Analysis Overview
SHA256
79b1c84f3b20e6fd49efbb5e3b815f0ca418bf5828c02061bb83e10e0626d298
Threat Level: Shows suspicious behavior
The file 2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Executes dropped EXE
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 16:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 16:02
Reported
2024-06-14 16:04
Platform
win7-20231129-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
Loads dropped DLL
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "756170d9-0634-4845-928e-fc3e93bdefbf" | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAfse5j2U+g0WNCH4zS1AZEwQAAAACAAAAAAAQZgAAAAEAACAAAABKpGauwjOOALy+mB2Pe/hhCozkiV1Iiq7XVNPAJ58rtgAAAAAOgAAAAAIAACAAAADpyHqd/WkQVAHpcWspcsP6LTrc8LLEjyy3fFMein8ehGAAAAAC9CktD3rPl2OUFLBoPBRf2CnSbVZlqWd3gZxMJHXHdtLDGAXKe0PJp3hmAgQeePhwlpHajPuOTVvH3J5CX0T9TMNzMikUYWyQZyha+inLizp3+RnjolEvZqj/gCq6r09AAAAAnq+PHHypO3TaLTsi4kUDXE01Io1N43B3aDTRJhbwpCXefs7FiSoCFqqW+hh/Gwcg7huLLnsV7FPfjlww77puKw==" | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "756170d9-0634-4845-928e-fc3e93bdefbf" | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe"
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\icarus-info.xml /install /sssid:1368
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe /sssid:1368 /er_master:master_ep_eddd2680-dd39-47b8-962e-6c47d9fd7f00 /er_ui:ui_ep_1bf327ac-f038-4d1b-a90a-47da8579e58e
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus.exe /sssid:1368 /er_master:master_ep_eddd2680-dd39-47b8-962e-6c47d9fd7f00 /er_ui:ui_ep_1bf327ac-f038-4d1b-a90a-47da8579e58e /er_slave:avg-vpn_slave_ep_2f8d2658-fc81-49c3-ab04-51b6dd074e94 /slave:avg-vpn
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus.exe
| MD5 | 00f3158aa3cac845a8ddbce86cf20560 |
| SHA1 | 8a4f81c33de9df0b93408035e7f3b01549775299 |
| SHA256 | 9aacb21993e4e40a503c34fb2fa0e5fc315902b76ebb902c2eea340d84d17b33 |
| SHA512 | f3bf4729dde81fb99a501725376fbdd57eb05f3290d314a5f9742c4da7e794d3ea85b6bad6c07f1103707261ef78b38d0a9afd2fb75fc62abfc27a59ff533a6e |
C:\ProgramData\AVG\Icarus\Logs\sfx.log
| MD5 | 6c493873c15884266a4480f02fa6a717 |
| SHA1 | 87b8a0e0b02b6c25a908ee10203ff23f65462207 |
| SHA256 | e058e4d20b9da260e43848256155c5e9e57e32d7f0d38f5e88fa2ad6c5a27f64 |
| SHA512 | 726652fd59e11fff09e6725d45f7b83143a23d14ca58debb1beebd672f9613e7c9ae428e8cd6b17b6b47879ab5decc17627329bd96bb5b4f0a210e38a6bb1ade |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\icarus-info.xml
| MD5 | 8db0a82580a4681767e1c0b56577cf9d |
| SHA1 | fec45e512b3b1dedef80567392f8eb3ae3bd210b |
| SHA256 | 761004dc7fab761168af0721fb83dab89e8cbe15a7382d27f5e52fd2aaf88ca6 |
