec1434be6 /er_ui:ui_ep_51b8f5ba-e110-416e-a1d1-71d4a1c6ac84
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1904
- - C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\avg-vpn\icarus.exe
    C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\avg-vpn\icarus.exe /sssid:1160 /er_master:master_ep_d0b41e76-2e85-4054-9294-fb2ec1434be6 /er_ui:ui_ep_51b8f5ba-e110-416e-a1d1-71d4a1c6ac84 /er_slave:avg-vpn_slave_ep_7f5780b8-3baf-4e46-a162-74d16d83a53d /slave:avg-vpn
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
44KB

MD5
76e668f35f1d31a10caa9d9be313467a

SHA1
64e246a3c47c43d97bcfd334e77e0f2c67d2f699

SHA256
8a38db12dc674c7b9f34cddf5f5178fc23c37f2fe1967024e71cfedd33e266fa

SHA512
0209289edadcda13ab5b49a6555951c1ad932383b1afc79f9aabef936a72f55069e398fbc79cf6d6f3fab29a280bea05b8de376cb9048015acd2712ab186edf4

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
8KB

MD5
348ab07539a3a491ff3f864dc26d30c6

SHA1
de3c64a5935ba23610b0b1fae1a462e39f364547

SHA256
7892ac4958cae837d4c51ceb90c940e90d67406c4508d58fd39a4aa991279ff5

SHA512
8430c1ee85f9a60e53759fa3ed29585edc08f5c498f5d2ef194e711b3f221d272543e42513cdcfc807adf81965a5e219d003cbb5b837f287d3d951a89ae48d3e

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
16KB

MD5
5ce34757208a6bc7fe2031cfa40bf6a0

SHA1
176da4c5ffe66eb0b1e9a81c205a84df1cba322d

SHA256
a6fc2a8efeb61eb96d172b22667562f3c2c0aabb1d4426657ff4c1aabc8a76fd

SHA512
4e2dc302ceacecccab9379b4510c1ce63214a475a7e04d5a5c734264f12df2b86bb72e6968063ada266a20692699d71aa184f23e5529c346a49b258fb1e94c86

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
214B

MD5
d6de6577f75a4499fe64be2006979ae5

SHA1
0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69

SHA256
87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9

SHA512
cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
22417b5d5eb168147f2c237d658a7163

SHA1
6ae67daf07c0a187f397923ecba497e5ab01ed58

SHA256
f1945b77f21bf5b8174bc94d0d69d4446baffd6808185554f8ae541e4254ecb1

SHA512
392b79a63b451495cc81877c288c0068d6c159bf0d7ce9ac0cc290128e57a5a1ebe0569dcbab85433448b3c1928be03cf01300ec7ae99573cfc4ef8c4c9b3cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
9cfe455d9c5f16c02987b0f4e5bccea8

SHA1
49c1c3d8104918cc23e9291f5cbbdf4284814edb

SHA256
694b0171a9a18ffc926a3429a2a614378b11bfd482f91321af7709eea8b30e27

SHA512
2c59cba13249e712db8b1a1e1457c8dd80ca334205b86a57b8dc8dc9b0adfdcb204dfdff81240992a5651975ada387fb013f819e14d0a969787f172a7d5091e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A3A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\avg-vpn\config.def

Filesize
473B

MD5
e701acf0d4cd046982166ed19c189cf5

SHA1
5a806d01776a64442bea77c1e75578366a0a69fa

SHA256
544b94c4f857100d05d25c937115ef0ac4fb94d6efe342951a115ee4516e9527

SHA512
81e23c89ad4c320ef5894d1e5588c62915616ca68d8d579c4df6b00113c125f0d11051d670f329f82de5d6d34eb8a805aa01c0f79b0790acbc14b37aaf161631

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\avg-vpn\dump_process.exe

Filesize
1.2MB

MD5
753b023dc1463ecd7b3f8807d2c5efc9

SHA1
ec45bed427e799844154d008bee2aa9d7b07715b

SHA256
c2295b9476901ae35fdc80dfd888aa056d15d1ef8de6de4a3e85f583ad65a5e0

SHA512
59bda01e96c0e3efda02dfb9ace0ea5e962bb117bca83f0af0a02df04a609bd755fd538bc1b960e154ccd23d596afa6a46088e274cd96ecf239900505a0b9db2

