Analysis Overview
SHA256
6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2
Threat Level: Shows suspicious behavior
The file 6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Executes dropped EXE
System Location Discovery: System Language Discovery
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 23:37
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 23:37
Reported
2024-11-10 23:40
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
148s
Command Line
Signatures
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avast Software\Avast | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA718CvQxznESUHC+dzeYPpwQAAAACAAAAAAAQZgAAAAEAACAAAAA7kh7s2ZbbXNVUwbHtYLr6PrzbY2vS7evkhDRZsqZbaAAAAAAOgAAAAAIAACAAAAB+4HI0G2HINfY5LtDMukNg5v/RXas/48rdBr6Y9hq09TAAAAD3S211YJTn4AKidtmjuiUZ/lPAJKtVoeVKI0aiTrVln8POD0Db/0R0GYY+hjrYJ3xAAAAA9VKF7SJanYSlK6/XJT9UVEAGMkUM/82QUVIdMpObgXz1hATcKYVxcXHD2ASE5rmBPrQx6WA0DLjyFwibPD0T0Q==" | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "6b545c89-9771-416a-b7ee-96cd7d659aa9" | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "6b545c89-9771-416a-b7ee-96cd7d659aa9" | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "6b545c89-9771-416a-b7ee-96cd7d659aa9" | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe
"C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe"
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\icarus-info.xml /install /sssid:1908
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe /sssid:1908 /er_master:master_ep_1150c9a0-16b4-4e0c-a840-0097592589c3 /er_ui:ui_ep_bf6b46af-a490-44d2-b4fd-1a63d82ff02a
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus.exe /sssid:1908 /er_master:master_ep_1150c9a0-16b4-4e0c-a840-0097592589c3 /er_ui:ui_ep_bf6b46af-a490-44d2-b4fd-1a63d82ff02a /er_slave:norton-tu_slave_ep_125f6c76-85d7-448d-8e1e-baeb03e0fd50 /slave:norton-tu
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| GB | 2.23.221.82:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.221.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.127.223.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| GB | 2.23.221.82:443 | honzik.avcdn.net | tcp |
| GB | 2.23.221.82:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | 28.176.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus.exe
| MD5 | 11b2f7dbc3da98d3d3ad8d6435e1c950 |
| SHA1 | d538607c16fbf52adba259e5828801bded454859 |
| SHA256 | 98ae83e57d5d44e8966683e67caf5e1ffa9245554e5ed2f006703c708ee0ab75 |
| SHA512 | a01361d3f200b6733477c25f6821405068e49599c6312ac7e60baebf75f4329ad292157d050cb2778e17637e1225a62fd0014092bd8b227567be24787b2323bf |
C:\ProgramData\Norton\Icarus\Logs\sfx.log
| MD5 | dd10a0f05e994f8c573104a13146fa9b |
| SHA1 | 350ba56eb151d9adf6b137f712bb05530f734631 |
| SHA256 | 1cbeda8f5157f5b1f1022b95b6f3255a640f8fcf4543f3cd6c2378a534bcd453 |
