03d2321e8547c4f1d5eaf8470c12cdb8ba92697c90e9e0585e710126817a04a9

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Size

8.6MB
MD5

90a9fe47b166a79203970f60a46f4ea7
SHA1

05e22d5ecdd705e4942538991079d3656821471d
SHA256

03d2321e8547c4f1d5eaf8470c12cdb8ba92697c90e9e0585e710126817a04a9
SHA512

c0105776d9a1b7265a4795f06deca739e9e1cd403d3fd4ebab29dde044ae428508602a9abf68d32548982a1d189d4665e58d12461cc1af09c60ecf4bb2a6aa67
SSDEEP

98304:176wMlkYxXKNgR7YjTMbk+ust6tXHJwWkHmPh7gCNq7N2/wK0pmsCWrqufezvktQ:Iwi3K+lYMIstaiOgC8KVWrqufezv3

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Blocklisted process makes network request 2 IoCs

flow	pid	Process
28	1544	msiexec.exe
29	1544	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\X:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\Y:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\R:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\U:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\J:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\L:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\V:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\N:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\O:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\T:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\Z:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\K:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\W:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\I:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\S:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\Q:	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI20E8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1CEA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1E25.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1B63.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}	msiexec.exe
File created	C:\Windows\Installer\e581661.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1E84.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1EE2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2261.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI21F3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e581661.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1D78.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1FAE.tmp	msiexec.exe

Executes dropped EXE 3 IoCs

pid	Process
2072	lite_installer.exe
2932	seederexe.exe
4744	sender.exe

Loads dropped DLL 9 IoCs

pid	Process
5012	MsiExec.exe
5012	MsiExec.exe
5012	MsiExec.exe
5012	MsiExec.exe
5012	MsiExec.exe
5012	MsiExec.exe
5012	MsiExec.exe
5012	MsiExec.exe
5036	MsiExec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\SearchScopes	seederexe.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Software\Microsoft\Internet Explorer\Main	seederexe.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000040000000100000010000000c5dfb849ca051355ee2dba1ac33eb028030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
1544	msiexec.exe
1544	msiexec.exe
2072	lite_installer.exe
2072	lite_installer.exe
2932	seederexe.exe
2932	seederexe.exe
4744	sender.exe
4744	sender.exe
4744	sender.exe
4744	sender.exe
2072	lite_installer.exe
2072	lite_installer.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeIncreaseQuotaPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeSecurityPrivilege	1544	msiexec.exe
Token: SeCreateTokenPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeLockMemoryPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeIncreaseQuotaPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeMachineAccountPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeTcbPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeSecurityPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeTakeOwnershipPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeLoadDriverPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeSystemProfilePrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeSystemtimePrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeProfSingleProcessPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeIncBasePriorityPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeCreatePagefilePrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeCreatePermanentPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeBackupPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeRestorePrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeShutdownPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeDebugPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeAuditPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeSystemEnvironmentPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeChangeNotifyPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeRemoteShutdownPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeUndockPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeSyncAgentPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeEnableDelegationPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeManageVolumePrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeImpersonatePrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeCreateGlobalPrivilege	3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe
Token: SeRestorePrivilege	1544	msiexec.exe
Token: SeTakeOwnershipPrivilege	1544	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
3080	2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 5012	1544	msiexec.exe	92
PID 1544 wrote to memory of 5012	1544	msiexec.exe	92
PID 1544 wrote to memory of 5012	1544	msiexec.exe	92
PID 5012 wrote to memory of 2072	5012	MsiExec.exe	93
PID 5012 wrote to memory of 2072	5012	MsiExec.exe	93
PID 5012 wrote to memory of 2072	5012	MsiExec.exe	93
PID 1544 wrote to memory of 5036	1544	msiexec.exe	96
PID 1544 wrote to memory of 5036	1544	msiexec.exe	96
PID 1544 wrote to memory of 5036	1544	msiexec.exe	96
PID 5036 wrote to memory of 2932	5036	MsiExec.exe	97
PID 5036 wrote to memory of 2932	5036	MsiExec.exe	97
PID 5036 wrote to memory of 2932	5036	MsiExec.exe	97
PID 2932 wrote to memory of 4744	2932	seederexe.exe	102
PID 2932 wrote to memory of 4744	2932	seederexe.exe	102
PID 2932 wrote to memory of 4744	2932	seederexe.exe	102

C:\Users\Admin\AppData\Local\Temp\2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-27_90a9fe47b166a79203970f60a46f4ea7_magniber.exe"
1⤵
- Enumerates connected drives
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3080

