Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 08:57
Static task
static1
Behavioral task
behavioral1
Sample
2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe
Resource
win10v2004-20240412-en
General
-
Target
2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe
-
Size
7.1MB
-
MD5
e3283d49570a9557720725de28c04a8a
-
SHA1
a5ca0938a6543bcaafd77fe97809811711a6127f
-
SHA256
f13e06e98803676e1c744a577184b68c95fdffdcf716529e6f2680ca80ea58f0
-
SHA512
2929bdd1710f8912c54b3953fa295fda91529098c65d851878aea8c08053f56929384345ee93aa674b305f160aa8a311a1f160125247f29aeeba38e01b9ce781
-
SSDEEP
196608:coXEBeoIjYB0a9WrKVoGwRuNkuyiMfypds:coSIjYGaxAduyiMKpK
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exeServiceStartMenuIndexer.exeoct5EAB.tmp.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe Key value queried \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation ServiceStartMenuIndexer.exe Key value queried \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\Control Panel\International\Geo\Nation oct5EAB.tmp.exe -
Executes dropped EXE 3 IoCs
Processes:
oct5EAB.tmp.exeServiceStartMenuIndexer.exeServiceHostAppUpdater.exepid process 1796 oct5EAB.tmp.exe 4980 ServiceStartMenuIndexer.exe 376 ServiceHostAppUpdater.exe -
Loads dropped DLL 2 IoCs
Processes:
oct5EAB.tmp.exepid process 1796 oct5EAB.tmp.exe 1796 oct5EAB.tmp.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe -
Modifies registry class 60 IoCs
Processes:
ServiceStartMenuIndexer.exeoct5EAB.tmp.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" ServiceStartMenuIndexer.exe Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings oct5EAB.tmp.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" ServiceStartMenuIndexer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ oct5EAB.tmp.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." ServiceStartMenuIndexer.exe Set value (str) \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." ServiceStartMenuIndexer.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exepid process 952 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe 952 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
ServiceStartMenuIndexer.exedescription pid process Token: SeShutdownPrivilege 4980 ServiceStartMenuIndexer.exe Token: SeCreatePagefilePrivilege 4980 ServiceStartMenuIndexer.exe Token: SeShutdownPrivilege 4980 ServiceStartMenuIndexer.exe Token: SeCreatePagefilePrivilege 4980 ServiceStartMenuIndexer.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exeoct5EAB.tmp.exedescription pid process target process PID 952 wrote to memory of 1796 952 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe oct5EAB.tmp.exe PID 952 wrote to memory of 1796 952 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe oct5EAB.tmp.exe PID 952 wrote to memory of 1796 952 2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe oct5EAB.tmp.exe PID 1796 wrote to memory of 4980 1796 oct5EAB.tmp.exe ServiceStartMenuIndexer.exe PID 1796 wrote to memory of 4980 1796 oct5EAB.tmp.exe ServiceStartMenuIndexer.exe PID 1796 wrote to memory of 376 1796 oct5EAB.tmp.exe ServiceHostAppUpdater.exe PID 1796 wrote to memory of 376 1796 oct5EAB.tmp.exe ServiceHostAppUpdater.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-25_e3283d49570a9557720725de28c04a8a_mafia_magniber.exe"1⤵
- Checks computer location settings
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:952 -
C:\Users\Admin\AppData\Local\Temp\oct5EAB.tmp.exe"C:\Users\Admin\AppData\Local\Temp\oct5EAB.tmp.exe" /S2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exeServiceStartMenuIndexer.exe /PRELOAD3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4980 -
