Analysis Overview
SHA256
eb2eb7f54a3a69f88bd30aedd9c3c76d3cf314878a8d5b1795d394c1ecd59520
Threat Level: Shows suspicious behavior
The file 2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Loads dropped DLL
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies registry class
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 21:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 21:34
Reported
2024-04-06 21:37
Platform
win7-20240221-en
Max time kernel
121s
Max time network
126s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
Loads dropped DLL
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avast Software\Avast | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAaaOq9/rSbEaN5Dz9v60/mwQAAAACAAAAAAAQZgAAAAEAACAAAADC3Ktk1wpetjcvZG0sZRbUsHhDGUt72WSpqUiag9GhtAAAAAAOgAAAAAIAACAAAABPczoJwDEoX19hYe3pVG7jgpyyVhkPk/61j3hQ/GxdtFAAAAAobzPKoXuKb2e8VJ5e+aooMhM+o4biLQB3CwqXjnieWDtQ//L24E/UluEmCJJ/QdUgvO/MXI4wjx6qIw+kX2PH2/EoS2NFL8oGbnRRkcE4X0AAAADMfSyXVPWORCYajybW0JlzvBEQwU1hk6jQwy7MvFGa6y4+uT7fyfknfkgunLLb5HfNTrptsyuTFrEpEZ7br9y7" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "120d9c01-7082-4180-b3f5-3d226a4c5d69" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "120d9c01-7082-4180-b3f5-3d226a4c5d69" | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "120d9c01-7082-4180-b3f5-3d226a4c5d69" | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe"
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\icarus-info.xml /install /sssid:2648
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe /sssid:2648 /er_master:master_ep_922767b5-9948-4595-bda0-4b192e17b88e /er_ui:ui_ep_dce3cf69-2f08-4d7a-89f2-9671f934418f
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus.exe /sssid:2648 /er_master:master_ep_922767b5-9948-4595-bda0-4b192e17b88e /er_ui:ui_ep_dce3cf69-2f08-4d7a-89f2-9671f934418f /er_slave:avg-du_slave_ep_53e5abec-349a-4d36-9446-dbe673324c7d /slave:avg-du
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
Files
\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus.exe
| MD5 | d2b966df5b0e2736b07c3ed7701648d3 |
| SHA1 | 6b7af201fd696a692f6fe1275e4904228ff323d5 |
| SHA256 | e463deb55e082cf53a47737c851daacdb0c2aa9cf939854ffb874c5a383c2829 |
| SHA512 | bc5ae0f083c296e9472d23773ffd1fad404336f5e621b2868e41fe25352708ad80c03a3805823fb058c81ee1cb22e7a4b7b7f092ac5a334d7aca90f78944899d |
C:\ProgramData\AVG\Icarus\Logs\sfx.log
| MD5 | 3c3397f05d02412a19615121be5201d7 |
| SHA1 | c9573cadf1c9ed76fcfbc8245a4c0d0e618dc409 |
| SHA256 | 1f0b168ae917a09461498c4c92482d49f6d7e312de679d31a1551ffc66b40cb4 |
| SHA512 | 7a87575658050e3f45a8f8a35b282577724078773129e3badf994ff9de2c8ec888f4889513697a0c7d65a219cc7efcf302e10a3301c84cc604fa0205f4c59665 |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 397f9adfb3031344b02b85d5a7cc6c19 |
| SHA1 | 901a4d800dba8d8fa573d822d65a39886291553a |
| SHA256 | 93655368abb0a79a3d79cc098b6a0ccf3e2e14654b6b14ff3b09469163a02cfd |
