3b2a3bbc868a2196f2c990c70889e68e626db5b3ed5570dc949b07adaa3f3084

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Icaros_v3.3.2.exe
Size

12.0MB
MD5

9e57c5961a540651d6e6148276f9e086
SHA1

fc485e7aa04c4c12b9b936a3dd514de8b7fc3fbc
SHA256

3b2a3bbc868a2196f2c990c70889e68e626db5b3ed5570dc949b07adaa3f3084
SHA512

18bb77352d820fb1b7e4699f85750adb3f5ed34bd04f1b59081e2d5ea0f36c645cbf89eb79307fd824f6c4a21afab11459c8c07a85f81f303c58fa3fb1d4ca28
SSDEEP

196608:gcbIOOxJ6InLDjJmJByfgL56SovUeAnNwvgUQZpBAhFirwt:zOQJB6gLYtV8WgjpBA0wt

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 3 IoCs

pid	Process
3476	Icaros_v3.3.2.tmp
3084	IcarosConfig.exe
4208	IcarosConfig.exe

Loads dropped DLL 50 IoCs

pid	Process
3476	Icaros_v3.3.2.tmp
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3084	IcarosConfig.exe
3752	regsvr32.exe
3308	Process not Found
4040	regsvr32.exe
3440	regsvr32.exe
3440	regsvr32.exe
3440	regsvr32.exe
3440	regsvr32.exe
3440	regsvr32.exe
3440	regsvr32.exe
3440	regsvr32.exe
3308	Process not Found
3308	Process not Found
3308	Process not Found
3308	Process not Found
3308	Process not Found
3308	Process not Found
3308	Process not Found
4208	IcarosConfig.exe
4208	IcarosConfig.exe
4208	IcarosConfig.exe
4208	IcarosConfig.exe
4208	IcarosConfig.exe
4208	IcarosConfig.exe
4208	IcarosConfig.exe
4208	IcarosConfig.exe
4320	Process not Found
4320	Process not Found
4320	Process not Found
4320	Process not Found
4320	Process not Found
4320	Process not Found
4320	Process not Found
1644	regsvr32.exe
2168	Process not Found
2168	Process not Found
2168	Process not Found
2168	Process not Found
2168	Process not Found
2168	Process not Found
2168	Process not Found

