0dbc254fb42ccb7eab3122ec98798233d83327b2d19e2a45706cb79101a843e1

Analysis

max time kernel
73s
max time network
24s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Size

1.6MB
MD5

678507e1459f47a4d77aace80d42d52d
SHA1

80703904ffc940857ec8a10aca910b4eb26c6965
SHA256

0dbc254fb42ccb7eab3122ec98798233d83327b2d19e2a45706cb79101a843e1
SHA512

087d046dc4fb5e2bfb74bb16fa56e7d16c7f5aad19e4f14992dc167590f270d2d1b8da7e44172765999964a387488e0f64a813671e759d5a8bd958ed167fbe93
SSDEEP

49152:QN2OR9WF/G/ooooEYOKOhBVWKoJhymxwSe4v:i2FF/GYhBVWKoi3

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

icarus.exeicarus.exeicarus.exe2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe

Executes dropped EXE 7 IoCs

Processes:

icarus.exeicarus_ui.exeicarus.exeicarus.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

pid process

2152 icarus.exe
2836 icarus_ui.exe
2000 icarus.exe
1732 icarus.exe
1804 aswOfferTool.exe
1900 aswOfferTool.exe
1692 aswOfferTool.exe

pid	process
2152	icarus.exe
2836	icarus_ui.exe
2000	icarus.exe
1732	icarus.exe
1804	aswOfferTool.exe
1900	aswOfferTool.exe
1692	aswOfferTool.exe

Loads dropped DLL 13 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus.exeicarus.exeicarus.exeaswOfferTool.exeaswOfferTool.exe

pid	process
1848	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
1848	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
2152	icarus.exe
2152	icarus.exe
2152	icarus.exe
2152	icarus.exe
2152	icarus.exe
2152	icarus.exe
2152	icarus.exe
2000	icarus.exe
1732	icarus.exe
1900	aswOfferTool.exe
1692	aswOfferTool.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeaswOfferTool.exeaswOfferTool.exeaswOfferTool.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aswOfferTool.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

icarus.exeicarus_ui.exeicarus.exeicarus.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe

Modifies registry class 7 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAIollMOThjUWuVp9babpmtQQAAAACAAAAAAAQZgAAAAEAACAAAABlXi/QWJi6ghN6er00CA4Rye6GNQYruhVdvSv9l3aMOQAAAAAOgAAAAAIAACAAAADoBMHG+DGJsjiU/6MRPQHJRw1Ff8orGcIXqVkSIq+rbjAAAAD9uHJcWdCPBhlj3vXGxW9dAEWeEvZkxVVo2hLMsH9RYs7Bvm5D/b2UIcStgobrAo9AAAAAEyN8oQsnmv7J8aCJAgDNdezrLybfytFPb3kG+iE62u3UVw6F3r9T8z+hrcSo0oK9PJL4QTdqR2Lw1+PiUkSfzw=="	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "b8c85dcf-7ff1-47b7-81ac-7c9e0f5fcadd"	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "b8c85dcf-7ff1-47b7-81ac-7c9e0f5fcadd"	icarus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367"	icarus.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

icarus_ui.exe

pid process

2836 icarus_ui.exe

pid	process
2836	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

icarus.exeicarus_ui.exeicarus.exeicarus.exeaswOfferTool.exe

description	pid	process
Token: SeDebugPrivilege	2152	icarus.exe
Token: SeDebugPrivilege	2836	icarus_ui.exe
Token: SeRestorePrivilege	2000	icarus.exe
Token: SeTakeOwnershipPrivilege	2000	icarus.exe
Token: SeDebugPrivilege	1732	icarus.exe
Token: SeRestorePrivilege	2000	icarus.exe
Token: SeTakeOwnershipPrivilege	2000	icarus.exe
Token: SeRestorePrivilege	2000	icarus.exe
Token: SeTakeOwnershipPrivilege	2000	icarus.exe
Token: SeRestorePrivilege	2000	icarus.exe
Token: SeTakeOwnershipPrivilege	2000	icarus.exe
Token: SeDebugPrivilege	2000	icarus.exe
Token: SeDebugPrivilege	1804	aswOfferTool.exe
Token: SeImpersonatePrivilege	1804	aswOfferTool.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus_ui.exe

pid process

1848 2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
2836 icarus_ui.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

icarus_ui.exe

pid process

2836 icarus_ui.exe
2836 icarus_ui.exe
2836 icarus_ui.exe

pid	process
2836	icarus_ui.exe
2836	icarus_ui.exe
2836	icarus_ui.exe

Suspicious use of WriteProcessMemory 27 IoCs

Processes:

2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exeicarus.exeicarus.exe

description	pid	process	target process
PID 1848 wrote to memory of 2152	1848	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe	icarus.exe
PID 1848 wrote to memory of 2152	1848	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe	icarus.exe
PID 1848 wrote to memory of 2152	1848	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe	icarus.exe
PID 1848 wrote to memory of 2152	1848	2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe	icarus.exe
PID 2152 wrote to memory of 2836	2152	icarus.exe	icarus_ui.exe
PID 2152 wrote to memory of 2836	2152	icarus.exe	icarus_ui.exe
PID 2152 wrote to memory of 2836	2152	icarus.exe	icarus_ui.exe
PID 2152 wrote to memory of 2000	2152	icarus.exe	icarus.exe
PID 2152 wrote to memory of 2000	2152	icarus.exe	icarus.exe
PID 2152 wrote to memory of 2000	2152	icarus.exe	icarus.exe
PID 2152 wrote to memory of 1732	2152	icarus.exe	icarus.exe
PID 2152 wrote to memory of 1732	2152	icarus.exe	icarus.exe
PID 2152 wrote to memory of 1732	2152	icarus.exe	icarus.exe
PID 1732 wrote to memory of 1804	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1804	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1804	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1804	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1804	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1804	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1804	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1692	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1692	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1692	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1692	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1692	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1692	1732	icarus.exe	aswOfferTool.exe
PID 1732 wrote to memory of 1692	1732	icarus.exe	aswOfferTool.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-27_678507e1459f47a4d77aace80d42d52d_magniber.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1848

C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\icarus.exe
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\icarus-info.xml /install /sssid:1848
2⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2152

C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\icarus_ui.exe
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\icarus_ui.exe /sssid:1848 /er_master:master_ep_56d37841-7c62-42a2-86dc-0caf62ba3715 /er_ui:ui_ep_cf2dce80-9fe1-4219-9125-23a000c14224
3⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av-vps\icarus.exe
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av-vps\icarus.exe /sssid:1848 /er_master:master_ep_56d37841-7c62-42a2-86dc-0caf62ba3715 /er_ui:ui_ep_cf2dce80-9fe1-4219-9125-23a000c14224 /er_slave:avg-av-vps_slave_ep_72fc92c9-2ad1-4aad-8db0-de3c1cbe0b8a /slave:avg-av-vps
3⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2000

C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\icarus.exe
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\icarus.exe /sssid:1848 /er_master:master_ep_56d37841-7c62-42a2-86dc-0caf62ba3715 /er_ui:ui_ep_cf2dce80-9fe1-4219-9125-23a000c14224 /er_slave:avg-av_slave_ep_7974103b-f86c-48c1-b3ef-dd805104adee /slave:avg-av
3⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1732

C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\aswOfferTool.exe
"C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFA
4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1804

C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFA
5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1900

C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\aswOfferTool.exe
"C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\aswOfferTool.exe" -checkChrome -elevated
4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
55KB

MD5
dc0fe9f2d071886aedf43b5985668b88

SHA1
3168166ddfd1f38de6ee4a1f322d7c446585bb0e

SHA256
a2455abfffb02e6443cb04bdbb189d34bf7b47b6ac7362aefe568f0b53061234

SHA512
1d04bb1a01230e97381c5d7b280aade5d6751a9f60721f5c2f9c2f9753498c8815d2cb55adc4c351eb66775a13d1214f277da6b6c62e1b55f1b7beed20f538ab

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
59KB

MD5
f68d19a33ad619ade8f278bc4daaaa56

SHA1
12769034ac424bf5600930beadc0574194ea19b6

SHA256
9f1e2b61abf4c6191bab4e91369e0df52c52a164073dfecf5e3ba2cc60319ad2

SHA512
948d31cd1c4ebcca93337e1e43fe76077e95935f28d88f4dc096fd23f5208d8fadd64fd66af3b127e8182cf7d6eb25c08d5c8cf91008bf04ccf14a06bc9a3922