C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe"C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe" /LOGON3⤵
- Executes dropped EXE
PID:376
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:4576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exeFilesize
10.6MB
MD5975e50a6a7987c4daedb504fe99a92fb
SHA15373cad041a4f508315aec0aa1ad9cc2e095dfc2
SHA2564b7b6fef62293e81f274b496068bc83dd06b7cf9a21cbf3be6efff6029b44872
SHA512c351a77d06bafce1adc4226fb283cce9ac28bf6de2bdc41c5835a2eedc30c72e3f2c360746f501991d05b8fd7b05f61f3c5d7206881929fc0dc49db514823817
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exeFilesize
2.9MB
MD5da1032987448c5271e1d90e39ee991f5
SHA1df9b8780c10de47f8c829f419ac107c7d0677682
SHA256d8cae77dccaf4c3eb1e943f257204bd09084d810c90ad90ac20c318e4261e80b
SHA51278152652ada500216f755ea8323a630f8c92b3894e21bfc298915df31eaab5f88723a3d2276f81635477bdc217306812220b5f5385a4075816c9992c45a63c2b
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b2502e111ef9c51ca8bed118634.png.compareFilesize
846B
MD5d495e09bd9899c0410c4d67aca1192ff
SHA122e0eb07a794c1fb2fa7127f2d6e30685f9b5f10
SHA256f90e336bb5f46bdbd6144e81daa57af8eab0f752620c0cbd151b45fed1bc34b9
SHA51202e188ff6c076f550d4b676dfa77a6da31a412c27f9fb09766f88fa56a7652fada23a7692e708f26202ab5110a12ad78eb6bad958354fe65e0a9691c1c4f0c75
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b2902e111ef9c51ca8bed118634.png.compareFilesize
531B
MD59d3a7815aebefca02c1fafb0b7fa87cf
SHA13052ad2feef0b2d211b51c8180e8f77782aeccfc
SHA256601333277a511e3e079cb71acf743419496a5e430f89cdd8b0cc93cde9e8f8b0
SHA512955f651b805fe7db0cec8a6970f3dbc466e711c8ff0150b9d744f53ee905d8c85b8f811dbf99b1d60b1dec32d09723229b0d6611d9ee377743a4fdcb2638cd2f
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b2d02e111ef9c51ca8bed118634.png.compareFilesize
614B
MD527666a793fa11760547454944f089546
SHA1a3166a4a1a04891d2a30d7988f6ae2be5b5608db
SHA256b14f658cd0f545e53148b65dfcf3b9630ef2af84cbafd6bfa48f8c165a2500bb
SHA512b56ebb454a360ee4bc65e655adef136a1950a015f136b756b8059c5bc13e8df7914045582a5741651ac6a80f3ba35c6801b92a106fd2020caf1f444104b64a25
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b3502e111ef9c51ca8bed118634.png.compareFilesize
802B
MD5df7a4fa395ad23842a01a678994b50d1
SHA1aa88706aff04026caca74dc352c568cf4c92fcf9
SHA256ccc44bdcea482f2f2fd89c6d350071ed0e5879fe46693a0dc5792192c14a9178
SHA512e5dc4c54821990825a6eb9c415519a38f4c5a214a7a55540a4c6bef7aecb86137e4bbbc70026707dbdde4a3e30f5c4ed825b2a0b5c594c5f5e15e632351aaaa5
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b3902e111ef9c51ca8bed118634.pngFilesize
662B
MD524fbc352a44321963d09c74fb30e9f08
SHA171fbbd923882741a17f35656231f836c59b03da4
SHA256d848fbf20333fb1f097e7402a27e281e6109f8c1aba3f598b66e5c83dfedf30b
SHA5121edc6a5ca9e4d1227b8ebfc79a6551c7f87dcce13b9981f57100ab482b4bee375dd653ac4245f3fdd83d13236819f62ed21ade3cd503c9ca35e9a6cedc4b4240
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b3d02e111ef9c51ca8bed118634.png.compareFilesize
627B
MD509179b2a273b7d279068f570027a43bf
SHA10f7d5c0fc142df7819d9bbd17fabc5edbbc61b1d
SHA2560af2b0f377e2f51306f6f8762d606944bd73aee140798c9454ad30cf9658a5aa
SHA512eef7c4cac7990e22619bc7aa883f686cb8e832177749c3e7cf63b678f37b4bd67b77077639826fe115651622deacda80407f68e9a52853434be24103c375acff
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b4502e111ef9c51ca8bed118634.pngFilesize
303B
MD5409f205360f9aeadb925f46f4f2a5ac7
SHA1118b94885125d199ca27b32ae5d30e51f867d26c
SHA25603799be4d9b5c71541905081ce2313ead4bad19b92a2d2424bbbb1439ed5d04a