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Icaros\32-bit\IcarosPropertyHandler.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-OC723.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\32-bit\libunarr-ics.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-Q8B7T.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-KJUTI.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-00KDD.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\32-bit\IcarosCache.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\unins000.dat	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-TOQGO.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-9ED8J.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-H39P2.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\unins000.dat	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\32-bit\IcarosThumbnailProvider.dll	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\avcodec-ics-60.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-H3KE9.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\32-bit\avformat-ics-60.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-Q2FV8.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\is-R3VAV.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-OJOIP.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-21770.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-3FK35.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-Q66KR.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\is-26VJQ.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-T48RH.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-FL5OH.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-NGC25.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Licenses\is-GSL9P.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-4DOHA.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-QAE6F.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-CMGLN.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-GQ35C.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\swscale-ics-7.dll	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\IcarosConfig.exe	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\avutil-ics-58.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-6VC2N.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-C7STT.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-RQU05.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\IcarosThumbnailProvider.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\is-IAOKN.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\64-bit\is-OJTUQ.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-R6RSQ.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-1A8HI.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-MI7N1.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Licenses\is-9FOKP.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\32-bit\avutil-ics-58.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-TT0KN.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-E14SD.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-7DKPM.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\32-bit\avcodec-ics-60.dll	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\IcarosCache.dll	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\IcarosUICore.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-E8861.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\32-bit\is-KHR5V.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\is-67UE7.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-OSM16.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\is-HT3NK.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Licenses\is-OMH32.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\avformat-ics-60.dll	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\IcarosPropertyHandler.dll	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\32-bit\swscale-ics-7.dll	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-FVO8T.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-29HNT.tmp	Icaros_v3.3.2.tmp
File created	C:\Program Files\Icaros\Resources\Localize\is-O4A0L.tmp	Icaros_v3.3.2.tmp
File opened for modification	C:\Program Files\Icaros\64-bit\libunarr-ics.dll	Icaros_v3.3.2.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ogg\FullDetails = "prop:System.PropGroup.Media;System.Media.Duration;System.PropGroup.Video;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.Size;System.DateCreated;System.DateModified;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mkv\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\ = "{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rm\ExtendedTileInfo = "prop:System.ItemType;System.Size;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wav\FullDetails = "prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Comment;System.Rating;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;Icaros.AudioTracks;System.Audio.ChannelCount;Icaros.BitDepth;System.Audio.EncodingBitrate;System.Audio.SampleRate;System.PropGroup.Origin;System.Media.Publisher;System.Media.AuthorUrl;System.Copyright;System.Media.CreatorApplication;System.PropGroup.Content;System.Music.Composer;System.Music.Conductor;System.Music.Mood;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.DateCreated;System.DateModified;System.Size;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC}\ManualSafeSave = "1"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webmv\ExtendedTileInfo = "prop:System.ItemType;System.Size;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rm\PreviewDetails = "prop:System.Media.Duration;System.Size;System.Video.FrameWidth;System.Video.FrameHeight;Icaros.VideoTracks;Icaros.AudioTracks;System.Video.TotalBitrate;System.OfflineAvailability;System.OfflineStatus;System.DateModified;System.DateCreated;System.SharedWith;*System.Video.FrameRate"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC}\ = "Icaros Property Handler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.opus\FullDetails = "prop:System.PropGroup.Media;System.Media.Duration;System.PropGroup.Audio;System.Audio.EncodingBitrate;System.Audio.ChannelCount;System.Audio.SampleRate;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.Size;System.DateCreated;System.DateModified;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.aifc	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mk3d	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.aif	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.psd\InfoTip = "prop:System.ItemType;System.DateModified;System.Image.Dimensions;System.Image.BitDepth;System.Size"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ogv\PreviewDetails = "prop:System.Size;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.EncodingBitrate;System.Video.TotalBitrate;System.Video.FrameRate;System.OfflineAvailability;System.OfflineStatus;System.DateModified;System.DateCreated;System.SharedWith;"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xvid\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ape\InfoTip = "prop:System.ItemType;System.Size;System.Music.Artist;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mkv\PreviewDetails = "prop:System.Title;System.Media.Duration;System.Size;System.Video.FrameWidth;System.Video.FrameHeight;Icaros.VideoTracks;Icaros.AudioTracks;Icaros.SubtitleTracks;Icaros.ContentCompression;Icaros.ContainsChapters;System.Rating;System.Keywords;System.Comment;System.Music.Artist;System.Music.Genre;System.ParentalRating;System.OfflineAvailability;System.OfflineStatus;System.DateModified;System.DateCreated;System.SharedWith;System.Media.SubTitle;System.Media.Year;System.Video.FrameRate;System.Video.EncodingBitrate;*System.Video.TotalBitrate"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.opus\PreviewDetails = "prop:System.Music.Artist;System.Music.AlbumTitle;System.Music.Genre;System.Media.Duration;Icaros.AudioTracks;System.Rating;System.Media.Year;System.Size;System.Music.TrackNumber;System.Music.AlbumArtist;System.Title;System.Audio.ChannelCount;Icaros.BitDepth;System.Audio.EncodingBitrate;System.Audio.SampleRate;System.DateModified;System.OfflineAvailability;System.OfflineStatus;System.DateCreated;*System.SharedWith"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.aifc\InfoTip = "prop:System.ItemType;System.Size;System.Music.Artist;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tga\ExtendedTileInfo = "prop:System.ItemType;System.DateModified;System.Image.Dimensions;*System.Image.BitDepth"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xvid\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}\ = "{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.aifc\ExtendedTileInfo = "prop:System.ItemType;System.Size;System.Music.Artist;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dds\ExtendedTileInfo = "prop:System.ItemType;System.DateModified;System.Image.Dimensions;*System.Image.BitDepth"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.opus\InfoTip = "prop:System.ItemType;System.Size;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.epub\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mpc\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ofs\Content Type = "audio/ofs"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tak	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\ExtendedTileInfo = "prop:System.ItemType;System.Size;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.xvid	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}\InProcServer32\ = "C:\\Program Files\\Icaros\\32-bit\\IcarosThumbnailProvider.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpc\ExtendedTileInfo = "prop:System.ItemType;System.Size;System.Music.Artist;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.wav\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.webm\ShellEx\{e357fccd-a995-4576-b01f-234630154e96}\ = "{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\PreviewDetails = "prop:System.Title;System.Media.Duration;System.Size;System.Video.FrameWidth;System.Video.FrameHeight;System.Rating;System.Keywords;System.Comment;System.Music.Artist;System.Music.Genre;System.ParentalRating;System.OfflineAvailability;System.OfflineStatus;System.DateModified;System.DateCreated;System.SharedWith;System.Media.SubTitle;System.Media.Year;System.Video.FrameRate;System.Video.EncodingBitrate;System.Video.TotalBitrate"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webm\PreviewDetails = "prop:System.Title;System.Media.Duration;System.Size;System.Video.FrameWidth;System.Video.FrameHeight;Icaros.VideoTracks;Icaros.AudioTracks;Icaros.SubtitleTracks;Icaros.ContentCompression;Icaros.ContainsChapters;System.Rating;System.Keywords;System.Comment;System.Music.Artist;System.Music.Genre;System.ParentalRating;System.OfflineAvailability;System.OfflineStatus;System.DateModified;System.DateCreated;System.SharedWith;System.Media.SubTitle;System.Media.Year;System.Video.FrameRate;System.Video.EncodingBitrate;*System.Video.TotalBitrate"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ape\FullDetails = "prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Comment;System.Rating;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;Icaros.AudioTracks;System.Audio.ChannelCount;Icaros.BitDepth;System.Audio.EncodingBitrate;System.Audio.SampleRate;System.PropGroup.Origin;System.Media.Publisher;System.Media.AuthorUrl;System.Copyright;System.Media.CreatorApplication;System.PropGroup.Content;System.Music.Composer;System.Music.Conductor;System.Music.Mood;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.DateCreated;System.DateModified;System.Size;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webp\InfoTip = "prop:System.ItemType;System.DateModified;System.Image.Dimensions;System.Image.BitDepth;System.Size"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rmvb\PreviewDetails = "prop:System.Media.Duration;System.Size;System.Video.FrameWidth;System.Video.FrameHeight;Icaros.VideoTracks;Icaros.AudioTracks;System.Video.TotalBitrate;System.OfflineAvailability;System.OfflineStatus;System.DateModified;System.DateCreated;System.SharedWith;*System.Video.FrameRate"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ofs\PreviewDetails = "prop:System.Music.Artist;System.Music.AlbumTitle;System.Music.Genre;System.Media.Duration;Icaros.AudioTracks;System.Rating;System.Media.Year;System.Size;System.Music.TrackNumber;System.Music.AlbumArtist;System.Title;System.Audio.ChannelCount;Icaros.BitDepth;System.Audio.EncodingBitrate;System.Audio.SampleRate;System.DateModified;System.OfflineAvailability;System.OfflineStatus;System.DateCreated;*System.SharedWith"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mkv	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cb7\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\ = "{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mk3d\PerceivedType = "video"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.webm\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\ = "{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.psd\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\ = "{c5aec3ec-e812-4677-a9a7-4fee1f9aa000}"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ogv\FullDetails = "prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.PropGroup.Video;System.Media.Duration;System.Video.FrameWidth;System.Video.FrameHeight;System.Video.TotalBitrate;System.Video.FrameRate;Icaros.VideoTracks;System.Media.CreatorApplication;System.PropGroup.Audio;Icaros.AudioTracks;System.Audio.ChannelCount;System.Audio.SampleRate;Icaros.SubtitleGroup;Icaros.SubtitleTracks;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.Size;System.DateCreated;System.DateModified;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.psd\ExtendedTileInfo = "prop:System.ItemType;System.DateModified;System.Image.Dimensions;*System.Image.BitDepth"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mpc\InfoTip = "prop:System.ItemType;System.Size;System.Music.Artist;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webma\FullDetails = "prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Comment;System.Rating;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;Icaros.AudioTracks;System.Audio.ChannelCount;Icaros.BitDepth;System.Audio.EncodingBitrate;System.Audio.SampleRate;System.PropGroup.Origin;System.Media.Publisher;System.Media.AuthorUrl;System.Copyright;System.Media.CreatorApplication;System.PropGroup.Content;System.Music.Composer;System.Music.Conductor;System.Music.Mood;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.DateCreated;System.DateModified;System.Size;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.ogv\ShellEx\{BB2E617C-0920-11D1-9A0B-00C04FC2D6C1}	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webp\PreviewDetails = "prop:System.DateModified;System.Image.Dimensions;System.Image.BitDepth;System.Size;System.OfflineAvailability;System.OfflineStatus;System.DateCreated;System.SharedWith"	IcarosConfig.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC}\ManualSafeSave = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.flac\InfoTip = "prop:System.ItemType;System.Size;System.Music.Artist;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dds\FullDetails = "prop:System.PropGroup.Image;System.Image.Dimensions;System.Image.HorizontalSize;System.Image.VerticalSize;System.Image.BitDepth;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.DateCreated;System.DateModified;System.Size;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avi\InfoTip = "prop:System.ItemType;System.Size;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.flac\InfoTip = "prop:System.ItemType;System.Size;System.Music.Artist;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.psd\ShellEx	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC}\InProcServer32	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.aiff\FullDetails = "prop:System.PropGroup.Description;System.Title;System.Media.SubTitle;System.Comment;System.Rating;System.PropGroup.Media;System.Music.Artist;System.Music.AlbumArtist;System.Music.AlbumTitle;System.Media.Year;System.Music.TrackNumber;System.Music.Genre;System.Media.Duration;System.PropGroup.Audio;Icaros.AudioTracks;System.Audio.ChannelCount;Icaros.BitDepth;System.Audio.EncodingBitrate;System.Audio.SampleRate;System.PropGroup.Origin;System.Media.Publisher;System.Media.AuthorUrl;System.Copyright;System.Media.CreatorApplication;System.PropGroup.Content;System.Music.Composer;System.Music.Conductor;System.Music.Mood;System.PropGroup.FileSystem;System.ItemNameDisplay;System.ItemType;System.ItemFolderPathDisplay;System.DateCreated;System.DateModified;System.Size;System.FileAttributes;System.OfflineAvailability;System.OfflineStatus;System.SharedWith;System.FileOwner;System.ComputerName"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.webm	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cbz	IcarosConfig.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.ogm	IcarosConfig.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.flv\InfoTip = "prop:System.ItemType;System.Size;System.Media.Duration;System.OfflineAvailability"	IcarosConfig.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ofs	IcarosConfig.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3476	Icaros_v3.3.2.tmp
3476	Icaros_v3.3.2.tmp
3084	IcarosConfig.exe
4208	IcarosConfig.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeDebugPrivilege	3084	IcarosConfig.exe
Token: SeTakeOwnershipPrivilege	3084	IcarosConfig.exe
Token: SeRestorePrivilege	3084	IcarosConfig.exe
Token: SeTakeOwnershipPrivilege	3752	regsvr32.exe
Token: SeRestorePrivilege	3752	regsvr32.exe
Token: SeTakeOwnershipPrivilege	3084	IcarosConfig.exe
Token: SeRestorePrivilege	3084	IcarosConfig.exe
Token: SeTakeOwnershipPrivilege	4040	regsvr32.exe
Token: SeRestorePrivilege	4040	regsvr32.exe
Token: SeTakeOwnershipPrivilege	3084	IcarosConfig.exe
Token: SeRestorePrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: 33	3084	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	3084	IcarosConfig.exe
Token: SeDebugPrivilege	4208	IcarosConfig.exe
Token: 33	4208	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	4208	IcarosConfig.exe
Token: 33	4208	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	4208	IcarosConfig.exe
Token: 33	4208	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	4208	IcarosConfig.exe
Token: 33	4208	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	4208	IcarosConfig.exe
Token: 33	4208	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	4208	IcarosConfig.exe
Token: 33	4208	IcarosConfig.exe
Token: SeIncBasePriorityPrivilege	4208	IcarosConfig.exe
Token: SeTakeOwnershipPrivilege	4208	IcarosConfig.exe
Token: SeRestorePrivilege	4208	IcarosConfig.exe
Token: SeTakeOwnershipPrivilege	1644	regsvr32.exe
Token: SeRestorePrivilege	1644	regsvr32.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3476	Icaros_v3.3.2.tmp
3084	IcarosConfig.exe
4208	IcarosConfig.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 3476	2220	Icaros_v3.3.2.exe	81
PID 2220 wrote to memory of 3476	2220	Icaros_v3.3.2.exe	81
PID 2220 wrote to memory of 3476	2220	Icaros_v3.3.2.exe	81
PID 3476 wrote to memory of 3084	3476	Icaros_v3.3.2.tmp	84
PID 3476 wrote to memory of 3084	3476	Icaros_v3.3.2.tmp	84
PID 3084 wrote to memory of 3752	3084	IcarosConfig.exe	87
PID 3084 wrote to memory of 3752	3084	IcarosConfig.exe	87
PID 3084 wrote to memory of 3752	3084	IcarosConfig.exe	87
PID 3084 wrote to memory of 4040	3084	IcarosConfig.exe	89
PID 3084 wrote to memory of 4040	3084	IcarosConfig.exe	89
PID 3084 wrote to memory of 4040	3084	IcarosConfig.exe	89
PID 3084 wrote to memory of 3440	3084	IcarosConfig.exe	92
PID 3084 wrote to memory of 3440	3084	IcarosConfig.exe	92
PID 3084 wrote to memory of 3440	3084	IcarosConfig.exe	92
PID 4208 wrote to memory of 1644	4208	IcarosConfig.exe	103
PID 4208 wrote to memory of 1644	4208	IcarosConfig.exe	103
PID 4208 wrote to memory of 1644	4208	IcarosConfig.exe	103

