78b0ca77e1cef42c2d9492815f287f8e84e501ff79ddad8207a97d918fc3bf19

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
Size

1.2MB
MD5

4bb5c9c02dd46f00e0eebfb524ec081a
SHA1

763341848a473c81eb1a0f4b8c8fdfabac88ad2f
SHA256

78b0ca77e1cef42c2d9492815f287f8e84e501ff79ddad8207a97d918fc3bf19
SHA512

03853c25326d9d965d0919cd1a3926f3f71b3cc0993e7c0bd61a8ae9aa3b5ab9080d4a30371ae475da4318581ac844d6a06bbc48dbde5a63ff97a3a1a8e86666
SSDEEP

24576:7n+kUERV2SQP2gggg8oGhPnX4pz/ZFoR83j4e4i1N6Iz:bDBRBgggg8JnX4pz4u30e4k6Iz

Score

6^/10

bootkit persistence

Malware Config

Signatures

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery
T1518.001

Processes:

icarus.exe

description ioc process

Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avast Software\Avast icarus.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avast Software\Avast	icarus.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

icarus.exe2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exeicarus.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 3 IoCs

Processes:

icarus.exeicarus_ui.exeicarus.exe

pid process

2688 icarus.exe
2740 icarus_ui.exe
1296 icarus.exe
Loads dropped DLL 6 IoCs

Processes:

2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exeicarus.exeicarus.exe

pid process

2288 2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
2688 icarus.exe
2688 icarus.exe
2688 icarus.exe
2688 icarus.exe
1296 icarus.exe

pid	process
2688	icarus.exe
2740	icarus_ui.exe
1296	icarus.exe

pid	process
2288	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
2688	icarus.exe
2688	icarus.exe
2688	icarus.exe
2688	icarus.exe
1296	icarus.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

icarus_ui.exeicarus.exeicarus.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe

Modifies registry class 7 IoCs

Processes:

icarus.exeicarus.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "b625d969-a42d-4f3f-a1e1-f87cf153d3fb"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAIsT8jOTV+keZhOEchKmQoAQAAAACAAAAAAAQZgAAAAEAACAAAABAMFuAfpMqrvjhBCbUS2X9bokk/IaCzh3uXB914oa9xAAAAAAOgAAAAAIAACAAAAAq+1UpxYmdUOG2BYD0DpYfb+JDuQQ7VPwmI2mFXEWKozAAAAC1mL4zKIlFCbSC6tOB6ea0/Urdx2zHPxQ03ToW/GizW3MrhFEvulrNZAecTFeqRNxAAAAArnW94IJgJaUC852n6Zs5TmeGO9XZYgrsCUz4cBEGPzHUz/HE/ipF51+rBrEWHdtD8MVnGEud/M1HcuLhSCOFvw=="	icarus.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "b625d969-a42d-4f3f-a1e1-f87cf153d3fb"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

icarus_ui.exe

pid process

2740 icarus_ui.exe

pid	process
2740	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

icarus.exeicarus_ui.exeicarus.exe

description	pid	process
Token: SeRestorePrivilege	2688	icarus.exe
Token: SeTakeOwnershipPrivilege	2688	icarus.exe
Token: SeRestorePrivilege	2688	icarus.exe
Token: SeTakeOwnershipPrivilege	2688	icarus.exe
Token: SeDebugPrivilege	2688	icarus.exe
Token: SeDebugPrivilege	2740	icarus_ui.exe
Token: SeRestorePrivilege	1296	icarus.exe
Token: SeTakeOwnershipPrivilege	1296	icarus.exe
Token: SeRestorePrivilege	1296	icarus.exe
Token: SeTakeOwnershipPrivilege	1296	icarus.exe
Token: SeRestorePrivilege	1296	icarus.exe
Token: SeTakeOwnershipPrivilege	1296	icarus.exe
Token: SeRestorePrivilege	1296	icarus.exe
Token: SeTakeOwnershipPrivilege	1296	icarus.exe
Token: SeDebugPrivilege	1296	icarus.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exeicarus_ui.exe