| SHA512 | feab9216e9208b2349c3a91eff081e96ace9c93f5ad4d3096225d207232fbc42ceae264dea8edaab68176eafebf1ce7640ee7300a99002922b333952fd92ac12 |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | 22417b5d5eb168147f2c237d658a7163 |
| SHA1 | 6ae67daf07c0a187f397923ecba497e5ab01ed58 |
| SHA256 | f1945b77f21bf5b8174bc94d0d69d4446baffd6808185554f8ae541e4254ecb1 |
| SHA512 | 392b79a63b451495cc81877c288c0068d6c159bf0d7ce9ac0cc290128e57a5a1ebe0569dcbab85433448b3c1928be03cf01300ec7ae99573cfc4ef8c4c9b3cb8 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\eref.edat
| MD5 | e5913d9f76897190e98996018ca4d7c4 |
| SHA1 | a4c89df4e0d012df0cff9655d217218d019692aa |
| SHA256 | 84b1788f47ec1643168352f836f608ba5f5e3b3cc6f316fbd359dc5efe9bcb2c |
| SHA512 | 8173020f7ba6e4d3c7fcea79df705890b511039f6118750e53b3243debffbb47c131f3f03f3a7329c28168b946b1e8aa15f38012a0f30f5872389eb1d53865a9 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\icarus-info.xml
| MD5 | c18976ba0a6e8c9a349bc77424bb2052 |
| SHA1 | 5d04c5d9f2fac508a5d00edb97a4eebe465c58cf |
| SHA256 | b7a505ce106653432c7f86b5e87b88f016e3c3685abc27a10cc5fdf8e30ec1fa |
| SHA512 | 79208aeeafbf84ac3563f3584ef191f455b4f65ca7ab912cf582ff0257d376bd30cce49aeffcc3e8d30b7d82084782cf7da63f5188eddfb2524f386ed77c2735 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\icarus_ui.exe
| MD5 | 3f25bb38aaee8c47848817edc7dd5793 |
| SHA1 | 70b71c474f8f49d31624cbcbf4343fe9c6afb318 |
| SHA256 | 6d8da46af1e03c29f48d97a6a39870264158ef2c87edaed7b1b8a62cef742268 |
| SHA512 | f70eaea41684226ed3484eddf0998d1938635018d997e97ea45aa63a5ec762b8fb9ff3093b1f9d9dd1987835596bdc447d60ebc86de08ed8ee16f3bb19d5f1fe |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\product-info.xml
| MD5 | 4cd56abe1d9846b864765770dc7e856b |
| SHA1 | 28827dc46f887b66003bd9b1953dfc355ec742e2 |
| SHA256 | e115b4da472bbc0b0042337f9ef5cb2da075b8e3dacdd7ef8393fe570d5fb0a4 |
| SHA512 | 3b4c349611809d1df34b52c438074c719a5775c7484acda5489ce5da95ef5272d8ab210f8552391cbdc3042a291011815e5c1b555f0405bcc2152733eb84dd62 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\ecoo.edat
| MD5 | fac1bb5616a3b11b7a4e82bb17735ebd |
| SHA1 | b3384971ec069823d20183070558eb03b7df35fb |
| SHA256 | e90c4482daa3ce10324b0ef7f4c95a4f70803c0746b5b87c53078e9204962a2d |
| SHA512 | f4f48a9b45d8274646c0699255f2f0bb5e8c37cf90a0a4c6f8809965acc73142ee21035e09fd77349bd988a565bdef2d86e849867a2e632035e1c39c3196ee5d |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\setupui.cont
| MD5 | 17d7bd78b7192a5115a3c32639ffe2e0 |
| SHA1 | e57c42de150ea99d87375de4d1dac305abb2868a |
| SHA256 | 2690af4dca3322a0d0f99582370c9bea85263f0b2ee1b4c38e293b06acdd0f66 |
| SHA512 | 88626d9ddd3610d1a369017773d9811cc707c02f7c039237da1a189d24d796977d6c1a596adcc77e38d4a073a472f6040598fff54b78adffab3a04fc520b4b66 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\dump_process.exe