C:\Users\Admin\AppData\Local\Temp\Icaros_v3.3.2.exe
"C:\Users\Admin\AppData\Local\Temp\Icaros_v3.3.2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\is-6AEUS.tmp\Icaros_v3.3.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6AEUS.tmp\Icaros_v3.3.2.tmp" /SL5="$100048,11657425,1148928,C:\Users\Admin\AppData\Local\Temp\Icaros_v3.3.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3476
- - C:\Program Files\Icaros\IcarosConfig.exe
    "C:\Program Files\Icaros\IcarosConfig.exe" -andopen
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3084
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files\Icaros\32-bit\IcarosPropertyHandler.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:3752
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\SysWOW64\regsvr32.exe" /s /u "C:\Program Files\Icaros\32-bit\IcarosPropertyHandler.dll"
      4⤵
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:4040
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files\Icaros\32-bit\IcarosThumbnailProvider.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:3440

C:\Program Files\Icaros\IcarosConfig.exe
"C:\Program Files\Icaros\IcarosConfig.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files\Icaros\32-bit\IcarosPropertyHandler.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Icaros\32-bit\IcarosCache.dll

Filesize
298KB

MD5
6fd2e8e70ff2b1d847f7365445231f6f

SHA1
b3db8581661f52d83c224e8a8aa36df609bc04eb

SHA256
d2e7d41ac263d0505b1c5fb0b7dd14c8d6591a27ab7cc75e064769bbb829cdbc

SHA512
0f01de6cbfdb773e63e9d144fd9cb734309fdccf3e0fff0c78204dcc1a6ee7157fa1c71c200a42819a5e1f5b14cbb49edc6c59a6a876fe00922d967efbb453a6

Download Submit
C:\Program Files\Icaros\32-bit\IcarosPropertyHandler.dll

Filesize
738KB

MD5
49a47c49d2d180e0895ed8348a4e599a

SHA1
8f8ffae12b9c6b7e67505bff35e583973e2e171c

SHA256
2ea7e84d8879204fca783bb695deff13c077dd2dd225dc0810eca2b19023cc53

SHA512
86a746b01379e13b2f5c6008f5b4199d039e5ab5f9358733e87bf89baf743289dfba0f111d211aec3b930bf215ca7a928b1e8c16e38621cce2eafebf611cf594

Download Submit
C:\Program Files\Icaros\32-bit\IcarosThumbnailProvider.dll

Filesize
311KB

MD5
0cbee6b4e72eec7997c738bcba76a6c2

SHA1
31824e5f6ab2ea2ae00a3a06086f03e3a76594e0

SHA256
e8da8cecadc896cb3290c717bc1423ac4102a31ea0ffec01b42afe9e098fb421

SHA512
9e5677ebb573850b6ef0d851824f5a7e5db3d12d7c9bc9a170f1f456d22d51bc09d1edef7ed239c65d59da152733fd0da27a8ca4a958e6d767307e28fd2721d6

Download Submit
C:\Program Files\Icaros\32-bit\avcodec-ics-60.dll

Filesize
9.8MB

MD5
274056132037e78378119d5d9e976c2b

SHA1
0e8fd66504a6003f65d1954dcfc962cec422c132

SHA256
c96df69cfefcce6757cf20b7c2b4be1ee39a6092db1650c1f22f1dd3110011bf

SHA512
5521dc110de3fd8e4fca6e3101d362e521c1caa01005561be8b2a8277647b3c8fc30b90a9a33c2310fb60738c573349f7764ff95db8093cc3f428f0f682d21fe