pid process

2288 2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
2740 icarus_ui.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

icarus_ui.exe

pid process

2740 icarus_ui.exe

pid	process
2288	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
2740	icarus_ui.exe

pid	process
2740	icarus_ui.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exeicarus.exe

description	pid	process	target process
PID 2288 wrote to memory of 2688	2288	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe	icarus.exe
PID 2288 wrote to memory of 2688	2288	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe	icarus.exe
PID 2288 wrote to memory of 2688	2288	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe	icarus.exe
PID 2288 wrote to memory of 2688	2288	2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe	icarus.exe
PID 2688 wrote to memory of 2740	2688	icarus.exe	icarus_ui.exe
PID 2688 wrote to memory of 2740	2688	icarus.exe	icarus_ui.exe
PID 2688 wrote to memory of 2740	2688	icarus.exe	icarus_ui.exe
PID 2688 wrote to memory of 1296	2688	icarus.exe	icarus.exe
PID 2688 wrote to memory of 1296	2688	icarus.exe	icarus.exe
PID 2688 wrote to memory of 1296	2688	icarus.exe	icarus.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-24_4bb5c9c02dd46f00e0eebfb524ec081a_magniber.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2288

C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\icarus.exe
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\icarus-info.xml /install /sssid:2288
2⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2688

C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\icarus_ui.exe
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\icarus_ui.exe /sssid:2288 /er_master:master_ep_f2e32791-0244-4681-89a6-ba0d7b2f31f8 /er_ui:ui_ep_acc07727-a076-4699-9af0-3737cc031c4d
3⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\avg-du\icarus.exe
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\avg-du\icarus.exe /sssid:2288 /er_master:master_ep_f2e32791-0244-4681-89a6-ba0d7b2f31f8 /er_ui:ui_ep_acc07727-a076-4699-9af0-3737cc031c4d /er_slave:avg-du_slave_ep_a1ae172e-378f-4b9e-a8d8-981c3520e47e /slave:avg-du
3⤵
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1296

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

Software Discovery

T1518

Security Software Discovery

T1518.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log
Filesize
44KB

MD5
937186d3d97eb70cd128637452dc8a36

SHA1
27e32cafa1060065f2537d2734a06492460d4c09

SHA256
e755623a2d37413b44da9ce80e5db8cf072c4fbafa5fbaa682c0d80384c40034

SHA512
462ee80265c276c123a464aeca5b5278147bd379954ffb4b424bad7af9bd362b200bf7ab097983cf4485bd05ebf0c3928539a415ca994382f65d088ba29a3f4a

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log
Filesize
49KB

MD5
2d18d9a9d0785b130401bcc9b0c4fab4

SHA1
2abd6e3f92a82b396c2242e046a3151a95ab5f3c

SHA256
5ad32402a0ca68c327770f579fd7637d8b79c01f37ed1a408bab132b0af9bc13

SHA512
b1516da21dd3883008eb3b993b1274d140534c796846cb43db16da04959362e87f0f4eecb51d715b3e57e17a4006cf8a3bcad5ef9c55fe6deb24db3d8fc2de39

Download Submit
C:\ProgramData\AVG\Icarus\Logs\report.log
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log
Filesize
10KB

MD5
a36334c0552a298154092ae1f03c30a5

SHA1
45bb5520ccdd3e27b0ed5c9ecf953837f501ce50

SHA256
6743ba1f53394b5b90a452aa608cb61e503f899d3fa23362c3f8f67f3ed7fef6

SHA512
f67017a29c2d9e32e9cf0c59dfbb9487d5247c6ea410e4ca3cc8ead9103ac2bec943ef71eaf835af639aacfb86c357542dccf2ce253c42e1dd803f8351e30659