| MD5 | 26209014834bea1bf6b25ccaeb17cf4e |
| SHA1 | 8e9278463abc3070334cfaccb6a385d1fb399ada |
| SHA256 | e767d9460894a4e5a882aa99c073637fc45cb1db369704c2895db9a725652018 |
| SHA512 | 580bceeba9a4a2890b0a58f60f95e95a115c27d18f07158fca15c29c02456c7b8e83df9529fca45846df787a153f75741a9e13b93a28ec5da75c684660786659 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\bug_report.exe
| MD5 | 1d1ae7dd9eca36d6e070f19f6080b62b |
| SHA1 | 6ccd71808890b3674a4627949bf95b6c3a2dc06b |
| SHA256 | 07720d52b091b20507180e9485539bf6971d834e8e52a686a7f1dcd059f07b3f |
| SHA512 | e2aca0953cf44f3f017f450d08ae252a0c25c69570bec7c8ba6494a060e81f70535aa4b814b491d3f5c02bc98cb588f3848bb4b16fab118073339d76a3ff49b0 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\common\product-def.xml
| MD5 | 548a0818747231ebc5053a6c7dafbf2b |
| SHA1 | 179133d1777cddaf1d72b76bcedbcd9db6d9499a |
| SHA256 | b83c924d75587032d3d1cc3149096feca0b55fdf4400cf6d8cbf0b911885ebc4 |
| SHA512 | 71380216999acff3a83da62fa8c6f08414d2460a387b9dab8e88b648c5518b26a9a40a15941b7e065ec2205dd8c51c1303c0841126ff15e16aad6274c8dbd1d3 |
C:\ProgramData\AVG\Icarus\settings\proxy.ini
| MD5 | d6de6577f75a4499fe64be2006979ae5 |
| SHA1 | 0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69 |
| SHA256 | 87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9 |
| SHA512 | cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c |
C:\ProgramData\AVG\Icarus\Logs\sui.log
| MD5 | 6975d013ce7251439bc99127b914babf |
| SHA1 | b861e1e7759b682a18e92f86c21c0ab14b4963da |
| SHA256 | 182dcf4d76f665387fa12b819ace204904e75501e9b7cd7fc57b9ecd3d8a7a6f |
| SHA512 | 3083e5e7cc03e825d57c2ac9cfaa92e17a66230664913efc88fc806d752e87ba7a58d63f4b624d646229308d064c853b0a82cf97ed62be6d16e0b02c6456fcd2 |
C:\ProgramData\AVG\Icarus\Logs\report.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\AVG\Icarus\Logs\icarus.log
| MD5 | 16a2d74a8a35273f4729b94650948329 |
| SHA1 | 46e635b0b09501a8f673a8dea5f78ac48cf3ea05 |
| SHA256 | 05286ec8a8cbd3ca97620fad7183cc591dac62e6cbca454b79d96f4c2b4225b3 |
| SHA512 | 6f2fc744352c8f1d99bb65bc70fe914bd4f2384c405bfffa72cd0adc76c65da1c4d3ec04098e05e8d5933a7e5d17c3fe587124cd6ba8ef2cd07005f8bf9f5d59 |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\config.def
| MD5 | 034b36267199768b675b84210a88ec58 |
| SHA1 | fb619e2a77013960d4a84b822b1225ec442b2020 |
| SHA256 | ae4c6c353cf7442bb86d0b219b0cee4ee52458586b1e8de12e21851c86d22c48 |
| SHA512 | 8c2ecb10c04279c23498e6c9efe5518355383142f135d46813864c588efab09a181459f902f778bfb80f03c8832193828bde0e9ac8048d97d4b067a8c4410a5a |
C:\Windows\Temp\asw-3d6edf2a-6e64-42ca-8568-2235b209daf5\avg-du\icarus_product.dll
| MD5 | d6a017483a5af86c762372d765eb36ba |
| SHA1 | 3644193fcf645113448eb8b0ddcd1f5d68763ba1 |
| SHA256 | 563581e1a1f32a392ed60af488d1fd194d5eabe3db21042ac7e0f4f85a231ccf |
| SHA512 | 42d65eae3636d3871ace9ea273546ed3472fe007f0180f1335d28bad6b9ea0a7c345713fe08b5ab6cd9cd0bc925b7c7d1bbf5ea5d64d54f7f24faa05a43b0235 |