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\avg-vpn\icarus_product.dll

Filesize
962KB

MD5
2def504900ab97e99cad21ad6e5cc7c4

SHA1
55c878e53437954fb5828ebb4981458f7ca7e002

SHA256
bc25ea6ca68d9660df19bc204dc394af3dc1d27b9766e275765c6edd68456664

SHA512
8e9b9029bca807b5b1de4b77714edc9dacc8a1695d31801b3ede5f92116b4ec80090bffcee4aee374ae45dc04e9a60c364204008a6bb3da2b1e9d008602b7af9

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\avg-vpn\product-def.xml

Filesize
214KB

MD5
be6494bde16a736ff9caad56f53e3f9c

SHA1
9c493833d57933c272d7070d64bdf9ccd979d230

SHA256
327afe496fb7abd6ffa67f28c769e8d010ab94adf096edeb6948186fd0551fe8

SHA512
2fe9fe1f2a14f8949746d865169a2b232ceeb7685268a453ee47a2f40be8ecb6b4ddefae3554a259201f179dda245701dafd020a75ba98e3dbc41676a1417588

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\bug_report.exe

Filesize
4.7MB

MD5
f0ad6609b15fba048671a46959b34d12

SHA1
02ea65d9fb66ab8684215c388c04f496e570ffe3

SHA256
9522b2b05dc88174518cc635909bd39ea1ad017b972fc0b84c0b2c66fe20c7fa

SHA512
a86634798c703685f66e562e79badd768bc168a6182cbda4df9a740177b3acab8bd5a33b31de3fd77501adfbb81fab71796f76b678cc455b3d3061fd1e1ca4ae

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\icarus_ui.exe

Filesize
11.1MB

MD5
9e6da0ffec832dcb2bb0626e2fab333d

SHA1
a89f931b7c7fdc69d6255c4d7291ea3506a1b93e

SHA256
3746c214adcc94110a99a9839c57cb1cb4b2cfd0f461909252bfe3ad2a0ad7d6

SHA512
b6553729876d1b80416470ac409ea72d6eb35eed6d858a9485ade0dbb2a35a228dff5a1046cfbd31d99ba3f5a49284b23db102292728a9d2f90b10a50821a680

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\product-info.xml

Filesize
8KB

MD5
29b0610e54964f752943ec2036b71501

SHA1
5bfced9b8d06122a27e88defa0c18daab1a67fe0

SHA256
3ecd0deb19461b8c83bd10607dae8d060f1ed8f0d6c523cfd247de5590adb313

SHA512
5a0262973fe492253ae23d1862660fc47ce7ba2709f137ffa80d268ec9995cd726e45f612e752b1ef35427ee59ea56b1a7b1786a0dd289f2fdf0d25de25c067c

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\setupui.cont

Filesize
186KB

MD5
73b65ea51fb95e10c6d663019d4d6d33

SHA1
ce2f4bcb4e17f6c66b54594764d43ed61e973f64

SHA256
4af8c6f38e464a4798756d16418ba06d97dc9f264a5c9c3b77136d733b0fc00c

SHA512
3b0b8176616efe5828826a9eb7c882b38810ca677bd5a664f638185ab16d2e3d247a4f624b0952287a94e74f2dc0a10d48dac1503ab514af667e4dd3e12728ca

Download Submit
C:\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\icarus-info.xml

Filesize
1KB

MD5
57a05e8426ac65708c1424bdb331486c

SHA1
407adae84b7c97a52243f23afdbbdb6cca9a32a2

SHA256
3d36f5ee64eda7f7da070b4e4aee147cc93c6bfd526c1e61c52383092bef3aa1

SHA512
dd3ce6832a6059b6d7156da96a255782c9ab7aeb382b9ada3a9d802c71b1d24ffdfecfcf68e496f0eb5bdfe7ae00cb2ef747666527c249f01b8b50370bb718da

Download Submit
\Windows\Temp\asw-d33f4446-4841-4b19-bbd9-93dfbed71fc0\common\icarus.exe

Filesize
7.2MB

MD5
00f3158aa3cac845a8ddbce86cf20560

SHA1
8a4f81c33de9df0b93408035e7f3b01549775299

SHA256
9aacb21993e4e40a503c34fb2fa0e5fc315902b76ebb902c2eea340d84d17b33

SHA512
f3bf4729dde81fb99a501725376fbdd57eb05f3290d314a5f9742c4da7e794d3ea85b6bad6c07f1103707261ef78b38d0a9afd2fb75fc62abfc27a59ff533a6e

Download Submit
memory/1904-169-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp

Filesize
64KB

Download