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log
Filesize
11KB

MD5
cf90ebdd5a907203f250b8b198e70a83

SHA1
0c23c4ba886cde4d8d73215c645f1d8c917e4957

SHA256
4c3d04626f2befd968ff5cb8e377088c1d4a5e6a4462dc0d18a4b8b865c96589

SHA512
f2da679300da3754d4bd6e6606235a22384738f123a89aea1e011251f97f4a21426b7a7e9a7bb3f85d1d11c6b1c5cbdb0e3691f65ee28c294cdf2670f1f000e4

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini
Filesize
278B

MD5
b8853a8e6228549b5d3ad97752d173d4

SHA1
cd471a5d57e0946c19a694a6be8a3959cef30341

SHA256
8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9

SHA512
cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
Filesize
64B

MD5
168f03c5c241049561d93853fa2304dc

SHA1
ee086aa5bc60436a75015003cb2dd27ae57620ff

SHA256
374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e

SHA512
169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
Filesize
72B

MD5
2252b1369c7739102f4e82ae4a651fd9

SHA1
8302e97b61694ae27345b9960a4749ab83b24729

SHA256
9abe8f094cec4b47e3bfa96a7773ce58d6a11174cd754c145e51e34c2398242a

SHA512
582eec8079c139ff31a12bafb1a6a726bed40c2353cf68dce505e33ef3f3ca130b42d22ddbd1898132c545ad01647aa7f19ba8084873121b543e848c07c6ba69

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\avg-du\config.def
Filesize
549B

MD5
3e9c87ef79aec6ef3af203b32b003198

SHA1
82d9dbecbb20ff8160439d9f7d8b87466bcdfbef

SHA256
e3e8cbe0a09239f7c977bfc7d283c32e1a8dacd5fadc2f6643724e4e68cb8489

SHA512
88e65718a1d7b538c14822cbfe1eea21dd8c102c9b3c0c4b6dff719ec0f74e3c5c5b83b630f4c8506049b1e793ec2a1f4aed279bc44f904ca8355a0e1c4bfdc5

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\avg-du\dump_process.exe
Filesize
3.4MB

MD5
c22d80d43019235520344972efec9ff2

SHA1
1a2b4b2a52d820f9233ca0201be9ee7f6d82adbc

SHA256
5841a3df4784e008b8f2c567f15bb28cdb4cb4ca35c750f1108dfb1ccb6011f0

SHA512
f1cadbc3077379a6d7e36b8cf3bc830f44b5e668d4a6c0ce6b62bde292498c4f41c6588c5eba2599aa67524acfd125b7f23c419ae2b4a8e4afea7708aad83edc

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\avg-du\icarus_product.dll
Filesize
1.9MB

MD5
cd7a61f631640064d7af4d8aefd9da0f

SHA1
5205092909cc66ae268ce3f16d1e8205a9b68dce

SHA256
aacf35b9e098d362977c4d80f8017f4e2a2171d929e3ce4e6898ff707a57f648

SHA512
6e488802562d60450764655cddeb12434f6eaf9d1dbe72befc2e53456134e0dd7b17253299b44c8e4845a738e091976530f5ef5c33b7fd4ca30f62d64e55f613

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\avg-du\setupui.cont
Filesize
230KB

MD5
32c8d75781f31574f623ebb46ce751b1

SHA1
9d5849bf95e018b430f9e5c9fd4fe248dc7b305f

SHA256
03145c2328f7e1164cc4850581c407557c2cac64cd193accd3552a6aa4706e36

SHA512
33fc7ab05501d52fc0b2493a8f2c91cd7762aaf307ec65904f6a77394432f1c121b467d7edb83360552e3c36832043b1ee5e552f6a65c81d1aec425ea3582a95

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\bug_report.exe
Filesize
4.8MB