| SHA512 | 3f36b39a02a7d8b0ef47007a99177b3f8000e1532e6f352b4b8ddbda01ce2fc33c33b44985ae0fcac1bf1ed85efc8b00930a15bdb5c079e2b654f0cd69b7a69f |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\icarus_ui.exe
| MD5 | 9e6da0ffec832dcb2bb0626e2fab333d |
| SHA1 | a89f931b7c7fdc69d6255c4d7291ea3506a1b93e |
| SHA256 | 3746c214adcc94110a99a9839c57cb1cb4b2cfd0f461909252bfe3ad2a0ad7d6 |
| SHA512 | b6553729876d1b80416470ac409ea72d6eb35eed6d858a9485ade0dbb2a35a228dff5a1046cfbd31d99ba3f5a49284b23db102292728a9d2f90b10a50821a680 |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\setupui.cont
| MD5 | 73b65ea51fb95e10c6d663019d4d6d33 |
| SHA1 | ce2f4bcb4e17f6c66b54594764d43ed61e973f64 |
| SHA256 | 4af8c6f38e464a4798756d16418ba06d97dc9f264a5c9c3b77136d733b0fc00c |
| SHA512 | 3b0b8176616efe5828826a9eb7c882b38810ca677bd5a664f638185ab16d2e3d247a4f624b0952287a94e74f2dc0a10d48dac1503ab514af667e4dd3e12728ca |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\product-info.xml
| MD5 | f68142c409fd2e1cbd7fe0600627cbc2 |
| SHA1 | 640b7954bd54930b16e4752d24838d07d8c556e7 |
| SHA256 | 44883c3e0ab5a5b9360c2a1c623bf31a2cc55ef1c9ac06f6955837a3a68cf29a |
| SHA512 | 59decefa54b9d8629c1256510e6a14718037918237fd2fd7836b51646dd304d2da2c6d722ecb3b8b3d1e47ffd9cb908574474c6547868b8d7bcc110dbea25b2d |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\ecoo.edat
| MD5 | 4426ed8f59ccf97dd466f40c1557fe84 |
| SHA1 | 569c46e1ecb7656db4bc369174f747350392ed28 |
| SHA256 | fc572759fdea49d7171f749d7c41fc25a132bc9b34d554f39cd9a1d3a860bc4c |
| SHA512 | 8416cd07faf6ede4cd4e7ebf5a32137e13f7d3f2d182fd9ecd02710e9fc7f48c5bba2d4c42bdb2a7b47b38cce40b91433d0db0811b4928df2ba96e2294e75ecf |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\dump_process.exe
| MD5 | 753b023dc1463ecd7b3f8807d2c5efc9 |
| SHA1 | ec45bed427e799844154d008bee2aa9d7b07715b |
| SHA256 | c2295b9476901ae35fdc80dfd888aa056d15d1ef8de6de4a3e85f583ad65a5e0 |
| SHA512 | 59bda01e96c0e3efda02dfb9ace0ea5e962bb117bca83f0af0a02df04a609bd755fd538bc1b960e154ccd23d596afa6a46088e274cd96ecf239900505a0b9db2 |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\common\bug_report.exe
| MD5 | f0ad6609b15fba048671a46959b34d12 |
| SHA1 | 02ea65d9fb66ab8684215c388c04f496e570ffe3 |
| SHA256 | 9522b2b05dc88174518cc635909bd39ea1ad017b972fc0b84c0b2c66fe20c7fa |
| SHA512 | a86634798c703685f66e562e79badd768bc168a6182cbda4df9a740177b3acab8bd5a33b31de3fd77501adfbb81fab71796f76b678cc455b3d3061fd1e1ca4ae |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\product-def.xml
| MD5 | 74aa51ff5c6f2ec92e80521bc2b789b9 |
| SHA1 | f2797f9312ab78243f034ee6fd24571e9abc9357 |
| SHA256 | 84f5653580855533733b3eb87cf1b316f654bc09becd77156078c7dd632406a1 |
| SHA512 | 4c9eb0f20507247864240bc6da67b35d96961bcb4e33a74ccc086296156111c0aff22e5a710c645d7aff2d9b6bcb30fae408f702c53d6690158aaad4d1f04f41 |