Download Submit
C:\Program Files\Icaros\32-bit\avformat-ics-60.dll

Filesize
1.5MB

MD5
a3e300e49716be88abc64ac71f0f04cd

SHA1
4a7d07731caccf6c2577f6ba1be55c1d616dfe27

SHA256
92f76476f58c86a7f22841a01048ab6e4b4bc3a9b14a90d71c2b673dbeaa8ad3

SHA512
5b15a181c487729c83d7afbbdfab464f17378015ca85995b78e6c47f7023388b2245ffe25670975eb3919094b5dc539eec64426a44748e75fa536f7666fb59d3

Download Submit
C:\Program Files\Icaros\32-bit\avutil-ics-58.dll

Filesize
865KB

MD5
457fe0b84ad4a8a04e528bdce529d22a

SHA1
a4ca474906d0df46a1d16c650d6c6088eaa290da

SHA256
8ba430a64d33b96aeba046e439a874f28320a554ae68d9cd5af2edc1a5cff182

SHA512
52390d48f4ea8e78c5eaa018ed60aeae5cd2b78cf7fcfe22559058e3a56564eae8c77129f47bcdce7409fb3e2fbdb45db1cbbc106e868f23a9475a646f0ee21d

Download Submit
C:\Program Files\Icaros\32-bit\libunarr-ics.dll

Filesize
329KB

MD5
f305baaaffd9f69034c0563b7e192b1b

SHA1
8dbae575d29f1050371ef356621bb25bba10dfc2

SHA256
9baf0cb8ac693d8c269286d596e410bed0242aa0d8d5a9797bae7949526d76eb

SHA512
582264c743207b708a75c8e5f3d07362dbea41aef5fcaf28da897e383e3fcae47545657d53285d53bcaa5eaedbbe0e8e1bae1e86e83ea6016a4f15e741d78d40

Download Submit
C:\Program Files\Icaros\32-bit\swscale-ics-7.dll

Filesize
497KB

MD5
45965d5ffd01891ccf7a84866461c3e7

SHA1
0fc6ad0939972c2a77b359cc551d86d535933ff9

SHA256
957021ab7da63f80ff8fd4086bc38db43e2b01fa9423d672e0807fa4586045a7

SHA512
8f30817e5a7b24b78370dd5e84528e684eee8f0deb2ae05c42a378fc0d8b66b36c4f3402b9e16c3beda42314bf0b580e248ccc90afdec0eb03870cc9faadabb1

Download Submit
C:\Program Files\Icaros\64-bit\IcarosCache.dll

Filesize
368KB

MD5
a6dde6e328aa446b3d98d8687ffcacb5

SHA1
aa34feef9e83033cd1bcbcc53cba91bc01e22281

SHA256
7426f66a80dc9f5a55315fd93db6c1bb096005272b99e2759bbeb1a6ce860f13

SHA512
ef1ece69ba22e49dd5b74bbb5cbbb148c6b18737642d534b8664c98cbb58a08a45a6a7431257d6682e0d4126100e473ac0372f6bcfbd4a889c621edb9901368a

Download Submit
C:\Program Files\Icaros\64-bit\IcarosPropertyHandler.dll

Filesize
885KB

MD5
f557bb97bda5c359be1edf8b355ff5f8

SHA1
3f3a88dd92dc0619360df62a1d55279ea62c8355

SHA256
4810f483b41e444d971f8c2e652ba766febf7cd559223c81ad60dc62a3ad51e2

SHA512
9d68af5f3d3d7702dfa5e386adf4dfb3ab70d830094f9426183363b5bc5be4dff82ea3808ced8ab4e88360a8226ac9a6b5a789a99156272e08bea22e4d202454

Download Submit
C:\Program Files\Icaros\64-bit\IcarosThumbnailProvider.dll

Filesize
386KB

MD5
1d984ec246d39babf30b32b32747f56f

SHA1
bb1ecc95867a4dd25cfdaf06d3232b81d7b1d8cb

SHA256
a431b8e8a5138f66c782babfacaca4951eba09c3ab6e1c399089e485e9c9ed3a

SHA512
e7753b189f7ab4a2bc4ef69326c54ae38f4250166446b0501fc6772f6ed582bcbc13cc998dfb5b7af1cdd050440e344f9111a07ca3d4b5376f6dce1256bacb1e