memory/2500-127-0x000007FFFFF90000-0x000007FFFFFA0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 21:34
Reported
2024-04-06 21:37
Platform
win10v2004-20240226-en
Max time kernel
92s
Max time network
129s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avast Software\Avast | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "d0fa1792-eafc-4d3f-8898-374533cf7294" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "d0fa1792-eafc-4d3f-8898-374533cf7294" | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "d0fa1792-eafc-4d3f-8898-374533cf7294" | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA/7tUb8mDTUWmlZA4o785QQQAAAACAAAAAAAQZgAAAAEAACAAAABvJoEQ/JhkyeMCmQQD27S3Rils9a0kyqpSWujSVSAWgwAAAAAOgAAAAAIAACAAAABkcgbYUoHiWMWyWv6WQ9sfdqcllgmby8PThnFoW/QWXlAAAABoBNMnRhhIYweleGdQcQ2A4Ff9/rns9tC+jM8IQAn6T5OAc2yoL7OKgJ1m0YuoXSRBulI14+6PnUx6dNXddOHtunB80LsCfmc3jxrz8RNS6UAAAACsTdwUwXIwVL7PtQtKELj+PkPHbLT/2novNjvwvk9LIEKlmFEevyTVRX+Y9W01LB+sh2ctkiSg3b1/FgvMdhwh" | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "66FC9A86B023D8FFC79948E2D373B0F2" | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-06_48f534500fd5c4612fda882bd9280efa_magniber.exe"
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\icarus-info.xml /install /sssid:2436
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe /sssid:2436 /er_master:master_ep_a47df9cf-8a89-4c27-8dbe-5d32f34d411a /er_ui:ui_ep_a6f67036-5b86-45fd-be46-76b2648e50d8
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus.exe /sssid:2436 /er_master:master_ep_a47df9cf-8a89-4c27-8dbe-5d32f34d411a /er_ui:ui_ep_a6f67036-5b86-45fd-be46-76b2648e50d8 /er_slave:avg-du_slave_ep_d524bf76-b600-450f-ba1a-c338c3491828 /slave:avg-du
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 23.220.113.74:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | 28.176.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
Files
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus.exe
| MD5 | d2b966df5b0e2736b07c3ed7701648d3 |
| SHA1 | 6b7af201fd696a692f6fe1275e4904228ff323d5 |
| SHA256 | e463deb55e082cf53a47737c851daacdb0c2aa9cf939854ffb874c5a383c2829 |
| SHA512 | bc5ae0f083c296e9472d23773ffd1fad404336f5e621b2868e41fe25352708ad80c03a3805823fb058c81ee1cb22e7a4b7b7f092ac5a334d7aca90f78944899d |
C:\ProgramData\AVG\Icarus\Logs\sfx.log
| MD5 | 8228287e11ad46b8543fc4173749b42e |
| SHA1 | 3f46587c64d9843292c91d9c1780833c888c91c9 |
| SHA256 | 4a6a68cca68be7d31f7afb8d309f784c3c0d24cf6ea7a343c6ff5a258a5ca014 |
| SHA512 | 7ca072598547b0a357ceb11cf19a0d30388a965a7ee1319e83a2c64da51963b6d45a691d5a810fb4948a4591a1e5087abc5469b0554092bb145c2a6c77ef91dc |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\icarus_ui.exe
| MD5 | 3f25bb38aaee8c47848817edc7dd5793 |
| SHA1 | 70b71c474f8f49d31624cbcbf4343fe9c6afb318 |
| SHA256 | 6d8da46af1e03c29f48d97a6a39870264158ef2c87edaed7b1b8a62cef742268 |
