3b216887612445f58c20fa8f140c404477f33b49a631616c43e26523ed082383

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
Size

1.6MB
MD5

fb4d24abe3ae811025140c5f34d60f81
SHA1

e19a350562125c48ee1f0cced615456899691ca7
SHA256

3b216887612445f58c20fa8f140c404477f33b49a631616c43e26523ed082383
SHA512

84c5bd8e3aa15e7208da15aad014a8cb88a8955aee9e810aaf626fcace8bb98ef6358d395d6da5c9ed11102bb37dfb41ce4b7600eb3a8d68f96da603ca659ec5
SSDEEP

24576:T2SyzH8dREblxwaiuV/XW6Vql/rpmfOR0uh0lhSMXlYT7H4e465HM7:7ybo0waxVqlNmfE07O7Ye4+H

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe
File opened for modification	\??\PhysicalDrive0	icarus.exe

Executes dropped EXE 4 IoCs

pid	Process
2132	icarus.exe
2808	icarus_ui.exe
108	icarus.exe
636	icarus.exe

Loads dropped DLL 11 IoCs

pid	Process
1708	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
1708	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
2132	icarus.exe
2132	icarus.exe
2132	icarus.exe
2132	icarus.exe
2132	icarus.exe
2132	icarus.exe
2132	icarus.exe
108	icarus.exe
636	icarus.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus_ui.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	icarus.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	icarus.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "65F115A51CCCDBF623206AEDE3B3D8A4"	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAO+vTaEWVZUWL3UZq6vUZAwQAAAACAAAAAAAQZgAAAAEAACAAAACEFHBj9ggFXiE2vcUW7N6T4RvoYh1gHFKovSoEvWu3FAAAAAAOgAAAAAIAACAAAAB8OFNfmf2m7njAtRaJ95iTe3Tgn8USySMVQBxemkrzSzAAAADeMuMDw7E8cPhkBeUawE4B89696Scg0QsU8SOg6dKPaGI9dcUNHfD1Cqt5XxIagmtAAAAA0xzxGS2KOrAHwTXAmcW0pii7YbU+sJEwmBN+ze+O5+4vevSeYMvmm/WCraVTpanFOVkGjWxdnekiyMBb4a3nMA=="	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "f46e3ef4-6821-4471-8ccb-a2f3aa309ca3"	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2808	icarus_ui.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	2132	icarus.exe
Token: SeDebugPrivilege	2808	icarus_ui.exe
Token: SeRestorePrivilege	636	icarus.exe
Token: SeTakeOwnershipPrivilege	636	icarus.exe
Token: SeRestorePrivilege	636	icarus.exe
Token: SeTakeOwnershipPrivilege	636	icarus.exe
Token: SeRestorePrivilege	636	icarus.exe
Token: SeTakeOwnershipPrivilege	636	icarus.exe
Token: SeRestorePrivilege	636	icarus.exe
Token: SeTakeOwnershipPrivilege	636	icarus.exe
Token: SeDebugPrivilege	108	icarus.exe
Token: SeDebugPrivilege	636	icarus.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1708	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
2808	icarus_ui.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2808	icarus_ui.exe
2808	icarus_ui.exe
2808	icarus_ui.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2132	1708	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe	31
PID 1708 wrote to memory of 2132	1708	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe	31
PID 1708 wrote to memory of 2132	1708	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe	31
PID 1708 wrote to memory of 2132	1708	2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe	31
PID 2132 wrote to memory of 2808	2132	icarus.exe	32
PID 2132 wrote to memory of 2808	2132	icarus.exe	32
PID 2132 wrote to memory of 2808	2132	icarus.exe	32
PID 2132 wrote to memory of 636	2132	icarus.exe	33
PID 2132 wrote to memory of 636	2132	icarus.exe	33
PID 2132 wrote to memory of 636	2132	icarus.exe	33
PID 2132 wrote to memory of 108	2132	icarus.exe	34
PID 2132 wrote to memory of 108	2132	icarus.exe	34
PID 2132 wrote to memory of 108	2132	icarus.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_fb4d24abe3ae811025140c5f34d60f81_luca-stealer_magniber.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\icarus.exe
  C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\icarus-info.xml /install /sssid:1708
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\icarus_ui.exe
    C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\icarus_ui.exe /sssid:1708 /er_master:master_ep_bc4552f5-0477-4695-b18f-cca3d3ffb13c /er_ui:ui_ep_52a159a8-d44d-42e8-824c-def8cf76bdbf
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2808
- - C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av-vps\icarus.exe
    C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av-vps\icarus.exe /sssid:1708 /er_master:master_ep_bc4552f5-0477-4695-b18f-cca3d3ffb13c /er_ui:ui_ep_52a159a8-d44d-42e8-824c-def8cf76bdbf /er_slave:avg-av-vps_slave_ep_db3e8dbe-9002-4a26-995b-22b109486bc5 /slave:avg-av-vps
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:636
- - C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av\icarus.exe
    C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av\icarus.exe /sssid:1708 /er_master:master_ep_bc4552f5-0477-4695-b18f-cca3d3ffb13c /er_ui:ui_ep_52a159a8-d44d-42e8-824c-def8cf76bdbf /er_slave:avg-av_slave_ep_128d2f02-4eab-4bbc-9753-1cd7d8fcec89 /slave:avg-av
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
53KB