MD5
0c0f0ca2bb49dfa3743e9d4156007c70

SHA1
042fdfba346a89a83f0c782117038a82b29a28d1

SHA256
0e1865702916ae47aafc54c6199e3a73acb735ae888f9a8dd7bc4656268ef9ea

SHA512
e15f826ce67d4d5224cdcefc3194a5a9144e152ad16136f5774d2ca29484fc11e778e2e9d114af80ad2a99907bd4999e6eef95c7b7dbbe6a7829d67c1b6bbc92

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\icarus_ui.exe
Filesize
11.8MB

MD5
7ebae16a6ea514e55f7160c3539261cc

SHA1
ae74b3af4926b6932aea68a32c7c8727d53a94e7

SHA256
f27f92f003505dbca839513d233198211860de0ef487973a5ce0761d8e8ebfb9

SHA512
f7c7c084517785f21ae0bd82509ddc31e985edbe9e07f275414806afa3f696037340ea0e6091221a5d81250adf170ca0fa4345915d000eaba6034a9db0f61369

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\product-def.xml
Filesize
236KB

MD5
8c5323746bb544d2d645669ef66e837e

SHA1
1f68291c6ccb56928147380bbee27b56719c6124

SHA256
8c884f7cb8aade0a0d7fe2fa18819b5f3c2c4578d5318efc2b6b468114ca0377

SHA512
57938a13c256624e6496ea43ed99cc9f6ab19a68b581bfadedbbbbed2a4c427190530927a40f73146c14818676aceb56c1d772b195d6df51e9f79cd5a65902fb

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\product-info.xml
Filesize
6KB

MD5
f3dba4960b27996f6c252c86f4ed3aaa

SHA1
93e2c8ca65d3033f6b472c6f56b7f5e6db699605

SHA256
e6cb33b6976bcadfb145d3a1ab02ba6cf8fbf3cca1cf0f4072f9347404094591

SHA512
8a820024268c454208faf85ede1b4bd91ebec1e65195bc5d0682f78a2249f510f22e9adcd2346a455965448a7cc952c0435acb00ac9b7975162696c277789e8a

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\ecoo.edat
Filesize
21B

MD5
8f0e382f7c6d3db50619f7056dbb94ef

SHA1
029aece8f5cc6d64b158f646070fe5f6a9534cd8

SHA256
4df71c032dcfed706c76079099c361571d5b273061f4d8d8d0c3b2d37f56c2e6

SHA512
32bd76b23bc171f998a38d124387a08fb216f7b6b9d1f5ef54d41346b9794d3c7bcaed0b724a437c58b90d85379449c037e6d4a258cce5ebfd2d252648face6f

Download Submit
C:\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\icarus-info.xml
Filesize
1KB

MD5
225d2be46177e027cfbec2a00eb96bbc

SHA1
18f2f3014b85ed4c3aed2de1d1d91022d320f75f

SHA256
6430517f0c95c06ae9458ee527578bf41b1e54f1b587e3afdd241026e9510d87

SHA512
67b505611db8803461c91f20682dde35fb07a3716d6838fb904c539107fd6f0de6b07057c28f34b5978a354f7e2e00d2958bb98d1c058a5f0ad31ddd88d633b8

Download Submit
\Windows\Temp\asw-c9404866-4754-4067-b5d8-8a17f16585f4\common\icarus.exe
Filesize
7.7MB

MD5
97856ab19be2842f985c899ccde7e312

SHA1
4b33ff3baeba3b61ee040b1d00ebff0531cc21ef

SHA256
2569a72d3a55ea7ad690d708907245c221664c5c88cadbc19e1967135fa40514

SHA512
b2f57fd7c482977ebf52b49e50e57f60f1bf87be5bbf54c0dcfb3038c0f46b89c70f10161fab7585d01b90c4fdc00b86932444f32528fed04b514c6746bff29f

Download Submit
memory/2740-96-0x000007FFFFF70000-0x000007FFFFF80000-memory.dmp

Filesize
64KB

Download