C:\ProgramData\AVG\Icarus\Logs\sui.log
| MD5 | 0545aeead7919b6e1fa2deef1b9be768 |
| SHA1 | 0472bc1cd94d4a8b149cb728365fe48388f6bd0e |
| SHA256 | c42946161a363aa495a29edefe486d560b7dacac54ea01a1702cd85e782205fb |
| SHA512 | ab20a915a5ef5238149bc70897459ca823840c57ccea5af02aab68a5a5cb1d70f2b9722b5a648626a2507c54931fc13740cd23f093a42ff7d964b481e7679af1 |
C:\ProgramData\AVG\Icarus\Logs\report.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\AVG\Icarus\Logs\icarus.log
| MD5 | 838d57cb91bde33240d1ecdc99ed2e01 |
| SHA1 | 75e401937e8a2cf6dbc21cb815441fd8b3cae839 |
| SHA256 | b9d35dbe42a7a6e0fbf9d0868a1fa6b09306e15c4c8f30737c779cbcbf05e9a5 |
| SHA512 | f6b3f7fd45f0e821488473132dc1f122d9632e674658c27d5e4606cd3aecc1009659bd98c9e765ebb4cb397f68536ee681020a9f93cb8ebb7aefc48869a2ed9f |
C:\ProgramData\AVG\Icarus\settings\proxy.ini
| MD5 | d6de6577f75a4499fe64be2006979ae5 |
| SHA1 | 0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69 |
| SHA256 | 87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9 |
| SHA512 | cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\config.def
| MD5 | daaa17da8179678d2a8f28f93b0afcd7 |
| SHA1 | d6cb5fae2e99dde34feb09adfccbadb4ecb86bc4 |
| SHA256 | 8be127d77130e20ee46f084231853266becaa0349a44da6ed4270c9b04c9261f |
| SHA512 | 1133753c891d59ef8ebb43a7601aa2ba5a72e32300ae32b847f75c3164b294dab9b24e57f3c66ae0e4c0ca75e2cbb175d49698540d972cdff2fd3b3ea887d4b4 |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | 22417b5d5eb168147f2c237d658a7163 |
| SHA1 | 6ae67daf07c0a187f397923ecba497e5ab01ed58 |
| SHA256 | f1945b77f21bf5b8174bc94d0d69d4446baffd6808185554f8ae541e4254ecb1 |
| SHA512 | 392b79a63b451495cc81877c288c0068d6c159bf0d7ce9ac0cc290128e57a5a1ebe0569dcbab85433448b3c1928be03cf01300ec7ae99573cfc4ef8c4c9b3cb8 |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 44ee7c7d7187d5e6b09f1e8951ce1355 |
| SHA1 | faf67bb8ccc52eeac421227ee248049f6f7c97f5 |
| SHA256 | 8386c4aa65ee1b1c312c1e68ac6e53fe89a7a3f1e95249e50c7ffcacfe43fe11 |
| SHA512 | 9683e30bbe72daf60ba7e7270284431cdb719c23a1f5a5d4308c70bcf185949a9d09ef0bdaeef5223f34e22c3dbbf1f6df6868ba81fe049209b65566cf67d89e |
C:\Windows\Temp\asw-07f64d5c-f8f5-4b8d-9432-0f20d5aef7ab\avg-vpn\icarus_product.dll
| MD5 | 2def504900ab97e99cad21ad6e5cc7c4 |
| SHA1 | 55c878e53437954fb5828ebb4981458f7ca7e002 |
| SHA256 | bc25ea6ca68d9660df19bc204dc394af3dc1d27b9766e275765c6edd68456664 |
| SHA512 | 8e9b9029bca807b5b1de4b77714edc9dacc8a1695d31801b3ede5f92116b4ec80090bffcee4aee374ae45dc04e9a60c364204008a6bb3da2b1e9d008602b7af9 |
memory/2792-147-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 16:02
Reported
2024-06-14 16:04
Platform
win10v2004-20240611-en
Max time kernel