SHA5126a476ef92278c1d996f0b604947581faa1ec43d11e2945f7dbaa73f7d76ef621238fd9bce56c16718767f236de9a281838a7206e304b0efaba487604bc0815c6
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b4902e111ef9c51ca8bed118634.png.compareFilesize
898B
MD557659d81293e851d6211392ced456e7a
SHA14556b8958edc41aba8f64ebb3b0d9674c6348db5
SHA25683d8869e2ea0de994d785bd482a522bfbb23bb3caac44916f0697aac2b4653cb
SHA51274ef58fd0c405318ae570ac73bb82706c520627ef1aa9782645001ff57145118f27b73a3480b6bc5e4c5cc13413fdf99ce004f03880e8c74129160878645d7d4
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b4d02e111ef9c51ca8bed118634.png.compareFilesize
816B
MD5b20e9c46a6c3f312c67194f6f3665d0e
SHA1c3050b3226a28aa90433a6a2ac524b22d8a03458
SHA2568a74bd7bc15a20012e176233f407789e036cd979017e42bc0d3db93a7706cf1a
SHA512e6ee5ff1a86a809c0b57543325e6a6157f9458e391db17dc4b5482556b9206194f30658a572db9e0535c7063e3cfc55523af9b00307f3c52deb35e6bd02de0fd
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b5102e111ef9c51ca8bed118634.png.compareFilesize
526B
MD5a63c60af2e9a1ea35a80e93d95a25bf1
SHA176fd06bccce4fdda8b3a088b7d22d2a8017ad53c
SHA25660f1134cb1b26e89894a127eeff8579dca3a25dd86af5ca7bd03dc9602c6fd70
SHA512a91558a60260c19e35ef76619b13214ae017995c14c4ecf3144717ee05e0a3bed2b0f66a9d192260fd88563931f83cd5de72e531f35e1d6f41599f1162d741fd
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b5502e111ef9c51ca8bed118634.png.compareFilesize
449B
MD537e050bfb1f28142eb03a3f8b5790925
SHA18d59237279dcdcc706c1fc040043fc39aa10e21b
SHA2564d2e1151e591ede48d31ccdf4c982abb5424733325a91c3190e87752d4363282
SHA512eee941ece7fadb2f1371bd7a3f85869e21b2231d8691270f922b9cf7732903bd2531b31b9054066f1e595d96836f04b198d977f599eefbb66c5cec51172f2206
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b5902e111ef9c51ca8bed118634.png.compareFilesize
379B
MD5ded7c6e8b9868e660d490859e69efef2
SHA1cc045e91f0ffc9f182c8ead8ecae069680fed42e
SHA256f0376d903299f9a81a5d002870630f94d0bd90866a201c01c0ff79d6f6cf94c0
SHA512f231e17b1c8edf764fd23160bf0f87288e5fe476d361e57fdaa697bf844f2bf781eb5fb50c8b0b4d2f7e37649b0a532aed0c9829c6c3372a0f38a6df80747663
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b6102e111ef9c51ca8bed118634.png.compareFilesize
888B
MD55f916bfe3d914b43934342c8481d227f
SHA16d17ed159fbb62f768da8cb5d6c123527e95090b
SHA256640170ca50156b97a584baddbb81374e3b56f37c5db32605351b8886de56eaa6
SHA5125415fcb1ea840320b4bd2dc108e9ad2ea8903ce5cfe1deeb6f0360cc323efd6abebde188eb541ec84e6ab2c1524a274a0754199af2ffe47eb61f12a6cda19932
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b6502e111ef9c51ca8bed118634.png.compareFilesize
742B
MD534502e147705e3e2fddb6297236816e8
SHA174ee02c9f7aeb5c49cbde7bb324c4b458e72904b
SHA25624a3a9042e1ee7719307850ed29a4359cd7d9a0ca08d76af047282967bd06bd6
SHA51276e053593fe9b11efdcd41ef8e87ee5e44d79a12dec5f8f0a8df8afb9dad4c594c4e8dc4455d8b92e1d6f6593833aa7824464f14b79cdb13d9d3a0538f0fa20c
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b6902e111ef9c51ca8bed118634.png.compareFilesize
363B
MD50c47baec3f396891e4e2e8c29ebf666d
SHA12e4d55e5dcfd5cedac7b6ab6c0ae65b4649863dc
SHA256a3832962dc8ec8ce5b14e0318b5f023c77b23909f21f931f5b4caa13b0f20675
SHA51207abad8641f73a0b188eef06cddec23f173035e68b60b96552bbff9060d8e6130b4c8a0ae8366109d3346987ea5298222be59b4d10e9f7ce1ad01fb956fc450b
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b6d02e111ef9c51ca8bed118634.png.compareFilesize
600B
MD546f8418c8fff05fdfaf6e1dc11c6df14
SHA1de93b619e6838789e14e7b243b6c9eb4028b5209
SHA25629dc4d1956e5874ecd46aee57fbd5fc9156e6fe921c9029d7d32534ebcc15757
SHA51208731185412cf5ce26c34f387db85337a0a233b67f63cbab3081f050225c82d85921a31f2b520fffea0d2c562b88bfb09d8d1489f1e36573e41f1c0cf9d298bd