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C70A60F70BD69FBE6B459A7D6C674E3C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Users\Admin\AppData\Local\Temp\AFCDB010-F758-46B3-921D-16C3CBA3D655\lite_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\AFCDB010-F758-46B3-921D-16C3CBA3D655\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2072
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ECD329B61D0F5C843801343B0F6CE84F E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Users\Admin\AppData\Local\Temp\9064066C-9743-4ED5-9C9F-16D98CE63FE0\seederexe.exe
    "C:\Users\Admin\AppData\Local\Temp\9064066C-9743-4ED5-9C9F-16D98CE63FE0\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--locale=us" "--browser=" "--browser_default=" "--yabm=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\8832C98A-778D-4184-B74F-80F9FF4A9C2D\sender.exe" "--is_elevated=yes" "--ui_level=5"
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\8832C98A-778D-4184-B74F-80F9FF4A9C2D\sender.exe
      C:\Users\Admin\AppData\Local\Temp\8832C98A-778D-4184-B74F-80F9FF4A9C2D\sender.exe --send "/status.xml?clid=2254737&uuid=05d8fe47-b2a5-4008-bda8-b3fdf09ab833&vnt=Windows 10x64&file-no=8%0A25%0A37%0A38%0A45%0A57%0A59%0A102%0A106%0A108%0A111%0A129%0A"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e581662.rbs

Filesize
591B

MD5
34f8eccfde25b7ae2285a64a01f2e58c

SHA1
42806baca3bf76dd2876c3cd58cf52ec3f3c3eae

SHA256
e265d8c92c114a9a0bf4c026464ae1c995489ce1dad8a86358084a3491a56e1d

SHA512
9627ee1d788db2b909b79c9cdbdc76b8e579d358b3260b82f7ffac62b06296021413513ae69f1ed8cae54fb0fcbce067a8d6400a44d14357285280b02485de69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

Filesize
1KB

MD5
6de4735813f22732251285b9cdee3851

SHA1
7d13fb7e72ad0e21cb3975c7de3092a1b7fefe41

SHA256
528ccfd733a226d8053be419a42a708daa29a12b84bbaf245b03742d8340ed66

SHA512
4f2623de42f128a58d93585bbf81fecb60f3ec3eef2d0c49cf4a08a0b46f7ce8f685068fc4cc6724d91e27da8941426f6491c66936ac35c00d188c246c0c623d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_22252D7CC6CD0EA80FCE3FF30A53AFB2

Filesize
1KB

MD5
38379a47654cd4b4b70f9d0e4af7bf64

SHA1
d8d33503bba7c11a9feb69579d79c6bcf4b21a66

SHA256
6ee1a116aa8e298323100c9923992e0f9f9f1ccbde2b085ff8b6fe2074465df1

SHA512
628039b5aed0d80ea83ba552053f1234dec3798c7d117088aea7de8f45cfeaf842fda5b8c78715c0b3f07c6350047b8b854939ae86c2dff30913780c107bf166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

Filesize
1KB

MD5
bb8cddcbbefd1338fce2c43e66dfcc10

SHA1
3c626f805cb642bafc7ea98da48dc74763dc6138

SHA256
40051b6f1d77ad0528bfb6961a27ccb513fcf111f252303baf888f978cc1aa51

SHA512
fffb20601a7db9665c7c351cd9678ed8040d6f64615fc412eed073006e5b2db12d45913c940cc5b5a318fb25fec6f8b17c0baa935d02229e6a4d8604d13a67d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

Filesize
1KB

MD5
2ffbdb98df2a2b022a48adeb94a3af50

SHA1
6c86923b5c5832bb102f041cb7d38db397074f12

SHA256
dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd

SHA512
a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

Filesize
508B

MD5
6dcbdb6edbd3360dfe4803724ebfe04d

SHA1
86cdef773509583d5a30f4fd411cece9a74f4e9d

SHA256
95dc8f5c2baa2e9107f5d839dc640fd210ef5e4850b98c599648da3be9db2686

SHA512
e9cd0e32a7c08eebd90ea08f331fe0bd3257d87239c314468ca931b2c41f1eba5a811fd56c35f252fae8dfec894b61b1b0a3d44264e4dc3c68900878b530f156

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_22252D7CC6CD0EA80FCE3FF30A53AFB2