92s
Max time network
94s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "96611d8d-0121-4bdc-baa3-ce55cb259631" | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9LwN9XjrHkeaFpKmtNrmHwQAAAACAAAAAAAQZgAAAAEAACAAAADw7qC/Q+QnhaTT+Q+XHBz7l1YoeI+/UFF1mb50IPdefQAAAAAOgAAAAAIAACAAAABzyXkrnkalqwTwNmOJ9Cv0BYbh7QOj9nhP7HdnNvr8gjAAAAAYDje9Em6nWNlommnPTmEboa8eclk5lgwGW43H4xxfQ/NpsnGAvMi0PflGKjhagH9AAAAA7LUFmRoftNljayowARPQpZKGpmnK7LErl43NjDP/GNXQhZ83NgCXDYP5vqnIeL8wnzXVwuHI6qYXzNgkx8W66g==" | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "96611d8d-0121-4bdc-baa3-ce55cb259631" | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-14_01c5ef469f65d6c81979672eb5d17849_magniber.exe"
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\icarus-info.xml /install /sssid:4356
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe /sssid:4356 /er_master:master_ep_ef61480f-aad2-4103-9bcc-eb0d86734c0c /er_ui:ui_ep_37416e16-2007-404f-84b0-ac3d2b27085b
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus.exe /sssid:4356 /er_master:master_ep_ef61480f-aad2-4103-9bcc-eb0d86734c0c /er_ui:ui_ep_37416e16-2007-404f-84b0-ac3d2b27085b /er_slave:avg-vpn_slave_ep_3e5c7cb4-21e2-45da-b6a2-661dccd2a742 /slave:avg-vpn
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.ff.avast.com | udp |
| US | 34.160.176.28:443 | shepherd.ff.avast.com | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | 28.176.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.131.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.131.50.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus.exe
| MD5 | 00f3158aa3cac845a8ddbce86cf20560 |
| SHA1 | 8a4f81c33de9df0b93408035e7f3b01549775299 |
| SHA256 | 9aacb21993e4e40a503c34fb2fa0e5fc315902b76ebb902c2eea340d84d17b33 |
| SHA512 | f3bf4729dde81fb99a501725376fbdd57eb05f3290d314a5f9742c4da7e794d3ea85b6bad6c07f1103707261ef78b38d0a9afd2fb75fc62abfc27a59ff533a6e |
C:\ProgramData\AVG\Icarus\Logs\sfx.log
| MD5 | 5e0bb65a968dc8928f9f07047013d594 |
| SHA1 | 93fa62a7ce6fc6978e95e33a91252a2a16e94b68 |
| SHA256 | 70fdcb973ff8494c97d9007b33eeba1a3a7e19f7aea8a5aef4628360f9205c5b |
| SHA512 | e9c48c382ac80789aa72f332815b6f02dace2dac7a9ffced43e00a28cd5de675c511c02ba6c822eeb088a722cdfc9af7ed9eccf9a173553de5bddfb57cc97322 |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\icarus-info.xml
| MD5 | 708c39916bc0a13c9db99ce4d62c987b |
| SHA1 | 8ce68481deb739a5aa49de8ad2320d66402b905a |
| SHA256 | 21c2bfeb768be0cc6b05eca90daa7362e6471bc6ba1afabde311ddf6c4b7d422 |
| SHA512 | dff76afe01f06021c0e0dc3160067e1dd970ff07824486ba20da94781c25f18baff5019e25b65abc7e05466e97ee420feb35a5b221bd3ef49acadc224fa5b60b |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\icarus_ui.exe