| SHA512 | 0c3338f0a079067a10c7825bfa04bde8d66b3d1daf690af9d3adfb1933567075e8a621cbf4e02b221c93d1af33ed3884a67b350e2091345ddc0b0586ab3024ca |
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
| MD5 | 0f8a20c13d13bdb0dda00b0d88787b41 |
| SHA1 | c02696f7cf3b78775a43da14da9c5c022bae1768 |
| SHA256 | affcb8f2a9437a8dfe43589ac39777eceab914566b62ced2bccc0fdf4065d31b |
| SHA512 | 7e2fce4fbe0c47094f3e3202e22f3dafc9f6c00fd891a98ece7ebb7956748d522df5087a97f7863b34179abf20990b8ced66f3bb42c1c7e8b7eea13e3cb82b1b |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 1cc2f619c83ffd3a894a36a006a5ccd3 |
| SHA1 | 3e9d70266752afb0b8fdd3d771876f1e0d8c9728 |
| SHA256 | 73d0a65b3e59fe7ffbfb5f4387a4a3bb1af69ad48f4556399a76f775b18db169 |
| SHA512 | 3eda9029f2ec8f130912857d11ec2842444482bef007c99bffa623cc6a0a2cc5c1a0bed2eb42c4fdfea394f044f69c09daf48ee7fe73eeb3e893556300a2f8c5 |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | cf7d2ba867042501d22fe4651ec2084b |
| SHA1 | ee2b6143daeb6693a034f46fa69cafeb798a7449 |
| SHA256 | 50e2919ba15af354d757bdd8ae19eb931e4fb9ad8c0a05b6acab7a97898935a6 |
| SHA512 | 4f8807fa9c3fb81b6a3b53396a0bc18aa7cb68f1a61b804c3b848f433baaed380baccdbfc50442dab5a225031ba8ad1e9c9024823ba3306f92334ee79d7ffe53 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\policy.def
| MD5 | 26eba6f4d836c33e1f35c8d4610195ae |
| SHA1 | aa1b56f813a2c2e386de30dce7a69cfa2c0af146 |
| SHA256 | c8587ec8666b3ce33682002dc19b5c265741a3933ca07c189f0801d0a36768ca |
| SHA512 | 7fdfd930585a81706286d98f23a30d61fedb2b7033799522ca78b03ea25231c0dd38cf8147184311718c2905a13ad41a1d8c56139b4d533149e92e228f135297 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\icarus-info.xml
| MD5 | c38dfa0e3c3982a9b193cf8f69a7f34b |
| SHA1 | 630ebbfea3ca957a904d5eefb6da30a984aaeb45 |
| SHA256 | fa02039b58b710c4d58ecd275b94a07109f924a03e6a74812338a3d3a8ef9289 |
| SHA512 | 7b7beef51f125c60efc076a53104793c12c34a13ae0c316c7efcdedbed61b6a73bc2809cdfd076082212c4d6c6de9f9417e6c078376fd371806c7b83de4f9986 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\icarus_ui.exe
| MD5 | a21a0fe807bc141d015b8bb5f9e90603 |
| SHA1 | 5918070a64d7afbd4ec85ebf5b883fc914cb208b |
| SHA256 | c8163fe6b573f4890f7412e1480fe8fc9aa19da416916d22a0d13d2ceabde5d2 |
| SHA512 | f5a561a1e1ff88ce649c664bc3d9c8f0949e5ffbabeeebd8f95e631c2f3623cba566e8770a6516d9fd5d4aff60d2affba6581068b2bf4ec8be7919b15234bc27 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\product-info.xml
| MD5 | 16e5fe23b68d797c3ddd94c8620b4280 |
| SHA1 | aca1aa0b1ca802bbe08c499722f26d81e7f20240 |
| SHA256 | 9562bffe6edd081aa6def7aa826be05f0249fb9390a1270d6f430f99da610d24 |
| SHA512 | 5d7a90ed9b6cbb75db1b32a931ec0049c4d6c15f1bffe35208f127ffffc32b950bd9b01e4436f9482a6045d51af8c2feb6ef772f7978ae9dfce18de89a1f5713 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\skup.edat
| MD5 | 8171e534a3212857afafb9b1efb932d4 |
| SHA1 | 0b39ea6ff598e7aa901b8ef9533799e2f591e312 |