Filesize
522B

MD5
bf90f8e157ff03650150883d1d655add

SHA1
9e38dc492f860c2cdd7f05579479c2d84afa90fd

SHA256
be776fa87a9503521cc64ac4d30616740f1d9ffc356586644ebda7054ac65b5b

SHA512
481b2bc2a1049ffe5f6a798342d36fa6fca6eec16e24f95952c702afaf0acab364ba930d2735bb1d612a910a5951350c0bfa50408664741dea1f7eb350cfd890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

Filesize
502B

MD5
6db3b8c455a648708643cbb61c650d19

SHA1
288dc698c0cd14dd6dedb29b2f29af6451f6b522

SHA256
62872936734d30f5b8e61d0b1dc72ce214a1626b14370fe1bed132420de96833

SHA512
6d78713cf0c38ca5e6acdc86cb8937e44708890a279a500e2286b3844034f83ffc4a8cf9c4cd89b5e1b548b1853eccf5991d1cd97f0871a90a2c9fa1cf929ed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

Filesize
208B

MD5
a72af72899d6437dd92e00e60bf949d2

SHA1
d8c0da2f89fc9270f44ee3f53317c3ee68155e6f

SHA256
d65e5d54d629e29e44652370aec70b59fe6f09441923ce23f56462d083ec6ebd

SHA512
7328972f3e990e477665b4a5c71d39efd6ad21bedda74fa668ba90778f81c7b3b9443d6d584d2f3031ec72e5442cee17cdd059def60c2e2b54b48f124cc9dfcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

Filesize
440B

MD5
504a8a6fdfcb5ab7094a55a50de01ac4

SHA1
6b4b58fd6ce90a006bc187daa275f999cbc8f85d

SHA256
fa7ab4269d4f76c51ad9bfa3163346d6ff3b8082c8205687740c5913490b16e7

SHA512
76d0f9324c92fce2eeaf0713af4c26c86a8b3873f87776ab6d3002daadf8476cb46e8d4b37461c0cfcbb2d48910ad6c97ed8aac72a14fcc66972dba1c7d698e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\8832C98A-778D-4184-B74F-80F9FF4A9C2D\sender.exe

Filesize
249KB

MD5
6e7542de2100ae4b5070ddf52d6e94d4

SHA1
564d7867f7e10efc64af9e6d755ff6bca0b08891

SHA256
ed9b52c3ef991944a62c8c47555abe6b459eb51096da4312a09ac09e8b534b31

SHA512
67fbc9507c26ea37666e975c51a41c0ab1c68df2118034680ea8f8604e41383a4f3a7a57015e87bb3544ed1d462161bc53b7aecdd2436f88fcc0f1399f33c2c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\9064066C-9743-4ED5-9C9F-16D98CE63FE0\seederexe.exe

Filesize
6.7MB

MD5
f9df2f062bdb4c2be3a3129230103030

SHA1
9cc3b360f49962f4fd4dff057315fa5531210707

SHA256
4867db55dfebe3c66f907b0214c6a746c3ed774338c85999d756d2bcca00b76e

SHA512
1398c9c1b0b1be117fc082068d67aacbf0e9899c6dc424ab883f58d5deeb4cac75b42d1ba64c4a3a7f6553dd05dbb54e67b84215f3bb9b0a0e2fdaf76787be73

Download Submit
C:\Users\Admin\AppData\Local\Temp\AFCDB010-F758-46B3-921D-16C3CBA3D655\lite_installer.exe

Filesize
390KB

MD5
d76e1d741effdfbed89984c77b180fa7

SHA1
966734fcf45a54485e821a7f3af537001d0caa6a

SHA256
0e3bde3de1a5decc4ce438bc945c532ee0d3674aeae2f2a259f685d58d53fd8f

SHA512
8dc5f11f716ac2066e542cf4f6faa2236a360386861e4c3e4a216ee9dba62bc099700e2241f75ba9db61fd56081fc1c8521f31cba4ff953241cc19560ae6a4e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

Filesize
35KB

MD5
508d6200346eec0c8e7482f2d2188093

SHA1
f31fe24b92f774e8647041efc3e5ccd5cfa0eb1f

SHA256
bcff483e74985490bc4ce63f0a7ddd9dec13277b56efb78e37aa2a1a6151bbbd

SHA512
1ef234d1cf2b7c669718b36c4f7d0cb3ab10a995bc3c316c41f75de415d811d4b0bcb63729cda17e7ff02d5e7a921a02b52232241f5cf0e4b7a1a2481f462a70