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b7102e111ef9c51ca8bed118634.png.compareFilesize
836B
MD50c618eb7fc772cd238017e84a21a88a8
SHA1d7ed0c390500bc6869a507cc6dbf3f729aac887e
SHA2561e3a4cf80be3b203f1c2037b9dd940731d6a2b8f1709ab04834fea1e53220812
SHA51249bd1921746a7ca9b83c9ce191e602387d2d93a798fcbd9342ab315dda7eda7b3cf9a7698fd7ba1e56c87d51289a5b3a18d0820f4b5ab104dd76a90e062818f6
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b7902e111ef9c51ca8bed118634.png.compareFilesize
687B
MD5ef19dd8f73bea37d9e28e8cd85ee4e95
SHA14ef634e974a59fe976f2c2ec2e092f5b55bda9bd
SHA25693b3a0f4e4b3da6e8af72d93df7785d634f0d0d2613fe000e84d422b85230987
SHA512e9dd565c2c400f0136fe6978c9afecaf00a309263b94eb23fbacaf9c46cbc8fdd65c798653a8e4266668c287bef5144cf8cb62c1db146de73c6d27512897d141
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b7d02e111ef9c51ca8bed118634.png.compareFilesize
603B
MD5a8320db85f8650a85953d8f375f31d7f
SHA15051406133fb903094334d2a44ff3ad35d89f240
SHA2567c4c73eab72c234b1220bac99a4b62d5ae23455be5740d4d6e0a07ee8617e1dd
SHA51223b7f7fb767d597b189aa819ab54377122704467d0b725ca18208c57e0de31fa9254ecb0fa094e95d764d5a78aa1ca7a960a4268fa7de469bdd7e302bf26d750
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b8102e111ef9c51ca8bed118634.png.compareFilesize
903B
MD5e418610d2901a954c45ca7d8d14def94
SHA150add435db112f4633f05aa82e6f8dfa6b89c09f
SHA2562500e33d8ac3ab15e60e7b98b91da9b298a777c41e2def355e7a173f910d4765
SHA51254ee32888a7021deb59d5294c9eae8f0a44b7fbf7b1456783688ae65cb30febf2d7c87918864a418b609139c73e4fac054ec4b291b4e55ec3f5241104422b450
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b8502e111ef9c51ca8bed118634.png.compareFilesize
912B
MD5f08ceae28618ba55cef1ebcbf954a628
SHA1d8524df8efdacddfa8d9f96c1086655b7657d39c
SHA256e6bc98021145873772bac0fc4aca7a2a63dc5c535f93185d6ef8497ad748b18a
SHA5120dc758ee4e28aa74e13a768117e5f5067232fe4569fa8877a4644c9d6fea7023ad059e3239f68715a963232712136b3284b8b65a72b026a602d76719620f4037
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b8902e111ef9c51ca8bed118634.png.compareFilesize
501B
MD5851d2c4d0119dbfc5e2da4b05e6e3f48
SHA1610100221bc7fb32230983b48e3f11b8c72554df
SHA256f2793b70e8ed1c7ffdc02bd4e5e83a94dda0ee9d30995396b729d74315c2d1a7
SHA512e2e509ed5a37734cd36473a6996056e420bf0ba687cff6ed8ad429f1152436a2802c0933752b55c445452f9319faa8aa677feb207c0896184ef5a17e22aea628
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b8d02e111ef9c51ca8bed118634.png.compareFilesize
486B
MD5ff966ae89b1366ae6e07e66ce3ab3ba1
SHA151d570794235e4bbf5f0a4a3093abb9b855c3d9f
SHA25642f44b5a5dabb08539c9c3588b5665c05d27d8de7831592d72cb6769470ecbe2
SHA512360ecd1b04beed28e9e103b21f48f88547d0eea30fcde307e666142ad97e5498a98ad55d7aa09a59683e818682ed00eb023a533ba08b94b82e6c91873d73f9af
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b9102e111ef9c51ca8bed118634.png.compareFilesize
415B
MD5a4d10a8b9dbce7598400bbbd96a11248
SHA1c552286ca4ccb618856f107d738c471810f55118
SHA256ee60b8267fabde8ba2118580b3935d56e5a4e713d3be115421a8909f666cc68d
SHA5122d32aecfefae82d0c412dee11c66f7c3f23d4bc06bc88174ef84257728db4beeace4aab05b201c26ed514d64204524a234d0b8a921264727b3055e609692fe33
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b9502e111ef9c51ca8bed118634.pngFilesize
483B
MD523d34cfd73e18438d7a352fc58008a67
SHA138c6158ed085dcfa9144a3f8ff3fcb801a10ba1f
SHA256e8178172cb8280545c3e115b09e14cd42b04910018758f7d46959469f11c2ade
SHA512b73d7de71189ea0fedc014b5ab53317237d4f7becb29af6d9b26e1a76b8297b9d0ffb6dde52a39410d057ed750345b2da1fd19cfc4c67890e55a529124ab4190