| SHA256 | d935884a506338429059daf494ced1e8fef9d61fe041dfec54293a5fb33c9f2e |
| SHA512 | 3959be6bb45cbeaaf3ba72ccd1d164a8375df7f9ab9a75de11f9a6911e6afda9fb99e2f71b503c049ad45b350e4a249665871666e13dd69f4247452126f411c3 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\gpud.edat
| MD5 | 6651526b6fb8f29a00507de6a49ce30f |
| SHA1 | 3abb2c704de83074078dd74b39578f40b133434d |
| SHA256 | 5008a184a9ed025b6380c79a07a851600d0f6245c98c404795b53de8e31e3f44 |
| SHA512 | a9c1a713c68aa0b0196926085c959fbe7fb8ee62edb36ab692bc8bcc7028b1b487f40c5f0ed256914b6739208168e490b9a473349faff32e476c4d4c366d2b36 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\gpid.edat
| MD5 | a9b7ba70783b617e9998dc4dd82eb3c5 |
| SHA1 | e3cbba8883fe746c6e35783c9404b4bc0c7ee9eb |
| SHA256 | 40510175845988f13f6162ed8526f0b09f73384467fa855e1e79b44a56562a58 |
| SHA512 | 1227de669e122a546edf39f0ded50cd2b6332793dc55d835b21be05bd529511655877292748c25f8fc2b5f1d5c987d9aaed2fc92c7e59a448e51cdf1dc5351a3 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\common\bug_report.exe
| MD5 | 87a16c9c128e71768f21a4d27da0dbae |
| SHA1 | 4f8bc7d1fb172584c75a5c71f2291ea7c0f7a0a6 |
| SHA256 | 0bdd629f4a69f04f701d4841e8d761f18c50fa18a3071e152aadb0cbf7699977 |
| SHA512 | df59a6caaaacde949d764cb4287dcd44747b26bc6bc25b39927584a6a5099b980907ce4c600e97a2ceec1bc33ff34e2a4205fc0f5f4050b35e3fc6fbbe2b5bdb |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\dump_process.exe
| MD5 | 0d6d4d713d4a0681494a06b3faf8af87 |
| SHA1 | c21cfebf398857376d497a25a9684ab653239fb7 |
| SHA256 | 2eb0c3dfef9d4febe1c92af7631d8b802e29be9c85f1affa3a5b40835ec09694 |
| SHA512 | ac74ec9e686ac652960423c1226b6b319f83fa0b46741d669279ea9261337305d85d5b2b904ff3d695660e750bdbf1190186bc1182aa33372f0324ba37c52dcd |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\setupui.cont
| MD5 | c1d9d4fa89293562dd516ec949293b40 |
| SHA1 | fa0bfccbeec9e1e4c6e38df8bc5a08f183526ac8 |
| SHA256 | a6486173fc442ba2059bcdf19c9a513d97d1a464ab323bf7252108ae169ad124 |
| SHA512 | 814e709311ebc27aa0e5cdcd369293688ad79aa6629b126315efdc11fc0ab789f71936dbd7246d1c1c8658ca984b9fc33983587d21f6710f7a47ce7d54f4f3c2 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\product-def.xml
| MD5 | 837cd922e13eed349f2f14594d54582f |
| SHA1 | 4a00a8bd074cc9d481e74ef6bfc87b1bfa38e4bf |
| SHA256 | 4ccf556656d33cb4d9bc789ffdf1e6f7f3a99bdbd0035d79b28e443110756dd7 |
| SHA512 | 4d755b8d01c016ee7192f756b83357d554d0579ea4e5b1c19960132d1ed3c258c226314cc41b49b4385b967befd17df0cf9ed4911a5f9cc24332353116492ff4 |
C:\ProgramData\Norton\Icarus\Logs\sui.log
| MD5 | 7676298149db11980cf9be9082f82d3b |
| SHA1 | 8b1d546311a554bcd4d57950dd67381354549e96 |
| SHA256 | 1301aa0849b47a42e3a413ccbf0c4c84cd9643a5ee51a31f5af40cc4fcd088fa |
| SHA512 | ee839d35669cac2156b0cd3ef4d4318f7b58b4c863146a0a8b6172859ed1514f2213ad12c30e4fa5a715481817159e807b1ee53da29aa6e49424ec51b092cae9 |