Download Submit
C:\Program Files\Icaros\64-bit\avcodec-ics-60.dll

Filesize
10.8MB

MD5
f11e8cebf672d70bf308cab7a61bf6be

SHA1
7425d7b3b4b5bd224c9bcb562c60f1b2a61c0339

SHA256
c39cf55cbb3ea137a62e3713ce9ff09fe5ef65285337f1f9196b38ad34248a5b

SHA512
6677d9cc08129939319d7c90770a089e6ee829790c2bdc72adf5033bbf5d5297a8a00a90ed6c0a330b18b79e58309876998d8e6e2bbab2a95a22cef706eecd95

Download Submit
C:\Program Files\Icaros\64-bit\avformat-ics-60.dll

Filesize
1.3MB

MD5
a871b58a99a933a9322980ff704410d6

SHA1
ed117472979ef50b255955956cb481602ceebd0e

SHA256
776d889f997f257c41081911505d6344d17277c2c0f51a8b68da10c031d4c44b

SHA512
7a202e3dbe2d56a13663d79fe440a349d9d32ffb6bbfe3e36054d664e12e33cc557a02fdc7581b20a0d4b61750350911f4a960d22fdbd53ec6db2412c7a742a2

Download Submit
C:\Program Files\Icaros\64-bit\avutil-ics-58.dll

Filesize
976KB

MD5
a7373622fec1083a03a62419964c9b95

SHA1
4083313abc3c0b550f9d2025d55e37858243bbc4

SHA256
5b651beda71ceabad6ef79252455ae0024f2e48c3963115cc213984672f2ff45

SHA512
15ffffde7d6a7e974b13bab655c7e500c8fadc36f04dcc6c8f84585ceb5e39e0f1f2e08fa6e96cc9478df11ebd6e0c0057707a2880299f3645e30d037752dc54

Download Submit
C:\Program Files\Icaros\64-bit\libunarr-ics.dll

Filesize
380KB

MD5
fdc83ef9f9e8985f654f7900d25466f5

SHA1
7e86288fc779dad4710c639b68be78318bc66168

SHA256
a2d6805d3abcd73654f89ada0f3bd04193d8270832aecae2bfe5d3fde9ea5bba

SHA512
cae4cea646638fcf8b6a6b69c1ffab5a5ec04a5f8f20b843160b9258d0a3c0730050920bb8bd7fee91e1d8d67b2c79c4295edd8fe0c9eeb76b98d61dd98bf510

Download Submit
C:\Program Files\Icaros\64-bit\swscale-ics-7.dll

Filesize
601KB

MD5
694c1db1928d363733dafab180dda362

SHA1
422995f64ed27fbc0f95aa1a448be4b5b12525e2

SHA256
b1002b4ebff4991135e1236412d8ac97247a241ea20a81e869a48f60d5ec4b3d

SHA512
1a7a9117a366e96e760ec2c7398604875075f7ded4a4049310134042b2e7f70735ad4fe7a7e50d87d9769e42849722878fcd4bbe6add8ddc82c3a5990b1c19d6

Download Submit
C:\Program Files\Icaros\IcarosConfig.exe

Filesize
339KB

MD5
6cd0af176a4e1aa7446e742e3db62f60

SHA1
06f081540349d2863a7730cf83fb4d5a2fdc0b36

SHA256
e8076332aa96f7da4481f4e8b053f607fa96ebd79bbb91ecef062bc07b2733a9

SHA512
57232cfc62b05ca797228907ad706640007992da83ad1cf39b79f2a99ece521d73c0cf8803b73ca3029c1b63a5da192590f86d56cdd3ef67fc8a9ec4c5397654

Download Submit
C:\Program Files\Icaros\IcarosUICore.dll

Filesize
384KB

MD5
4cd0fb9658aa390f21f755a3e76b7c7f

SHA1
8fd56558b0e9a21342838d8d63facac3f3e8094c

SHA256
6751a3f0c94b199addd8a555f19bd11c2320d161a4fbf773276cd5d25dfb8617

SHA512
8d4d03f25f4908d5746afd288f286d9f23c189604e1438331de10d3242547ea78b64d180652a651fd5632d6ca6722aeeaa89c560c6ebf517aecf99375f50a3d3

Download Submit
C:\Program Files\Icaros\Resources\IcarosDescriptions.propdesc

Filesize
3KB

MD5
f75fdf4a6bb16856dd986955fc48045e

SHA1
75dede53e486a49cbbbeac9425a8ddbce66b8095

SHA256
3ee452eef41171c7b775abfc8225f11d487c40c272938f9e307ed505d8e29244

SHA512
beb154a312f8537c5c218832a9a73ab287c242a80ab3911b096dd27758b194324772cae1996e7bb75374ac6d25361e30d579ff4d96c5170c2aa7cbe91c2c2594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\IcarosConfig.exe.log