MD5
2c34b32a1a233e585a7a0d0b0d9b556e

SHA1
635c1a679b858c40649830f7f129f4da7ab12023

SHA256
04ea958dcd58ee668f143e63cced6aeb09aaf004fdc166645e7750cf35a3d9df

SHA512
c096d98f3bb59fdf12f732eea23629c174f5c4f25866297b87c67a44aa2cf76c188dedd75b39f8257764578956a3a1f00860ffdca8e9f1c6d0cccd50a5d307ea

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
77KB

MD5
2a34a4fa6bef7afe807caa59b43bb2de

SHA1
5d51eaae485f9779d80c27a006f1130b126dae56

SHA256
9df6938598a6f8c05ef1fdfd5230992c3884808570fe3b14f36adb0830e5d431

SHA512
7a8c3fc2a6cfd55e22137778b6ec83a5c6dff786c2e22fdc2ef0d60d26706736a06180807119f8ba2979b9dc08f56fc0a4d0067433e1ffb47bdd3a978558090a

Download Submit
C:\ProgramData\AVG\Icarus\Logs\icarus.log

Filesize
80KB

MD5
8c029107fee080fcabdd53b9cd9bb031

SHA1
0c2d5a091bed4b45f917b519bdc41408949ab675

SHA256
bbb19f12e18cc37615524803fb97df4297fed2217832f155521e326fb68be120

SHA512
a24ef3945aa4bccc1a75556496ce4e2f6fd45111391a11e6e024a857fca9ebdf5f24bea416918bdda302f2adc41e5f04a4340cc4b1ac85898bba2803bc84a8f0

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sfx.log

Filesize
13KB

MD5
9df155d44167340e167c65c136b6e5ac

SHA1
139f0c474fff1190870d54086393a09c220a29bd

SHA256
bed6196374f660b4558415c7b79807ea9a86dc8bb8f6156b110c2b0bc415bd11

SHA512
693b469ba092207d291dabe5707e4019469191aa6585e2787cd0aab6cfa5349b4bcb85037699cec32dca02406621b9c3a7af2c7543a042f157fb09898c6939a9

Download Submit
C:\ProgramData\AVG\Icarus\Logs\sui.log

Filesize
17KB

MD5
5599d9f03fc9a034d3cbb1eb94b65055

SHA1
cb5627a676821ea43c952206f25a0c930dac2f82

SHA256
df9e53c0bcc36902a1cfc4d6c267d4c5bb1e147fcd5168c481962ddab77262d4

SHA512
02785eed0243b25bfb5df12a318457100823c6ab3daeee1e6f5ab6547eafc92e8a9dd3428ff19356ec11885bbcb0cd32c9413379a111c90c7ca5f2ee8eaee2b4

Download Submit
C:\ProgramData\AVG\Icarus\settings\proxy.ini

Filesize
214B

MD5
d6de6577f75a4499fe64be2006979ae5

SHA1
0c83a2008fa28a97eb4b01d98aeab90a2e4c8e69

SHA256
87d882d37f63429088955a59b126f0d44fa728ce60142478004381a3604c9ea9

SHA512
cb4b42c07aa2da7857106c92bc6860a29d8a92f00e34f0df54f68c17945982bc01475c83b1a1079543404bb49342fc7cdc41d2ac32d71332439ceb27b5ad1c0c

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av-vps\config.def

Filesize
579B

MD5
173270f3089bf6034fc92088d6dcf89c

SHA1
ac76fcb0656f834b3885b904d7d56e03c540d19b

SHA256
26cb6bef15dfd9be0ada61af5f78f3c9af378e0dfcba7ac82a9687268f59c2dd

SHA512
a0d1a171db7f230f68c9ae9fb4ffacd65c5fcacbfde717497d06aaf8722cd19acd395a34de6b106766ee8ab259e9e38926e98cbc4b6aabe5a96944535d729faf