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
70KB

MD5
dce40c8f347b82d269134403639e2707

SHA1
f185274cc22505845761f64d08c3492d9230511d

SHA256
82ea77f1600f8a15bdf40fc819c0c7a2d2399066f6c67160952cdace365cdab4

SHA512
8755d0653ff91d82a9df2905c6ebd6f57d32b56c3c9a5737f7f773808d6b1fa199b0035fc41752b342264644aadecf89efe0baa88a17b8528f87f145b5b01ac7

Download Submit
C:\ProgramData\AVG\Icarus\Logs\report.log

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
13KB

MD5
212188a165e9cbb8dd8507b9bc6fe02a

SHA1
2a195fbe905f75ffb92838d94a55c6c782b934e4

SHA256
915c03792585368f1f152a5a3efe5c9f9aafd9c7a61fcfae3304a88d7bc0aad6

SHA512
8f921ae94d3eafef29b0b681f812b4639f33ffaa30716128a32eb1893d8d31fe59219931ddd2429b565cca35025238f5fe3c375e30acf472fce486d90fc0aec8

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
17KB

MD5
1bfa27fcbc1924dc96e5fbdfd46bbf3f

SHA1
e265972b4eadbc5729c3525e94380cbf94baadc7

SHA256
dfb595f346a52f5ada69bf2af6ec1c8200d10498075714a597313535dcec7037

SHA512
a9f91a0e0270886fccb4c21f4d183effa0e8545555d9997fb0ed1ec3caf6bedf8aa15df0cfb33aef3f3ce6b46ca5fa9f9a7b370ae65631783595f9711d8c5307

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
214B

MD5
d6de6577f75a4499fe64be2006979ae5

SHA1
0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69

SHA256
87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9

SHA512
cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

Filesize
64B

MD5
168f03c5c241049561d93853fa2304dc

SHA1
ee086aa5bc60436a75015003cb2dd27ae57620ff

SHA256
374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e

SHA512
169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179

Download Submit
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

Filesize
72B

MD5
9098b4182f103e0f820f6330c7a0c346

SHA1
a24a16d77d0a5c33e65fd292cb06401fed72d95a

SHA256
3b38f09989ac3194368ec25c10b6d43bcc2e8bc01ea606a1d36b90647fdd15a4

SHA512
78ea7fc3be4caca8e486976dc96b4870af2628dbf4e4047c29605a348ed65f2c3d6245dfb639de157db02b027f6bc14700dd659a4ff3114d87807a6ccdc45161

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av-vps\config.def

Filesize
583B

MD5
88b8bbca6adfb658e9f64786290b1508

SHA1
a7e19f0be671882e7c0de8d546482d20045139de

SHA256
a98977649c4c1e25f732e3023515cac1cf5d54df88d58c170dde6f895bc695fc

SHA512
b7329cac2951e04645771d207dc0c095fe81dfa17bd3df185f4da1e1cc4f726750a48921fd97345b6777638e212624d4f0d3824d39f363d9421bbbffd44f3968

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av-vps\product-def.xml

Filesize
58KB

MD5
54bf9f03ce1f9d59b7a2824dda1c1dd7

SHA1
0202395296f71303be0c47f7cc0af68d78d49f3c

SHA256
48811b526bf1c87df01bb9d06dbdc17eae026796b9257ca0fda8499a3cc7e9e6

SHA512
ab7849aa839ea5c4948e722b6d795f33184bcd5b9665f527fcc6218072ca6186d82bf322e769e541460db48eb75b92ee8b3c0d16d9705165440020200b76fabf

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av-vps\product-info.xml

Filesize
5KB

MD5
a62e3b91316e822c1ec827d5a898b331

SHA1
22873b77a7e51228b64304358aaa41b0fcce7ce4

SHA256
ef98b737e1a1fcc5a4f9930d9d2e259d2a1192d124b6c42b8e7d3269c22eb042

SHA512
fabe3e0f28852dbabb4b570876e17a6285c11fecd8d847e3021b63257ae2a524924bbc43855ac2aaf932bbb7bac8a00b7489c2a15ed3b5b14729581a25a5069e