| MD5 | 9e6da0ffec832dcb2bb0626e2fab333d |
| SHA1 | a89f931b7c7fdc69d6255c4d7291ea3506a1b93e |
| SHA256 | 3746c214adcc94110a99a9839c57cb1cb4b2cfd0f461909252bfe3ad2a0ad7d6 |
| SHA512 | b6553729876d1b80416470ac409ea72d6eb35eed6d858a9485ade0dbb2a35a228dff5a1046cfbd31d99ba3f5a49284b23db102292728a9d2f90b10a50821a680 |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\setupui.cont
| MD5 | 73b65ea51fb95e10c6d663019d4d6d33 |
| SHA1 | ce2f4bcb4e17f6c66b54594764d43ed61e973f64 |
| SHA256 | 4af8c6f38e464a4798756d16418ba06d97dc9f264a5c9c3b77136d733b0fc00c |
| SHA512 | 3b0b8176616efe5828826a9eb7c882b38810ca677bd5a664f638185ab16d2e3d247a4f624b0952287a94e74f2dc0a10d48dac1503ab514af667e4dd3e12728ca |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\product-info.xml
| MD5 | f68142c409fd2e1cbd7fe0600627cbc2 |
| SHA1 | 640b7954bd54930b16e4752d24838d07d8c556e7 |
| SHA256 | 44883c3e0ab5a5b9360c2a1c623bf31a2cc55ef1c9ac06f6955837a3a68cf29a |
| SHA512 | 59decefa54b9d8629c1256510e6a14718037918237fd2fd7836b51646dd304d2da2c6d722ecb3b8b3d1e47ffd9cb908574474c6547868b8d7bcc110dbea25b2d |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\ecoo.edat
| MD5 | 4426ed8f59ccf97dd466f40c1557fe84 |
| SHA1 | 569c46e1ecb7656db4bc369174f747350392ed28 |
| SHA256 | fc572759fdea49d7171f749d7c41fc25a132bc9b34d554f39cd9a1d3a860bc4c |
| SHA512 | 8416cd07faf6ede4cd4e7ebf5a32137e13f7d3f2d182fd9ecd02710e9fc7f48c5bba2d4c42bdb2a7b47b38cce40b91433d0db0811b4928df2ba96e2294e75ecf |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\dump_process.exe
| MD5 | 753b023dc1463ecd7b3f8807d2c5efc9 |
| SHA1 | ec45bed427e799844154d008bee2aa9d7b07715b |
| SHA256 | c2295b9476901ae35fdc80dfd888aa056d15d1ef8de6de4a3e85f583ad65a5e0 |
| SHA512 | 59bda01e96c0e3efda02dfb9ace0ea5e962bb117bca83f0af0a02df04a609bd755fd538bc1b960e154ccd23d596afa6a46088e274cd96ecf239900505a0b9db2 |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\common\bug_report.exe
| MD5 | f0ad6609b15fba048671a46959b34d12 |
| SHA1 | 02ea65d9fb66ab8684215c388c04f496e570ffe3 |
| SHA256 | 9522b2b05dc88174518cc635909bd39ea1ad017b972fc0b84c0b2c66fe20c7fa |
| SHA512 | a86634798c703685f66e562e79badd768bc168a6182cbda4df9a740177b3acab8bd5a33b31de3fd77501adfbb81fab71796f76b678cc455b3d3061fd1e1ca4ae |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\product-def.xml
| MD5 | 74aa51ff5c6f2ec92e80521bc2b789b9 |
| SHA1 | f2797f9312ab78243f034ee6fd24571e9abc9357 |
| SHA256 | 84f5653580855533733b3eb87cf1b316f654bc09becd77156078c7dd632406a1 |
| SHA512 | 4c9eb0f20507247864240bc6da67b35d96961bcb4e33a74ccc086296156111c0aff22e5a710c645d7aff2d9b6bcb30fae408f702c53d6690158aaad4d1f04f41 |
C:\ProgramData\AVG\Icarus\Logs\sui.log
| MD5 | 0f4e5f09caa94ac97f31607a89866ffe |