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av-vps\icarus_product.dll

Filesize
863KB

MD5
5603c70135e8c30758cf422ad68b23c3

SHA1
450d05bde584886ca6948e2d2572b52c2a19329d

SHA256
edb69e48707ccdf8efe894d679956e345360baa0122fa5e382475030ed76a3fb

SHA512
e69a4f1437cb4b885a36c8275f96f8d97675198769df64ea535e81e255c9c308b797f4292a87786aa79af5eb97310430d3aa04ddbd359c214429ed4e9951f987

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av-vps\product-def.xml

Filesize
59KB

MD5
6904c61b5fad040911c3fa2f9e67f069

SHA1
fb6387552edf3396579c28ed881d015bd4767b25

SHA256
67873086623ca4561898a0ebbbc6f8de9bb28fa94f10d644298f91b8beb16fa4

SHA512
b468c6c9e4a7037f917ed730a25969edfc67b585ae58d2c020e90863e194d3dbfc385923191a27789de14ae1d51d0d8f1f27e47c06a0a20e533faa38afc40a93

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av-vps\product-info.xml

Filesize
5KB

MD5
b8985aed2d015c2659c0b4dae2deb483

SHA1
cb5cdfa6f2d098d95812aff7090f57743f527c9b

SHA256
677e11c8d1beba58d2b295b8cc7fc7cb1eab4e4f120d738a8547ef615444b923

SHA512
6875e86fee4ffe8c7aaeda08e8568b347b290ff941aa50c55f1ee32f59069a66c06d22afa7b85c62bf55805704e819683e8d998b4cae4836e2b49f4128f6e0e5

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av\config.def

Filesize
690B

MD5
d98d7ceba0a8ee6ece0ea674e4c10d5c

SHA1
b55bd971e37d810b3c0af950ad1ae68448cad512

SHA256
8dadcea67ff7a665bd54e5ba6bb61dc2e489e5d30c7c3376592ff12063c1b9bd

SHA512
3bc3c1cb89ace3b1a47de22362e06ea88031a96496050f26bf76292cce96ecf447959c746383c727259c453b000da26246a37af0164d3dc8e711f90f327e74c2

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av\edition.edat

Filesize
2B

MD5
9bf31c7ff062936a96d3c8bd1f8f2ff3

SHA1
f1abd670358e036c31296e66b3b66c382ac00812

SHA256
e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb

SHA512
9a6398cffc55ade35b39f1e41cf46c7c491744961853ff9571d09abb55a78976f72c34cd7a8787674efa1c226eaa2494dbd0a133169c9e4e2369a7d2d02de31a

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av\icarus_product.dll

Filesize
5.8MB

MD5
ade83ea72d2c4d9d9d61e4fe6949869d

SHA1
8ea98c14f60aa40086d72750ed3769d746c4b09b

SHA256
3f041aad8fdd164c1686e54fd3b523680615decf3d12ecc7a7450ae8bdb6dd31

SHA512
8c567adaa9acd879f9eb9e2779ace7e858cc93f4159af11e97c0910878ed942404fcc25f8d778f573487618bed0e9cc71b7ee44467c1f8e266fd3a4394eaa4e0

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\bug_report.exe

Filesize
4.4MB

MD5
1428f3bc5f2314fb369b0e6e3f5f3b7f

SHA1
90a9698f2a9a775aea313ac1873ce195ca05d841

SHA256
fe82e1863e32efa9ce0cad5092361b2459d2abc1efd42dcfd8b5e490ba1b7f5d

SHA512
c088d788bf873540cd97cd0a977252c7bd998215c751375170c9ae61ded884122b251aeb2a345ae75ccb1d6a34ca16c2aaa78681f3eabacfd3f618cf09e6a79f

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\dump_process.exe

Filesize
1016KB

MD5
6e7bb1fceedb5d791cf859d570512d96

SHA1
a0cfadfaa65b325f3b0d51eb6de8e0ccbfe6c5f5

SHA256
4516f4a23a22779e37d9ccaad228215adb13c2bc922eef9b077802e32533a3ee

SHA512
0591830b1473e62ae54b1ef02f7f6b380b274874b94ff85e1bb54acd785e61a4a60ac090d7a5f0eac8d7b28e35589cf8d2daf871b7b2029662b1ce8b9324f7e9