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b9902e111ef9c51ca8bed118634.png.compareFilesize
742B
MD5e167f54e12462548e9134434c085b2a1
SHA158ace4ba5a71d15db04f2eb62cb7d41f039ba4f6
SHA256e02536a4279072c13539a00f6378fc44e021a055485520f8c988a0699962dfab
SHA51205d7e0ca0082a8ca6ac642d4878f8d8288ce648f334b16b4eca8d1ba605dce3a396b66118b942a4d429a723e151cdd9efdd1eae53a120e04cd66586c9b35a399
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8b9d02e111ef9c51ca8bed118634.png.compareFilesize
679B
MD53146166ed1fd8057e2219d03b8371493
SHA15c48ea6d05b84d7d606749fd407b6b32ee1e3946
SHA256dc29d54b597088a3807b862f3eee3c0694093e18bf41b5dc0167781ee49db8aa
SHA5125467d58fca53f1b4dad65e97ca81adbaeeb8333623d64376d636784a0494688e3b7b51e7e638ad1299719feb33e83050c35c4e4cda50dcb4fdde8604676e65d0
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8ba102e111ef9c51ca8bed118634.png.compareFilesize
543B
MD5b0e099d59b68278a221d5ad0e0358d72
SHA1927d01d9488f49166c7c628d7496e8f0671fa69a
SHA256ecb6e8c5def4c27b09533b7f3bd140b1eb928da0a905df676589ace2fdd7f8a2
SHA51261c4047ca8bbf7936035fa097b80091b78cc733c299836102698558da855a5dfc454d53bcf4ee1a4c950f911613190455f52281eeef27a2a79b7c141ec814aaf
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8ba502e111ef9c51ca8bed118634.png.compareFilesize
419B
MD5bafdc1384f760cb24225d8f469b4c850
SHA1045382a11bb7cd98ee45d854fb710b487dd6499f
SHA256ffbb91bbee6d387da490a211e82c9dca169670331c1387d28951b2eb0823581c
SHA51246f9df83deaaf63cfb1508b9021f2a50ab4ec20a266777c1488b4dad994854dada5abffeea71bb30d0162de518c50c87339569f6d6640a2ff884f6a9b696a7a9
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8ba902e111ef9c51ca8bed118634.png.compareFilesize
522B
MD5a5b89d38f7b57e3d8c54a9d47b5e313e
SHA1cd99946c765ec449064af3cc1cff7c704776383f
SHA2568f962f7440af38981fc3e152f35ba1eb71826b6c3c615c15539de33c5f563db4
SHA512e431b569b73b49577ee24e69a7ccea1ace281472a5683fd71ff9ffa86577af767b839a2df03f8618f36fae9002f7687195390a90a90f3c6c50f18d041ed2d116
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8bad02e111ef9c51ca8bed118634.png.compareFilesize
713B
MD58f885008995299d06b4b05b8d1c84518
SHA19219191880e205d8cc4ab9811c66fbf5b54b5b97
SHA256cc6b2e2e8adfc0a1a830699e44dbad67756a707b80a16df14469b8f669925a28
SHA512cc5b99241c39865bfbe18de11036888da3b85299e9e044c8e11a63136addc46a6ca7ebac06c58f8ca269d9d805c27e58b9a5806a3497ceb636fc81b37a3cd414
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8bb102e111ef9c51ca8bed118634.png.compareFilesize
257B
MD5f3cf25df56c59a6ac274f840b0e6b0f7
SHA1e14e5524635298cc84df281e4c3451c127d1da83
SHA25612ba1332a26b7c74aeda5dbd45cab9b7ede2f3dc6672ca07eab9b76a5b4c88d2
SHA512007200b4d4050d2c384d253ab42af407111846dbdf6da8bf3a663548fb85eb87d67ae01fe3ab9d2dc3590dee554a09ffbdc32204a3665d16972bd26b87699d8c
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8cb402e111ef9c51ca8bed118634.png.compareFilesize
846B
MD562d26a02c8f82b63f409dd9b03770272
SHA150d2c50caa398744334a3a597636204695fdbb10
SHA2563ec4a260dbe807de12b4a78b8cd7145b5c110d53b6fb23222232c396c4c30307
SHA512364b6ee92720280d4672be436795d20819b7868199c27300350a9afc89d41559f251bc31651f91b54569fcd0c8d2ef70ffd97424b7852bfd7e43be1ffa17bfee
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8cf002e111ef9c51ca8bed118634.pngFilesize
632B
MD5be79cf3367a8e4981cebf89afd21b8fd
SHA1922622b173c68d69a48d856e8b71ffb22ce14cef
SHA2564e0630d842961a0a8b1095f80a4167f5672ea5566f54ae841170e46b9e6403e1
SHA512f070f187ed5061a8566e3485c01de6a11e31628713c6aa5b0c3ac67e4488a8e2586d62f85d89853ce12775cb912bca142bd78a0fa1425b98d50c96c1110174a1
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8d0202e111ef9c51ca8bed118634.pngFilesize