C:\ProgramData\Norton\Icarus\Logs\report.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\Norton\Icarus\Logs\icarus.log
| MD5 | c6046f80c8124142332f78884853e2ae |
| SHA1 | 1918cc2cabe9a7f65363427087c2ec5f4852c4dd |
| SHA256 | f142c0da3145297a394a86ed2f0f1777106673667f2cde727ca0d62e3216bc10 |
| SHA512 | 5cd04a3189dbb6a73fc74dda32ed87f10e50e92b5e37cd26d705b714999114db4d2685210e20494697f87cbd40c6f7ac53efd5cb2ab804bee94db8b207fb4215 |
C:\ProgramData\Norton\Icarus\settings\proxy.ini
| MD5 | b8853a8e6228549b5d3ad97752d173d4 |
| SHA1 | cd471a5d57e0946c19a694a6be8a3959cef30341 |
| SHA256 | 8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9 |
| SHA512 | cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787 |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\config.def
| MD5 | 480e976228c7fa81a2047292c8350b2e |
| SHA1 | 73bddc38e6eeae67b92f491ee66f9a5ab91d066b |
| SHA256 | feb70768ec2658cbca8214a27ef5d5f502ae7a55e51e4484b969e9fb859b095a |
| SHA512 | 34ad279c0ab217a0ace6488e839e878d3970ea4611f5bb8fb865a5ffa6ad31c698b8fc439e1eb8b4de1d4844d6b8dfb283a6f1f5550ae8475b6248e6cd9fb86a |
C:\Windows\Temp\asw-a2d499a8-6774-41d3-81a5-54c4b065a12f\norton-tu\icarus_product.dll
| MD5 | 425d9c4579dfec13f34228eb9980cfc3 |
| SHA1 | 34aa8c38e71d9578be6db5629237f7de187e89e6 |
| SHA256 | d8d4f5e293f164f727f3c1c0de1131f34201b3099410a819eb750cc300ce5dc3 |
| SHA512 | d12a368e223506e3dc19d0cfc58f93a76ada6ac8a02c83ab36ff6161a4a0d9d5db2991bd98487c448c2f99a48c93469032462152754060c42a151896ca63baf8 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 23:37
Reported
2024-11-10 23:40
Platform
win7-20241010-en
Max time kernel
20s
Max time network
25s
Command Line
Signatures
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avast Software\Avast | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
Loads dropped DLL
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "b8439b0c-a87b-460d-a0cb-9c146448e882" | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "b8439b0c-a87b-460d-a0cb-9c146448e882" | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4" | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAj3HBL64GRUKWJvM/EeqamwQAAAACAAAAAAAQZgAAAAEAACAAAADUGKeeEAnktumYvkdqkPJ67bopa+KOvEI9o28KBvgpSwAAAAAOgAAAAAIAACAAAAASsRRSUKcnm45mMDmPvOJNsuprxlTxOLMoF+vKM/rOVTAAAAAWN3jswc2cs1ST+xKVW0+qd24KtwLVqVWCpq8Lnw/6+p0hAF9Xjp3yMOdHa09s801AAAAA81R+Za9RoC9qUx3aJ0ngoKhD+dkiSQIN2vZUnbyXCyHn8IUH/GGuV8D6IpBLEJ0Z4NSIIGkIk1ngjG/AJnhbLQ==" | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "b8439b0c-a87b-460d-a0cb-9c146448e882" | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe
"C:\Users\Admin\AppData\Local\Temp\6d93d6a5b0c66d7d1aed0812069a56a2c06f750c63bdcf637a9b0d3fcabaf0e2.exe"
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\icarus-info.xml /install /sssid:2116
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe /sssid:2116 /er_master:master_ep_44ae9d3a-1b97-4f91-b2c5-f5c9ac16cc00 /er_ui:ui_ep_e2f62b7e-4730-4f55-b5f5-271c0658ec15