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\product-def.xml

Filesize
1.2MB

MD5
d12d574a30825a78e5af02aae23ad438

SHA1
d6827abba856c4ac09aec3ae729445c970549b1d

SHA256
2a75879e92d89eecd3442104ccd102a66ba1bd4a0a2c406fadb2b3d8bb28bc37

SHA512
63ea1d0d72a732bb5000f113f78bc367c104a5c9d75d9fdf9a81d5d1b0ab14779a56865b93120a6518a97d01240ab7ad8b98a287d63e3a5a918fbae5b83d7690

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\product-info.xml

Filesize
9KB

MD5
718658fac45e9855fdd5ccedcbed3444

SHA1
11d186bbecd7f84539b69acfc4109fa39561e71b

SHA256
89ad94040535357a7e9201af1713c7a7f7fcf49450cc617b34562d4954757f71

SHA512
626df9cabe11d9dd62f57afc14adea02f4f6db59e62934a7c39b65edce5a69302db7fb3e3be10db4b3ce0e32c6938cff10cbc534ec335b21bf3c253d884d882c

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\setupui.cont

Filesize
249KB

MD5
beacd2167c928744353049c4f03dc253

SHA1
a556334fdf2ea40c313b931477c61fb788b5032c

SHA256
4255fa31503b0fc52d21242a04fdd2edfd35959bc5bbded781e2175bb43a3077

SHA512
a73bc0386a6c205ff5683b9350dfb05d0c9c9ed8ba65ca32b0a5f776eff57bbab784f46a210dfe6223af09cbea79d75e9dc1f6c2055ef7c679c912d821dda4c5

Download Submit
C:\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\icarus-info.xml

Filesize
1KB

MD5
79be576ccb513cb8c1b6f63974c63185

SHA1
4918f788fe114fad7ac2c581a45bb649401803d5

SHA256
395b150d770f44563d83c60278c1cb970a49cb67d8a33fbcad81b1cf3739b3ab

SHA512
92e7a5e2f82d96c97a55eaa94d1ccabc97710fad193c9dc1db19fb7d4607a04b21a9459cb1bb20b718b29d8c33335d3770cd32b5cb8c941281d26d58afb0d9fd

Download Submit
\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\avg-av-vps\icarus.exe

Filesize
7.9MB

MD5
043105e55f5aea4fc68f51f69b04d6c2

SHA1
ab4cc4c003dbd1a9ed044361f0713739f87153b9

SHA256
20a4b502d996bbee3a4cbf4d344190cc42f216119c3711a9120267171e759aee

SHA512
50ac8fa40b54b1dad21e2b4657d731d23ae808a3f724eb94003cd2a92a74770c3cbbc5d49bada1e6ce16bdd6cf8c6c9af14027ebc4f93651959d57a1834c2135

Download Submit
\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\icarus.exe

Filesize
6.5MB

MD5
2815717ac55ef78242c3a644fe97f167

SHA1
d48bc2449bb4bb01818895769d11c52e3d7d9335

SHA256
d19ffff2b1904be6f7457f922f93226628a06df7434b305ad7de7e619c646a55

SHA512
d7917b5907f39ac64d55ab2456be31c0d8c536f0af15f23b3eb13ee5d1052a37b8da7aeed68348e2082e0cf36ccb6951c186fc4be3d9c4c36d310477d795d0b2

Download Submit
\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\icarus_mod.dll

Filesize
15KB

MD5
4f006aa4bc4d037b5a4c939f2cb85ffb

SHA1
cb74aecdaacc6e6f2860c109705cee6a9441b17a

SHA256
7296f7bc71088f1e3f01f95a7004c73f403360f614abe44f62ed50532faacfd8

SHA512
264e886d3e265ca38d687c2080611f65ff16d7545bb6e394fc69ecf33a34c1b61523f3f4477fd2def3aec01d37e149fdb3db4cb16889d45b7889a2737ede814f

Download Submit
\Windows\Temp\asw-fd74a98a-8c55-48d4-92a6-d8177436650c\common\icarus_ui.exe

Filesize
10.2MB

MD5
49828e233490ece34ea700f016496e33

SHA1
79560552a8c92ccacb4f490e1c7ea7cc319e7b71

SHA256
2f3f037957dbff847bedd2085e64ae8481013211cf74462cd172ed6ef2970115

SHA512
254e171242b6498c48a9afa7c4b4ebc6d5284690cdc3ef0428149cb52210c09f245235f3fd32dce1629bd695faa584006a831b2b015904b7e4d6ce2544c82db7

Download Submit
memory/2808-161-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

Filesize
64KB

Download