| SHA512 | f70eaea41684226ed3484eddf0998d1938635018d997e97ea45aa63a5ec762b8fb9ff3093b1f9d9dd1987835596bdc447d60ebc86de08ed8ee16f3bb19d5f1fe |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\eref.edat
| MD5 | e5913d9f76897190e98996018ca4d7c4 |
| SHA1 | a4c89df4e0d012df0cff9655d217218d019692aa |
| SHA256 | 84b1788f47ec1643168352f836f608ba5f5e3b3cc6f316fbd359dc5efe9bcb2c |
| SHA512 | 8173020f7ba6e4d3c7fcea79df705890b511039f6118750e53b3243debffbb47c131f3f03f3a7329c28168b946b1e8aa15f38012a0f30f5872389eb1d53865a9 |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\icarus-info.xml
| MD5 | 0e0e6fd998c0349cf1cc1820e89f7627 |
| SHA1 | dccf449325cf8964af8941966307daf92ecb441a |
| SHA256 | bbf7fab6a579b128d20fa2a54bf58b9aa358470195e96cf24444bb775996fb85 |
| SHA512 | e135922d13c2a15be3a8dc041300b787e576455c099e30a755725e18b69f408bd6874a36a8fff8cd8e0f9b87d76c103751a61b7814a2400e613a7a1c716133f6 |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | 22417b5d5eb168147f2c237d658a7163 |
| SHA1 | 6ae67daf07c0a187f397923ecba497e5ab01ed58 |
| SHA256 | f1945b77f21bf5b8174bc94d0d69d4446baffd6808185554f8ae541e4254ecb1 |
| SHA512 | 392b79a63b451495cc81877c288c0068d6c159bf0d7ce9ac0cc290128e57a5a1ebe0569dcbab85433448b3c1928be03cf01300ec7ae99573cfc4ef8c4c9b3cb8 |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | b65f7a67ff22c0083f4215e1040149c5 |
| SHA1 | 47f1cbaab2be8ade7fea575a1862b2a0f9237603 |
| SHA256 | 88973e9e1628a1f44da72a982d742443b89b24dbb6876e3164fc2b0631397b32 |
| SHA512 | 2543b8cdd63de7a0b206a422a3e1c0c4f4b4247cff25dce7dc622ead842c2d0e7ba7a0ac99869e0a0a7081a50ce9d1e56131e5d1c4cd5cd64861ad21d486b6b6 |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\product-info.xml
| MD5 | 4cd56abe1d9846b864765770dc7e856b |
| SHA1 | 28827dc46f887b66003bd9b1953dfc355ec742e2 |
| SHA256 | e115b4da472bbc0b0042337f9ef5cb2da075b8e3dacdd7ef8393fe570d5fb0a4 |
| SHA512 | 3b4c349611809d1df34b52c438074c719a5775c7484acda5489ce5da95ef5272d8ab210f8552391cbdc3042a291011815e5c1b555f0405bcc2152733eb84dd62 |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\ecoo.edat
| MD5 | fac1bb5616a3b11b7a4e82bb17735ebd |
| SHA1 | b3384971ec069823d20183070558eb03b7df35fb |
| SHA256 | e90c4482daa3ce10324b0ef7f4c95a4f70803c0746b5b87c53078e9204962a2d |
| SHA512 | f4f48a9b45d8274646c0699255f2f0bb5e8c37cf90a0a4c6f8809965acc73142ee21035e09fd77349bd988a565bdef2d86e849867a2e632035e1c39c3196ee5d |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\setupui.cont
| MD5 | 17d7bd78b7192a5115a3c32639ffe2e0 |
| SHA1 | e57c42de150ea99d87375de4d1dac305abb2868a |
| SHA256 | 2690af4dca3322a0d0f99582370c9bea85263f0b2ee1b4c38e293b06acdd0f66 |
| SHA512 | 88626d9ddd3610d1a369017773d9811cc707c02f7c039237da1a189d24d796977d6c1a596adcc77e38d4a073a472f6040598fff54b78adffab3a04fc520b4b66 |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\dump_process.exe