1KB
MD51e93c63b27175215d330f71df243ed36
SHA1bcb8444e0aae425978b6e7b75559255f9fc6b6bb
SHA25641bc2267ce6c52bd380781177601275f4f4baf85d15416c8b22c5710ed201e66
SHA512cb1e8ccc6305cafa023743aa9c94ac294ba19d0ae10f8dbbb572829ae53e0307c7e70e1096128d7ed5cbc577d298c8cb1238e4e9aa47771443f9091e4bd141ee
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8d0302e111ef9c51ca8bed118634.pngFilesize
2KB
MD5d92e99ab213ee4c655ed0d6618ff288e
SHA1354037d41bbaa9a21d4386f381a0f75e8480ad19
SHA25690edc17ff5ca4d6a2e265f4473563334a7e799da4f45f07b6188c8f4f418350a
SHA512c269799d949b37e35bd0afa76d6985f4e43a3b331a6667922fe06518a499eb4b4b523dfea6caefee0c4a17fe428c1f565d35e1163aa8db831038cc6d7450c530
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8d0402e111ef9c51ca8bed118634.pngFilesize
53KB
MD5ff322d763ec1f410fe65de234d587909
SHA108e3fe6409f344890a3a75eb3b36e1dd5a59f75d
SHA25603e0db119333cbda7c2a692d414ac7e2770e97eb373998cfc9e6ea9bfeb22104
SHA51226a08d792f856fd12bc11897c7f86c8dd2b134ff990e854fa83ad59b8b4a471b922754b8d57c1c1f5bd25822dd2c49fa5733e50627d79ff6a8a46bfee93ec457
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8d3802e111ef9c51ca8bed118634.png.compareFilesize
605B
MD552073ca1be30dc0807acf7459e3a3d8e
SHA1fe56a698e0478f30d19058394735dca75efd9ec8
SHA2567fb86e8afbe25ce25b07524e84eed5f7f6c656afd3103ddad4a80533974acaf0
SHA5120b973ec70be9968d298ae2cce622200d248695459c00c46dd70f8f1814fb62826539cf99b744ed7660f5b5c4b81f350b5afbb335312739b651354eb2705f3c3d
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8e8202e111ef9c51ca8bed118634.pngFilesize
213B
MD5ae43f1321d104fcb03c1da6154286ce3
SHA120e917c3f0b556a51ee07fb3de512dda8c0fcf5c
SHA256939fe49c93f1a1fa4ebf600f22dcd1ef0adfc0ac817735a465861deb5e4d50eb
SHA512a305dfe8842b5473e6161779d7ef5f9ec739cacf85cea45ef70c232a157faa061491a9f64324665a6e44a928132719ce6b0cb11742d95e458cb6948889025a8c
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8e8302e111ef9c51ca8bed118634.pngFilesize
389B
MD57ec4f8dc8ee3b2f23bd56eb3891c4c09
SHA17a7f3a486fb66b461f4e692666ab419f2924cc27
SHA256575ef7061a2ec30fccdd46ac67e7ddb51f7b19215b4adac6bcf86b3d5a988616
SHA512b702e85283f7ba6c532a150c106ab0eeb161120729de0d8c8f37361372bd4ef857c3a609b447912299e4739808c1d9cdd2aa46991d9f0c81ea7cf3cd23e87d61
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8e8402e111ef9c51ca8bed118634.pngFilesize
533B
MD54762fbae75b467040222b16a94616ac5
SHA15684ad88f049145a099a546d9131264f233c354c
SHA2566c2431538f213ad2c95d28df6446f9a42c785d8241e60bf799832d6b827eea84
SHA512369dc792c430c67b2a6017a0c7cf8b8286d00459f4e9896097c92f3f55a33f03c3d408321972eb56b37d1b0584427d0bbd7ad893b016664dd0bb7b6e98b33b77
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8e8502e111ef9c51ca8bed118634.pngFilesize
3KB
MD574f1e54688409597f6f3e0c4d3e21a10
SHA117029462506e44c94263072b8c6298bfcfaf8283
SHA2566e54f5c10b49429a15214d34d8061e06ba9ef9ec5c18d852c20ddcd92bbe5990
SHA512f1d5368efadf37cc849c63cd75a138bd5470ea30537c6d169b6fdcf3af1f2bca958306e570eeeb6d3c3efc3bedb62c54084f52babed92d082ccd5ff107fb4b21
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8f1302e111ef9c51ca8bed118634.pngFilesize
2KB
MD58fd601909484c953bb7987b888c61691
SHA13989a87d56c92d09a17b5befdec1ccf07143ad94
SHA256f5fa1535df7c76244faef920b6a6b84cdbad37affb3fd855e17759a00da0f814
SHA51251845af88d9f4bc6bea9107f4953e7744c8a936c644ba16eaa6a0e535bf7842a1fc847f7bfff1f24192c4737c6a11a93b43a4075a993f2d4d4ce6bf4485141a1
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8f1402e111ef9c51ca8bed118634.pngFilesize
4KB
MD5bd6d22ca1617d4d6594bc59ebd577ff4
SHA1520e595492f8214b8a2e20aa76de323220429055