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

Filesize
549B

MD5
0b8a57142aa44fe4bf581abdcc5c8fcd

SHA1
bcf85db0d9411b523dd682cea7ecb8fc05eb353d

SHA256
54d977934d426c413d2d190a6b58db06c4bff4a3d412678fd5d7cc7f4a717ec1

SHA512
8b74a3bfe7ef32fe864c27f1c8f06fd4656903250be809344a4438200295835982f1dbb8614001259db9cb54230101905458dbd60d0c29b60e5c5808ab3b66c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

Filesize
586B

MD5
f3a4f7c3036060ae5445e6d077065413

SHA1
ea68438dc792ced3472f68d45c74765d00495d39

SHA256
4775f0650ef8c37d079eece58825038eeb1351b8b27334019b06d1b7ba36e5a0

SHA512
8745e3afba2d050614caa919c11e703c9d32fe81bc338c6682cfe85a83397ce19d052a55fab40c3a325fecb801fad5ae3fe3c9239f98859c07d047b49203b48e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

Filesize
8.2MB

MD5
244e9928cb26658b03e52dd33b7495b1

SHA1
e4c43075f799537580a3b300582c45ddbf4889e5

SHA256
8979e6bef3339e0c7006025407018199f3527ba98a6eaa97e5d87d62140a800d

SHA512
ab9d91bffc7444f4fac03822b4147f6708ce12d795d5980b5ee5089cf9d54b23d3d232665788a7a2c5ae8617406f279969bba37a3da1a884deb57cdb80c93399

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\places.sqlite

Filesize
68KB

MD5
d57cd95de07d3b15eb5cf8baa80471af

SHA1
322c0e13f2022ab255a8d2a50c5835779b6ccc3e

SHA256
651efdc8961efbf6476e4cc4b3965a4da72690ebedda009fd800c6d936a67696

SHA512
2e98256a9e76ae384f88b83075a321f60cb13ee6f7e8cb93f1919103b82ba79a67b5eec8a7d3043fe26b377fae58545e82323813897c0e67adfacaa885d6f68e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks

Filesize
1KB

MD5
3adec702d4472e3252ca8b58af62247c

SHA1
35d1d2f90b80dca80ad398f411c93fe8aef07435

SHA256
2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

SHA512
7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-2024002752.620637620.backup

Filesize
313B

MD5
af006f1bcc57b11c3478be8babc036a8

SHA1
c3bb4fa8c905565ca6a1f218e39fe7494910891e

SHA256
ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

SHA512
3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
6580c4522847e625c1461783d797330d

SHA1
b7b4d2d5eaedd348e9a72a286d8d989dabd50641

SHA256
f424628bf9af1fcd9a01e9cf77db49caafbf4a727d0721403f461b48026c0414

SHA512
d93f9a0727f4f27cef6a2f07339e2263df78aee38c7e2dc827b810217c9f20bcd57ecbe583d9ad531dc191ba6f0789ca02a9a21fc09ca3d55217fa6cf16daef1

Download Submit
C:\Windows\Installer\MSI1B63.tmp

Filesize
172KB

MD5
17d3de1fd7f7c6c3a6520d0fadea3e0e

SHA1
92587dfb70fcfc8db5aba782b414043ba24a5918

SHA256
fb28a17904096b3ee385d2fe1f033298519c0ebf69ced454b45fdad5247589c9

SHA512
1be8de8180e8a86735d8b3d97c808b85a6be545d9946b117b39c6e1c37124ac4ee6acf314d1982249b531fd24097d6a30a0b5228f0b30ccd66a5fdb4ed3e4f5a

Download Submit
C:\Windows\Installer\MSI1CEA.tmp

Filesize
189KB

MD5
84be3b020067fb25e77e72710291a70a

SHA1
792feeafa52d93e5ec6538794cd97df49666b7ea

SHA256
8591f02e50663689043d6dec34ade65cb24732914b73de5faa43e74ed5b6450c

SHA512
1eb0fe8f5501e623efcd033665132ee3859968aede5f496634ac107008eaa3964941d019a207c63e21c8b76f45bad718ca70c10ab81f8dccdf0fb89acfb9a0bc

Download Submit
C:\Windows\Installer\MSI2261.tmp

Filesize
168KB

MD5
a0962dd193b82c1946dc67e140ddf895

SHA1
7f36c38d80b7c32e750e22907ac7e1f0df76e966

SHA256
b9e73e5ab78d033e0328fc74a9e4ebbd1af614bc4a7c894beb8c59d24ee3ede9

SHA512
118b0bd2941d48479446ed16ab23861073d23f9cc815f5f1d380f9977f18c34a71f61496c78b77b9a70f8b0a6cd08fe1edc1adb376dad5762ad0dd2068c64751

Download Submit