| SHA1 | 1c23cad58def36a49b2588ce04169ff38161e4ec |
| SHA256 | 259849a0af68a01ed2102334f8927bce3616b21e47fde914d21a0aa44e307ed6 |
| SHA512 | 52b071fee1691c82526c7efad28d8aea7302bc03e28a15f6da0e4d3ae175fae35eb9217e7d80cd57a775939b01842a29a92978db28e31167a733a1a45d875c3c |
C:\ProgramData\AVG\Icarus\Logs\sfx.log
| MD5 | ba6461c421297aac9a2e9e3f04b642f5 |
| SHA1 | d3277177ca7822f7e802898a64856d6d8a91b15a |
| SHA256 | e03171aa10f0c44aed869dcf5482f8f2b64e5d1c0635a50b56cf7792107aaa51 |
| SHA512 | 2e2ae93134a67eb225447a45c34885f6ee49f857a558fbe407ff4858859a6d25184f74f3c3541fab414ca37152eba99e6d0f0719aa8e486fc89d1d599ad3e0cf |
C:\ProgramData\AVG\Icarus\Logs\report.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\AVG\Icarus\Logs\icarus.log
| MD5 | 725dd8a2d41a672af6787afde9712eea |
| SHA1 | 7ff4cf02b5b8dd07f560cae0ced9aafdd20e2ced |
| SHA256 | e62bf292cd62c4c8ca8575ef805e30f799f77d973054ccd79da8fbda4501edf0 |
| SHA512 | 278eb7b8ec581b8182261b56952efb6179150028a5bfdd0af577629cd01fd4f52b3db65d98dc7721d47a3bf4187ceb0d651e5cd10f06ff84814231095c9501c3 |
C:\ProgramData\AVG\Icarus\settings\proxy.ini
| MD5 | d6de6577f75a4499fe64be2006979ae5 |
| SHA1 | 0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69 |
| SHA256 | 87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9 |
| SHA512 | cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 72c51a8fef8cdf327dcac6254f59a2c0 |
| SHA1 | 4ad1a09f016741d04b8fb9db5075fe0e755478db |
| SHA256 | 4edd07bd0ea6899ca820cd2f01bca95ac0442224d63212d71582169abbbcdd5e |
| SHA512 | 684035189bff612b1072b32eda9b1ded8d29b7423c1441386335a1486ce6c12540dfc50ca218afb26c6edd69932566b3e9125bd26cf2ab0f615f34d82e9c4b07 |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\config.def
| MD5 | daaa17da8179678d2a8f28f93b0afcd7 |
| SHA1 | d6cb5fae2e99dde34feb09adfccbadb4ecb86bc4 |
| SHA256 | 8be127d77130e20ee46f084231853266becaa0349a44da6ed4270c9b04c9261f |
| SHA512 | 1133753c891d59ef8ebb43a7601aa2ba5a72e32300ae32b847f75c3164b294dab9b24e57f3c66ae0e4c0ca75e2cbb175d49698540d972cdff2fd3b3ea887d4b4 |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | 168f03c5c241049561d93853fa2304dc |
| SHA1 | ee086aa5bc60436a75015003cb2dd27ae57620ff |
| SHA256 | 374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e |
| SHA512 | 169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179 |
C:\Windows\Temp\asw-ff5e1a11-79c8-4c5e-8bbd-ddd07b398621\avg-vpn\icarus_product.dll
| MD5 | 2def504900ab97e99cad21ad6e5cc7c4 |
| SHA1 | 55c878e53437954fb5828ebb4981458f7ca7e002 |
| SHA256 | bc25ea6ca68d9660df19bc204dc394af3dc1d27b9766e275765c6edd68456664 |
| SHA512 | 8e9b9029bca807b5b1de4b77714edc9dacc8a1695d31801b3ede5f92116b4ec80090bffcee4aee374ae45dc04e9a60c364204008a6bb3da2b1e9d008602b7af9 |