SHA25665f2a673da464095878dfe1d94043ad242acd151ed7cd3641c96875c098d3522
SHA512b4d69579b8b28dada58d14b5d082a7b203a290324727fd2f309a9c2e2c4ea1a1b3a98876d74dfee2963f7006ed9319ed93131628f4862e0f82d073247cd6c471
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\dfda8f1502e111ef9c51ca8bed118634.pngFilesize
63KB
MD5a1fb16fb73739d9f0bf9b1123fd3a734
SHA1149af19c3296bf9993d4e0ded7617582c2501006
SHA256b5371325df11f175bb21fc9f9d827a4314ff28ecf7846df976d26d8046ed0041
SHA5124146400e8cab0319107c5f96a1edfc3968492c9b7aab2170ea65f27efbf9a9565b6134df0fc05d8cfe2ee641f2df3d25d2c49df269954186e1b5fada0fbea57b
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1bb02e111ef9c51ca8bed118634.pngFilesize
407B
MD5e55214ba44abf9fdf68f052b1e85b569
SHA16903b785435607385695e90f22c645aed05bc86b
SHA2565f125f147d6f61f9443f4e9f47dc2efe821702370bd5a1c5ed05eff9eb4dca30
SHA5125fd2e1d7d670eb940ca858963d210f36c4352374cdcd3aa53ac5be3c138d16944f3c6ddeb6c7aa94b06b2a4ef74f12d9d7996cd266f283bf9cab02c5b7363017
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1bc02e111ef9c51ca8bed118634.pngFilesize
2KB
MD5677784568590f3c77d0c6434b6eb142b
SHA1e7b7e40d1dcdc6cac7d9baef359f8a6604975645
SHA256aaab57852a2c0434de14ae4200f5424106cfca53f1d1a5afc5734734fc933648
SHA512d0286a4af4e1a72329fce6350b73a90d2c2ede634f1465f064baef7f224d64de2e71b6006a17d7324954328c71d395de38f60b8df676d4716ddd874730d4862b
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1bd02e111ef9c51ca8bed118634.pngFilesize
3KB
MD59a04b5b935c2b7cd902d15317a755504
SHA1332e7a2f22d7c64b1aef13236e1adb61a008ec14
SHA2566fa4f184c0a56c9e3425c71abfcf1c12837b4f723fbd060a391ac28f52530d28
SHA51277fc66a5588ad8b07994019c81b0e89e16873628a3cb06dab61cd65c68117c732a94563c5984e32492c8130f2a755fbec691fb46f5c5a1023f08986c25cffa6d
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1be02e111ef9c51ca8bed118634.pngFilesize
27KB
MD595223b6fa2a3fe952616e85bcd2f630a
SHA1d23367e44f7d1826b221cf4077b012efbb58806b
SHA2562eb5cec4208438e0ab96b78418331c6b84c22087d034fe88763c79c6483e99bc
SHA512141d8833e8dd859f08443753ae82accce6ccdca77c8bfdedac79c932ae8216be85c8d2d159bab5bb3c18a6fd0195cb92ffc70dcea4b4f5c9a0fa1762890caa54
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1fb02e111ef9c51ca8bed118634.pngFilesize
739B
MD53b20a57507e63838a2659b74c0bddc1b
SHA1da8de7e7a4484d6e8cdfbb269abd3e6ae7041898
SHA25688b84e826c251e100de58618b4d6e54d5980a75d7c89af79d8eff669c981d252
SHA5127e1cde9576d26dd10cb0532c653065f3ca16984c1cf6d4453d08055fed5a8d8a689b9966a2ea6c8f07ac7b783598613635f5e3b00ae2a3c13f2877eeed6dfcf5
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1fc02e111ef9c51ca8bed118634.pngFilesize
2KB
MD5a9271bc5204a7b2c9b013510624807e5
SHA12a337424bd6b5a1c71526b4286e08f3237b7b194
SHA25683b2ffea7ce890626ef8db5a8e087cd4dd6f0680d090aad6b6fb0bcd54aee94c
SHA512c313d97a23bd404b5ba2e312e76fab3dc6a7a998638ce38d82c87983dc0eb0714a84a6836fe0bab31266deb3f9b6fb29bfc1f003e7c6c3e73f29b7e8efe69c32
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1fd02e111ef9c51ca8bed118634.pngFilesize
4KB
MD55225f9217c4745edbe95af119c9e0ee1
SHA1529fbc3fb4ca4d0cf2a244b573f57ab3a1a22e37
SHA2560e3712fdff533422e544576e5beddf8855d043808e5d94ec3cd976a915e120d0
SHA512a21a71fcaa43629881445c9b0621d606c57f4e1c4fa3ec1366991bd8a29f5d7ecd4a7b68fdc2c6f4f5dac6a76bf07cfde6725a4daabfb613b8bc4b32b3cffb5a
-
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\e5d2d1fe02e111ef9c51ca8bed118634.pngFilesize
57KB
MD5887b642b2242d057299d47c0df28c7f3
SHA10f28ff38538bc6b007418aef2a4a96f820fdbb81
SHA256af5a4b556490cc6cfd12bdda60ee48cf0bc097d3651c14846f1aa212f02f714c
SHA512184d4e90e15c4bbda781f90ed1dc4f705088210aa45833cc9728284364d8680cfd167804b71ceb4de23dd84faa430fdc64d24b1409a4717c5f2b929996ae1887