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus.exe /sssid:2116 /er_master:master_ep_44ae9d3a-1b97-4f91-b2c5-f5c9ac16cc00 /er_ui:ui_ep_e2f62b7e-4730-4f55-b5f5-271c0658ec15 /er_slave:norton-tu_slave_ep_e132d0eb-baa4-46f3-bdc7-52551e530b6f /slave:norton-tu
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| GB | 2.23.221.82:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| GB | 2.23.221.82:443 | honzik.avcdn.net | tcp |
| GB | 2.23.221.82:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | branding.norton.com | udp |
| GB | 23.223.127.228:443 | branding.norton.com | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
Files
\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus.exe
| MD5 | 11b2f7dbc3da98d3d3ad8d6435e1c950 |
| SHA1 | d538607c16fbf52adba259e5828801bded454859 |
| SHA256 | 98ae83e57d5d44e8966683e67caf5e1ffa9245554e5ed2f006703c708ee0ab75 |
| SHA512 | a01361d3f200b6733477c25f6821405068e49599c6312ac7e60baebf75f4329ad292157d050cb2778e17637e1225a62fd0014092bd8b227567be24787b2323bf |
C:\ProgramData\Norton\Icarus\Logs\sfx.log
| MD5 | 7939b55c85fe227b079405b65aff0c5d |
| SHA1 | fa1708438e5590f739b4575373667f03e72ce4ae |
| SHA256 | c248f91ec5c2a67904f49d2f69a57a25e720f328c2ea69410b79da78268da0de |
| SHA512 | fb404ad2cd0d267b9eb8b9035e45d8487ccf00932f2341d5630e7e41661bd1166a4cd384c4d78bde9c20566a6ceb747407393ceb6909844fbc1b5ce6354b410d |
C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
| MD5 | 8534e315f5f74ae13054491ed7a16db5 |
| SHA1 | 133cc4d6e883dea8edbd8cc3d74d6d14d85fef8c |
| SHA256 | 0792e3849032dfc6341f55015a4e0443153b82347e7b98f4caba910a5b96b4d4 |
| SHA512 | 6277d8bbe1f3d364c28a4689ed9a3b585ea0c57286c545e777bfa68eb23c9065eb7f5db26248e6ce0857f09ebb5a0c5dd1322f6dd4f5cc067b1ec203a882f7a9 |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 3a1744695de91289414b2679c6e2473d |
| SHA1 | 9874daaf4ee2d5d9347281fec618a559cca8f898 |
| SHA256 | dbb2c59d6cf6f91b6063c9e3b95c7aabc16d0813116a9247c77730f56cc01da4 |
| SHA512 | e676835b247497ba59ca6511126cb160caaf0cba24f468d0875e10aa300b228c79b7a295eff791e652defafdba651eba3a01307745358057b70248f38b22e4bc |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\policy.def
| MD5 | 26eba6f4d836c33e1f35c8d4610195ae |
| SHA1 | aa1b56f813a2c2e386de30dce7a69cfa2c0af146 |
| SHA256 | c8587ec8666b3ce33682002dc19b5c265741a3933ca07c189f0801d0a36768ca |
| SHA512 | 7fdfd930585a81706286d98f23a30d61fedb2b7033799522ca78b03ea25231c0dd38cf8147184311718c2905a13ad41a1d8c56139b4d533149e92e228f135297 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\icarus-info.xml
| MD5 | 01b22ea6de924eaf2e544bb76737d860 |
| SHA1 | e74604eb4259b0b65081de8b9b39755cfdd16a4f |
| SHA256 | 4c01bb3da2c212d60c4ddb78dc024e061814e36fde808e76e8d1eb50d432b185 |
| SHA512 | 83047bbcb6b3416c40c969fa55b5a0195466852319f635a956bc907e8d8f3af8a0490b6bb5bcf793bd7dbf0efd81239e2d086b82e7c42326fb1d59855b65faa6 |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | cf7d2ba867042501d22fe4651ec2084b |