| MD5 | 26209014834bea1bf6b25ccaeb17cf4e |
| SHA1 | 8e9278463abc3070334cfaccb6a385d1fb399ada |
| SHA256 | e767d9460894a4e5a882aa99c073637fc45cb1db369704c2895db9a725652018 |
| SHA512 | 580bceeba9a4a2890b0a58f60f95e95a115c27d18f07158fca15c29c02456c7b8e83df9529fca45846df787a153f75741a9e13b93a28ec5da75c684660786659 |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\common\bug_report.exe
| MD5 | 1d1ae7dd9eca36d6e070f19f6080b62b |
| SHA1 | 6ccd71808890b3674a4627949bf95b6c3a2dc06b |
| SHA256 | 07720d52b091b20507180e9485539bf6971d834e8e52a686a7f1dcd059f07b3f |
| SHA512 | e2aca0953cf44f3f017f450d08ae252a0c25c69570bec7c8ba6494a060e81f70535aa4b814b491d3f5c02bc98cb588f3848bb4b16fab118073339d76a3ff49b0 |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\product-def.xml
| MD5 | 548a0818747231ebc5053a6c7dafbf2b |
| SHA1 | 179133d1777cddaf1d72b76bcedbcd9db6d9499a |
| SHA256 | b83c924d75587032d3d1cc3149096feca0b55fdf4400cf6d8cbf0b911885ebc4 |
| SHA512 | 71380216999acff3a83da62fa8c6f08414d2460a387b9dab8e88b648c5518b26a9a40a15941b7e065ec2205dd8c51c1303c0841126ff15e16aad6274c8dbd1d3 |
C:\ProgramData\AVG\Icarus\Logs\sui.log
| MD5 | 9d5a05c0bef902f8e8c70945535bfa5f |
| SHA1 | 27d4ea73de38a2686de5e89ae7d55c41ffbb9ce3 |
| SHA256 | 06e60152d0eed543b7a6ffef31123074af3edb5d2fb3b607009e0f7fcd599297 |
| SHA512 | 54bbcf88257b0923f6b1a6aa6df9be23ece8f5d640ab8645ef42de049a1d22632eab1fc54fa481d28829b73c73f61d18249a32b1f6251fd13d9fe1470b9fcd5a |
C:\ProgramData\AVG\Icarus\Logs\report.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\AVG\Icarus\Logs\icarus.log
| MD5 | 4e2fdfa22d641b0c6079c3734c23183f |
| SHA1 | 1455d9436e5fa59941ff9f92ed2d1914ecd97bc8 |
| SHA256 | b5be687252eefa9ecf291a77e0b97a6100b9d1213f30f9b6da1239addf341551 |
| SHA512 | 3ba3938c8360e48609eec1cdfe218c2b59a0572f7a6ce37df8094183ac726eddd962ecb080b1d73e8cecc87344b7cc097a5e99c78090ce838cc004fe3daaf0e2 |
C:\ProgramData\AVG\Icarus\settings\proxy.ini
| MD5 | d6de6577f75a4499fe64be2006979ae5 |
| SHA1 | 0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69 |
| SHA256 | 87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9 |
| SHA512 | cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\icarus_product.dll
| MD5 | d6a017483a5af86c762372d765eb36ba |
| SHA1 | 3644193fcf645113448eb8b0ddcd1f5d68763ba1 |
| SHA256 | 563581e1a1f32a392ed60af488d1fd194d5eabe3db21042ac7e0f4f85a231ccf |
| SHA512 | 42d65eae3636d3871ace9ea273546ed3472fe007f0180f1335d28bad6b9ea0a7c345713fe08b5ab6cd9cd0bc925b7c7d1bbf5ea5d64d54f7f24faa05a43b0235 |
C:\Windows\Temp\asw-d11ed4af-47d3-4209-b4bb-17bb0f6703e9\avg-du\config.def
| MD5 | 034b36267199768b675b84210a88ec58 |
| SHA1 | fb619e2a77013960d4a84b822b1225ec442b2020 |
| SHA256 | ae4c6c353cf7442bb86d0b219b0cee4ee52458586b1e8de12e21851c86d22c48 |
| SHA512 | 8c2ecb10c04279c23498e6c9efe5518355383142f135d46813864c588efab09a181459f902f778bfb80f03c8832193828bde0e9ac8048d97d4b067a8c4410a5a |