Filesize
2KB

MD5
a71cf0514c0d79409ed3642d62e5aecc

SHA1
57a0465810238a1c3404f8209b76449821766cbf

SHA256
2c123183718bcb94c4104dc9a8bbf01b184ec583168d713721de5c4c83a8586a

SHA512
269256acf21f2158d4a99f4893b79f0caf5f9ef156a065141ee02c9ad13b8f71ddac0d6acbe5766b2a7c4d79f83497f2c05d0fb7b7c7866e738a9b0a0e3e4a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6AEUS.tmp\Icaros_v3.3.2.tmp

Filesize
3.3MB

MD5
ea2ddff78bc9a16d4cf2c9d4684853d6

SHA1
c52e26f1c07e89d957b812be518c173b75444a9d

SHA256
7dd93f3f0604ddf9647c1a0395de84045e1c573fcd5594340bc8973f002c84bb

SHA512
795c949f62192e10a94389559572c1d33dbbb36c835629d3217ead0518a5ec05fd0120bccc0ff48f14dbce74aacbc87f649f2e7b6c568a2991fc616ca3aa1f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-B3MQA.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
memory/2220-0-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2220-123-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2220-12-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2220-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/3084-125-0x000001D5B25F0000-0x000001D5B2656000-memory.dmp

Filesize
408KB

Download
memory/3084-120-0x000001D596960000-0x000001D5969BA000-memory.dmp

Filesize
360KB

Download
memory/3084-150-0x00007FFA6D080000-0x00007FFA6D1DA000-memory.dmp

Filesize
1.4MB

Download
memory/3084-147-0x00007FFA680D0000-0x00007FFA691DD000-memory.dmp

Filesize
17.1MB

Download
memory/3084-149-0x00007FFA7B510000-0x00007FFA7B576000-memory.dmp

Filesize
408KB

Download
memory/3084-151-0x00007FFA67330000-0x00007FFA680C1000-memory.dmp

Filesize
13.6MB

Download
memory/3084-146-0x000001D5B2B20000-0x000001D5B2B2E000-memory.dmp

Filesize
56KB

Download
memory/3084-145-0x000001D5B2F10000-0x000001D5B2F48000-memory.dmp

Filesize
224KB

Download
memory/3084-144-0x000001D5B2B00000-0x000001D5B2B08000-memory.dmp

Filesize
32KB

Download
memory/3084-126-0x00007FFA74F20000-0x00007FFA759E1000-memory.dmp

Filesize
10.8MB

Download
memory/3084-201-0x00007FFA74F20000-0x00007FFA759E1000-memory.dmp

Filesize
10.8MB

Download
memory/3084-148-0x00007FFA6EAF0000-0x00007FFA6EB97000-memory.dmp

Filesize
668KB

Download
memory/3084-119-0x00007FFA74F23000-0x00007FFA74F25000-memory.dmp

Filesize
8KB

Download
memory/3084-184-0x00007FFA74F20000-0x00007FFA759E1000-memory.dmp

Filesize
10.8MB

Download
memory/3084-183-0x00007FFA74F23000-0x00007FFA74F25000-memory.dmp

Filesize
8KB

Download
memory/3476-13-0x0000000000400000-0x0000000000760000-memory.dmp

Filesize
3.4MB

Download
memory/3476-113-0x0000000000400000-0x0000000000760000-memory.dmp

Filesize
3.4MB

Download
memory/3476-122-0x0000000000400000-0x0000000000760000-memory.dmp

Filesize
3.4MB

Download
memory/3476-6-0x0000000000400000-0x0000000000760000-memory.dmp

Filesize
3.4MB

Download
memory/4208-213-0x00007FFA6AB90000-0x00007FFA6ACEA000-memory.dmp

Filesize
1.4MB

Download
memory/4208-216-0x00007FFA6AB20000-0x00007FFA6AB86000-memory.dmp

Filesize
408KB

Download
memory/4208-215-0x00007FFA6CA40000-0x00007FFA6CAE7000-memory.dmp

Filesize
668KB

Download
memory/4208-212-0x00007FFA68440000-0x00007FFA691D1000-memory.dmp

Filesize
13.6MB

Download
memory/4208-214-0x00007FFA67330000-0x00007FFA6843D000-memory.dmp

Filesize
17.1MB

Download