| SHA1 | ee2b6143daeb6693a034f46fa69cafeb798a7449 |
| SHA256 | 50e2919ba15af354d757bdd8ae19eb931e4fb9ad8c0a05b6acab7a97898935a6 |
| SHA512 | 4f8807fa9c3fb81b6a3b53396a0bc18aa7cb68f1a61b804c3b848f433baaed380baccdbfc50442dab5a225031ba8ad1e9c9024823ba3306f92334ee79d7ffe53 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\icarus_ui.exe
| MD5 | a21a0fe807bc141d015b8bb5f9e90603 |
| SHA1 | 5918070a64d7afbd4ec85ebf5b883fc914cb208b |
| SHA256 | c8163fe6b573f4890f7412e1480fe8fc9aa19da416916d22a0d13d2ceabde5d2 |
| SHA512 | f5a561a1e1ff88ce649c664bc3d9c8f0949e5ffbabeeebd8f95e631c2f3623cba566e8770a6516d9fd5d4aff60d2affba6581068b2bf4ec8be7919b15234bc27 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\skup.edat
| MD5 | 8171e534a3212857afafb9b1efb932d4 |
| SHA1 | 0b39ea6ff598e7aa901b8ef9533799e2f591e312 |
| SHA256 | d935884a506338429059daf494ced1e8fef9d61fe041dfec54293a5fb33c9f2e |
| SHA512 | 3959be6bb45cbeaaf3ba72ccd1d164a8375df7f9ab9a75de11f9a6911e6afda9fb99e2f71b503c049ad45b350e4a249665871666e13dd69f4247452126f411c3 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\gpud.edat
| MD5 | 6651526b6fb8f29a00507de6a49ce30f |
| SHA1 | 3abb2c704de83074078dd74b39578f40b133434d |
| SHA256 | 5008a184a9ed025b6380c79a07a851600d0f6245c98c404795b53de8e31e3f44 |
| SHA512 | a9c1a713c68aa0b0196926085c959fbe7fb8ee62edb36ab692bc8bcc7028b1b487f40c5f0ed256914b6739208168e490b9a473349faff32e476c4d4c366d2b36 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\product-info.xml
| MD5 | 16e5fe23b68d797c3ddd94c8620b4280 |
| SHA1 | aca1aa0b1ca802bbe08c499722f26d81e7f20240 |
| SHA256 | 9562bffe6edd081aa6def7aa826be05f0249fb9390a1270d6f430f99da610d24 |
| SHA512 | 5d7a90ed9b6cbb75db1b32a931ec0049c4d6c15f1bffe35208f127ffffc32b950bd9b01e4436f9482a6045d51af8c2feb6ef772f7978ae9dfce18de89a1f5713 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\gpid.edat
| MD5 | a9b7ba70783b617e9998dc4dd82eb3c5 |
| SHA1 | e3cbba8883fe746c6e35783c9404b4bc0c7ee9eb |
| SHA256 | 40510175845988f13f6162ed8526f0b09f73384467fa855e1e79b44a56562a58 |
| SHA512 | 1227de669e122a546edf39f0ded50cd2b6332793dc55d835b21be05bd529511655877292748c25f8fc2b5f1d5c987d9aaed2fc92c7e59a448e51cdf1dc5351a3 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\bug_report.exe
| MD5 | 87a16c9c128e71768f21a4d27da0dbae |
| SHA1 | 4f8bc7d1fb172584c75a5c71f2291ea7c0f7a0a6 |
| SHA256 | 0bdd629f4a69f04f701d4841e8d761f18c50fa18a3071e152aadb0cbf7699977 |
| SHA512 | df59a6caaaacde949d764cb4287dcd44747b26bc6bc25b39927584a6a5099b980907ce4c600e97a2ceec1bc33ff34e2a4205fc0f5f4050b35e3fc6fbbe2b5bdb |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\dump_process.exe
| MD5 | 0d6d4d713d4a0681494a06b3faf8af87 |
| SHA1 | c21cfebf398857376d497a25a9684ab653239fb7 |
| SHA256 | 2eb0c3dfef9d4febe1c92af7631d8b802e29be9c85f1affa3a5b40835ec09694 |