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\aswOfferTool.exe

Filesize
853KB

MD5
025486deaeb817b0363908a5f6097dbd

SHA1
a545bdc551721a8e0ef3f4af1326e80501a7c09e

SHA256
7f160475c10e561c7ba6f7555162f1a5da75de7c7ad034a12589c77dc1ceb7ca

SHA512
a29990332bc75deb41155785877cec41c10ffccc645fc8ba1b65065e11e12e09aa9677cc1a475c7784cc9ced08434845b22d5c6d6e9aadfeed3106d8857819a2

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\config.def

Filesize
708B

MD5
83ea15ef58c121d96442c48ff16d4918

SHA1
c199b60c481ead29f527df587e8bc908a0345bba

SHA256
e46c0b2dd29ae8cf835ac017e1b9aefe82c4ed7eab8205982a6fa756df756909

SHA512
626cb8c748862e23e1be82f08869df695fccc23a0fd80e580b4208c951d156e41e5f7d1d3bdf3de8b3567235dae843e6d3018a37763533f4d07137d774aa9538

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\edition.edat

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av\icarus_product.dll

Filesize
5.8MB

MD5
ade83ea72d2c4d9d9d61e4fe6949869d

SHA1
8ea98c14f60aa40086d72750ed3769d746c4b09b

SHA256
3f041aad8fdd164c1686e54fd3b523680615decf3d12ecc7a7450ae8bdb6dd31

SHA512
8c567adaa9acd879f9eb9e2779ace7e858cc93f4159af11e97c0910878ed942404fcc25f8d778f573487618bed0e9cc71b7ee44467c1f8e266fd3a4394eaa4e0

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\bug_report.exe

Filesize
4.4MB

MD5
1428f3bc5f2314fb369b0e6e3f5f3b7f

SHA1
90a9698f2a9a775aea313ac1873ce195ca05d841

SHA256
fe82e1863e32efa9ce0cad5092361b2459d2abc1efd42dcfd8b5e490ba1b7f5d

SHA512
c088d788bf873540cd97cd0a977252c7bd998215c751375170c9ae61ded884122b251aeb2a345ae75ccb1d6a34ca16c2aaa78681f3eabacfd3f618cf09e6a79f

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\dump_process.exe

Filesize
1016KB

MD5
6e7bb1fceedb5d791cf859d570512d96

SHA1
a0cfadfaa65b325f3b0d51eb6de8e0ccbfe6c5f5

SHA256
4516f4a23a22779e37d9ccaad228215adb13c2bc922eef9b077802e32533a3ee

SHA512
0591830b1473e62ae54b1ef02f7f6b380b274874b94ff85e1bb54acd785e61a4a60ac090d7a5f0eac8d7b28e35589cf8d2daf871b7b2029662b1ce8b9324f7e9

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\icarus_ui.exe

Filesize
10.2MB

MD5
49828e233490ece34ea700f016496e33

SHA1
79560552a8c92ccacb4f490e1c7ea7cc319e7b71

SHA256
2f3f037957dbff847bedd2085e64ae8481013211cf74462cd172ed6ef2970115

SHA512
254e171242b6498c48a9afa7c4b4ebc6d5284690cdc3ef0428149cb52210c09f245235f3fd32dce1629bd695faa584006a831b2b015904b7e4d6ce2544c82db7

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\product-def.xml

Filesize
1.2MB

MD5
d12d574a30825a78e5af02aae23ad438

SHA1
d6827abba856c4ac09aec3ae729445c970549b1d

SHA256
2a75879e92d89eecd3442104ccd102a66ba1bd4a0a2c406fadb2b3d8bb28bc37

SHA512
63ea1d0d72a732bb5000f113f78bc367c104a5c9d75d9fdf9a81d5d1b0ab14779a56865b93120a6518a97d01240ab7ad8b98a287d63e3a5a918fbae5b83d7690