-
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-04-25.logFilesize
6KB
MD5050847065b921d96cada9aa43ab9b803
SHA19fbb7e7c159656ae42f67fc8591f0c03e532842c
SHA2561b29e7f862152fe87502e138fa448c60904d631fbd982860b26ce5cf68986890
SHA51212ac733dc2fbe4a0c6b7405fd0f065e0c629ba05f1dee1a91830ddcea7869cc31e736e79f2536aa05a7fe79d8e6c19267bf1d9004748e204fe495ab7b958c655
-
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-04-25.logFilesize
11KB
MD590760592a534cd8087ba7e52bb82829d
SHA1bdec4f1e8d06584ffc9f274f147b808dd1ee4a64
SHA256ee0a80f8d8ec99b9fa33cabb438905f531cd3b97de55b88d3c6b8dd491458c4f
SHA512a6ac937c2de4ae4398835d010d56129e338da2920ca66e2e61f82c1054de30a2cd964c1d9033acb1f948be93ce49d3592fd5e00a939aae445340ba227446eb24
-
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-04-25.logFilesize
14KB
MD58e29ff06e5d0371c79702eacb9dcf617
SHA139df7e30f5007634352e62d388352e9108a51cf3
SHA256ec1d6fc9abb3fa6275bdcba5d1fdb1c9ad10866bb41cb63bc20fce0327bb8a74
SHA5123193f83e04e2f4df559caf623dca48d574b036161853a3ee41a09dda9fbe9e4d7248f92c61074b227b5ce378b5ab805e54c6ad929623965cc90ad0f4673e83d2
-
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-04-25.logFilesize
15KB
MD5154d3d1fe2dccca453b863a0546e5cb4
SHA18492dca6018f4b21ed84b5dc634e89db4735aee6
SHA25675d906bd15cb367b12281a9da476854317c8f05cdc5eb4571524108cffb1c6f7
SHA5127dc968951ba96952d81f1be45c47575ec0d20423287e42189ae9d86b8b9f9e94d1e08b45fd0bd52b0d0ad27d9cba8365a28674bd3ef5af82cff4fe8dd9861260
-
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-04-25.logFilesize
7KB
MD560b741251ba72ceafa9b6e0065482d6a
SHA134743edb8e484886dc5497874423300dc904f6db
SHA2562e7c416401d7d95a08e49eabc0f46551284f19bb9272841775ee7db433b98d15
SHA512845640d18d13cc15da1832bcc03a309f4f24e538e865b074d01bb49ebcbad0ab17537800944c7177a597267c5be4e364d5ccce1947a6923d9c635ac8e92c7387
-
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-04-25.logFilesize
9KB
MD514a714c1f1790494b98ff7e8c6a84c4d
SHA110f6e39460e7895586560291bb7bcde41035356d
SHA256e6bdf1a02ae9d490412b2f2c37451b750d5d764383e8e45788ce1cdf8d1c8c7e
SHA51219b1e2075140723a4e163d5915e33f213a33791b471d82cb2ae6df74c24910a66ea07c9b5aac7f53da3705a3c68c0c47f3b012d3d18e00c40f041fb4ec5d813a
-
C:\Users\Admin\AppData\Local\Temp\nsi7521.tmp\System.dllFilesize
11KB
MD5bf712f32249029466fa86756f5546950
SHA175ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA2567851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA51213f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
C:\Users\Admin\AppData\Local\Temp\nsi7521.tmp\___ocnsis.dllFilesize
3.9MB
MD5bea3bdb7df888a7914181994af62baaa
SHA1a7e3a6ba00f3a29bfcb052435b380300b9c2cc2e
SHA256ef603dc803845bec994a01008800dc27b1c7764779957756ea758d7abf4d16c1
SHA5129ecfcee5e56ea07c50adbdd68587030cfc249a2743d7f188d6c345ac5401e1c18377ac212b0e1161d8dd0207c02484e0b962dfc5397ac89182684413aeb9dcce
-
C:\Users\Admin\AppData\Local\Temp\oct5EAB.tmp.exeFilesize
61.1MB
MD53cd42e0ca67f59339cd9746e18e56d3c
SHA1ef9c94b7188522cc3676c6f61614621667e1d00a
SHA256786c6058049a24ee99974bbe39ef3ae06cc8251021e78d85d3186c5fe56a157f
SHA5126ab8e4dcb94899dcf2d424bb80319b354dbc83066f17dd5cf2bfb2515addbfc3e1fc61e0974936dd429bec35081a616b92e2fda2bed1e18c72ff0b382c2cf834
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnkFilesize
2KB
MD58b7c4f41c31d440dd2802e56a56102cc
SHA19315c6d4e986b724f3aba94077e4b923d1808046
SHA256a1bf302a2ff1afe28642d04666427987ed1e04b0ac7ef5569e88980795379c76
SHA512d8c665bbab988167343968e7a3682147a7915be4bb2cd58956a495d3cff19d5c8cbc6077bf0ea49ea09e3e64c818810e1f334607a065bfc2120de038e73f7019