| SHA512 | ac74ec9e686ac652960423c1226b6b319f83fa0b46741d669279ea9261337305d85d5b2b904ff3d695660e750bdbf1190186bc1182aa33372f0324ba37c52dcd |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\common\setupui.cont
| MD5 | c1d9d4fa89293562dd516ec949293b40 |
| SHA1 | fa0bfccbeec9e1e4c6e38df8bc5a08f183526ac8 |
| SHA256 | a6486173fc442ba2059bcdf19c9a513d97d1a464ab323bf7252108ae169ad124 |
| SHA512 | 814e709311ebc27aa0e5cdcd369293688ad79aa6629b126315efdc11fc0ab789f71936dbd7246d1c1c8658ca984b9fc33983587d21f6710f7a47ce7d54f4f3c2 |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\product-def.xml
| MD5 | 837cd922e13eed349f2f14594d54582f |
| SHA1 | 4a00a8bd074cc9d481e74ef6bfc87b1bfa38e4bf |
| SHA256 | 4ccf556656d33cb4d9bc789ffdf1e6f7f3a99bdbd0035d79b28e443110756dd7 |
| SHA512 | 4d755b8d01c016ee7192f756b83357d554d0579ea4e5b1c19960132d1ed3c258c226314cc41b49b4385b967befd17df0cf9ed4911a5f9cc24332353116492ff4 |
memory/816-113-0x000007FFFFF70000-0x000007FFFFF80000-memory.dmp
C:\ProgramData\Norton\Icarus\Logs\sui.log
| MD5 | 0fcef9cfb0248d94cb49d15f4af45750 |
| SHA1 | 657a7baf3db0ea2450cc9b589fbf8d5d1aaf132b |
| SHA256 | 793c2787609bffdedb20f1848ce53cdbd1baa2062c81d4e2b52a5356ca0e96c6 |
| SHA512 | b3378819feef30872d4ffcab49fc29e126afe02acdfc2e71d653107d23571aef31299956c7bcd3e402ee7fa70d4514218b86f0aa61fe427658935e735d8a389d |
C:\ProgramData\Norton\Icarus\Logs\report.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\config.def
| MD5 | 480e976228c7fa81a2047292c8350b2e |
| SHA1 | 73bddc38e6eeae67b92f491ee66f9a5ab91d066b |
| SHA256 | feb70768ec2658cbca8214a27ef5d5f502ae7a55e51e4484b969e9fb859b095a |
| SHA512 | 34ad279c0ab217a0ace6488e839e878d3970ea4611f5bb8fb865a5ffa6ad31c698b8fc439e1eb8b4de1d4844d6b8dfb283a6f1f5550ae8475b6248e6cd9fb86a |
C:\Windows\Temp\asw-a8a49445-1c66-438a-8de4-87cbb61a5eef\norton-tu\icarus_product.dll
| MD5 | 425d9c4579dfec13f34228eb9980cfc3 |
| SHA1 | 34aa8c38e71d9578be6db5629237f7de187e89e6 |
| SHA256 | d8d4f5e293f164f727f3c1c0de1131f34201b3099410a819eb750cc300ce5dc3 |
| SHA512 | d12a368e223506e3dc19d0cfc58f93a76ada6ac8a02c83ab36ff6161a4a0d9d5db2991bd98487c448c2f99a48c93469032462152754060c42a151896ca63baf8 |
C:\ProgramData\Norton\Icarus\Logs\icarus.log
| MD5 | 9c07c8e6dc7c56b62fb71c57beb9e8b8 |
| SHA1 | 3881d52b78f652de05e0300562e26ac541c3b5a1 |
| SHA256 | 105e995b42ef1059ec43b68127301502f04b0d23d74822035e9b3bba06954f50 |
| SHA512 | be4352452c623c863e7d196e6573945434d341299067184b6401919641c809cab395f89b46c5a460326cba99ef0c56125dc23014b822dbf4957b500136a81b78 |
C:\ProgramData\Norton\Icarus\settings\proxy.ini
| MD5 | b8853a8e6228549b5d3ad97752d173d4 |
| SHA1 | cd471a5d57e0946c19a694a6be8a3959cef30341 |
| SHA256 | 8e511706c04e382e58153c274138e99a298e87e29e12548d39b7f3d3442878b9 |
| SHA512 | cf4edd9ee238c1e621501f91a4c3338ec0cb07ca2c2df00aa7c44d3db7c4f3798bc4137c11c15379d0c71fab1c5c61f19be32ba3fc39dc242313d0947461a787 |