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\product-info.xml

Filesize
9KB

MD5
718658fac45e9855fdd5ccedcbed3444

SHA1
11d186bbecd7f84539b69acfc4109fa39561e71b

SHA256
89ad94040535357a7e9201af1713c7a7f7fcf49450cc617b34562d4954757f71

SHA512
626df9cabe11d9dd62f57afc14adea02f4f6db59e62934a7c39b65edce5a69302db7fb3e3be10db4b3ce0e32c6938cff10cbc534ec335b21bf3c253d884d882c

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\setupui.cont

Filesize
249KB

MD5
beacd2167c928744353049c4f03dc253

SHA1
a556334fdf2ea40c313b931477c61fb788b5032c

SHA256
4255fa31503b0fc52d21242a04fdd2edfd35959bc5bbded781e2175bb43a3077

SHA512
a73bc0386a6c205ff5683b9350dfb05d0c9c9ed8ba65ca32b0a5f776eff57bbab784f46a210dfe6223af09cbea79d75e9dc1f6c2055ef7c679c912d821dda4c5

Download Submit
C:\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\icarus-info.xml

Filesize
1KB

MD5
be55f8ea1c00ba2ecc5863d50c7fc297

SHA1
75f471192467465b92dde125fc00a777c3cb979d

SHA256
778e3b75407b1020ef5af664e747de34cb4f9aed7e587663a2dec202e22acffb

SHA512
b622cac6f10b72d6d644c4554511fbd811e795d0308d771c7857c332b91c4a335712a60700a3feddc5dcbf42a56fe1eaf8ed89ab76eda1a4071f7cf452b7f1a5

Download Submit
\Users\Public\Documents\gcapi_17220536391900.dll

Filesize
348KB

MD5
2973af8515effd0a3bfc7a43b03b3fcc

SHA1
4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

SHA256
d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

SHA512
b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

Download Submit
\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av-vps\icarus.exe

Filesize
7.7MB

MD5
0cd5718f7f5f8529fe4ff773def52dac

SHA1
9ba08a6246011359f5493856ad5fc0355e0de4f5

SHA256
d52114b057504439df11368add0a66b037622f24e710731b1366efe271c9df78

SHA512
a2218dcd6f0a0e676c23106bd717b5eb22614b3900bee5d47ea80e1acc4b87859e6f6dfb63c0d3cdf3ec4f37c12407ef56c2c7964ae141b393c7e94368ca820a

Download Submit
\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\avg-av-vps\icarus_product.dll

Filesize
856KB

MD5
d428d101ceb8f6920115c6303577d3cd

SHA1
9f5ce80423540f1eab82e7af5c51f5a64cfdae1c

SHA256
5eb025c377218709a8a53743f910e4d2aa86fa28e1cd9e60b5db6270d5af3faf

SHA512
9b0cceea15ad2aefad7439de00b3f4cd5a822b060c0c45a47fda56764084e4bfc7954b1dc88b80bba04828dda09066edb4f888480d8cffa9d78408d8aa0e0503

Download Submit
\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\icarus.exe

Filesize
6.5MB

MD5
2815717ac55ef78242c3a644fe97f167

SHA1
d48bc2449bb4bb01818895769d11c52e3d7d9335

SHA256
d19ffff2b1904be6f7457f922f93226628a06df7434b305ad7de7e619c646a55

SHA512
d7917b5907f39ac64d55ab2456be31c0d8c536f0af15f23b3eb13ee5d1052a37b8da7aeed68348e2082e0cf36ccb6951c186fc4be3d9c4c36d310477d795d0b2

Download Submit
\Windows\Temp\asw-d6536da4-1a46-4688-b448-9dd62c882f01\common\icarus_mod.dll

Filesize
14KB

MD5
934c0e7759e708657c2f77eb75902ae0

SHA1
43a6abed472ca7d8d002e045031f900c4a67f9c7

SHA256
b9ca3d2e44af8cf61696ab10dd5bbd16ada02a32207e4ca454a4b9de6e472f2b

SHA512
2c34f98a5020496d1ba7529c5a1a36d6f0938edddb02d75a189e83be02de22bbb563a586bf8c3e090b510c0f24e586447ab237bfff09b166f49acca052d71e07

Download Submit
memory/2836-170-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

Filesize
64KB

Download