a68a4362302d12acf4466e91a69eb0cff637d2c9d5a20c135386f185c2ad61ec

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 03:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Size

8.8MB
MD5

952cccb46b215ec9a714105ed1c6cb16
SHA1

9f3f0c5c541afeb45c0a880aa5e1eacf8126b49b
SHA256

a68a4362302d12acf4466e91a69eb0cff637d2c9d5a20c135386f185c2ad61ec
SHA512

8f085ac61093a06bf0e8a6ca35735e5bba760869f1752b390be9f929177097f91397bc5ed8a91e98dbe5700db7d8f828454ee103c3ab98173a61c0c0d7159745
SSDEEP

98304:5mCMLyAw3LNIsVqygGP0w1sBJ1QttoFCqkKq7NO55f0pmsOWrqufezvWq/vUv2Tk:3JBILX6svTCZWfFWrqufezvWqHUD

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Blocklisted process makes network request 2 IoCs

flow	pid	Process
22	1396	msiexec.exe
23	1396	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\N:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\T:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\W:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\H:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\I:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\U:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\R:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\S:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\X:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\J:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\M:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\P:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\Q:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\L:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\O:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\Y:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\Z:	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
File opened (read-only)	\??\K:	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI4B63.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5748c1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4AB5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4B33.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C81.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4CE0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4D10.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4BA2.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}	msiexec.exe
File created	C:\Windows\Installer\e5748c1.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4BD2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C02.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C32.tmp	msiexec.exe

Executes dropped EXE 3 IoCs

pid	Process
3268	lite_installer.exe
4416	seederexe.exe
8272	sender.exe

Loads dropped DLL 9 IoCs

pid	Process
1584	MsiExec.exe
1584	MsiExec.exe
1584	MsiExec.exe
1584	MsiExec.exe
1584	MsiExec.exe
1584	MsiExec.exe
1584	MsiExec.exe
1584	MsiExec.exe
2332	MsiExec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\Main	seederexe.exe
Key created	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Software\Microsoft\Internet Explorer\SearchScopes	seederexe.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	seederexe.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31} {000214E6-0000-0000-C000-000000000046} 0xFFFF = 010000000000000042849b72a09eda01	seederexe.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
1396	msiexec.exe
1396	msiexec.exe
3268	lite_installer.exe
3268	lite_installer.exe
4416	seederexe.exe
4416	seederexe.exe
8272	sender.exe
8272	sender.exe
8272	sender.exe
8272	sender.exe
3268	lite_installer.exe
3268	lite_installer.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeIncreaseQuotaPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeSecurityPrivilege	1396	msiexec.exe
Token: SeCreateTokenPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeLockMemoryPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeIncreaseQuotaPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeMachineAccountPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeTcbPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeSecurityPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeTakeOwnershipPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeLoadDriverPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeSystemProfilePrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeSystemtimePrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeProfSingleProcessPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeIncBasePriorityPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeCreatePagefilePrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeCreatePermanentPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeBackupPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeRestorePrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeShutdownPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeDebugPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeAuditPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeSystemEnvironmentPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeChangeNotifyPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeRemoteShutdownPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeUndockPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeSyncAgentPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeEnableDelegationPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeManageVolumePrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeImpersonatePrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeCreateGlobalPrivilege	228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe
Token: SeRestorePrivilege	1396	msiexec.exe
Token: SeTakeOwnershipPrivilege	1396	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
228	2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 1584	1396	msiexec.exe	88
PID 1396 wrote to memory of 1584	1396	msiexec.exe	88
PID 1396 wrote to memory of 1584	1396	msiexec.exe	88
PID 1584 wrote to memory of 3268	1584	MsiExec.exe	91
PID 1584 wrote to memory of 3268	1584	MsiExec.exe	91
PID 1584 wrote to memory of 3268	1584	MsiExec.exe	91
PID 1396 wrote to memory of 2332	1396	msiexec.exe	93
PID 1396 wrote to memory of 2332	1396	msiexec.exe	93
PID 1396 wrote to memory of 2332	1396	msiexec.exe	93
PID 2332 wrote to memory of 4416	2332	MsiExec.exe	94
PID 2332 wrote to memory of 4416	2332	MsiExec.exe	94
PID 2332 wrote to memory of 4416	2332	MsiExec.exe	94
PID 4416 wrote to memory of 8272	4416	seederexe.exe	99
PID 4416 wrote to memory of 8272	4416	seederexe.exe	99
PID 4416 wrote to memory of 8272	4416	seederexe.exe	99

C:\Users\Admin\AppData\Local\Temp\2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-05_952cccb46b215ec9a714105ed1c6cb16_magniber.exe"
1⤵
- Enumerates connected drives
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:228

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8C7300DF99D3A830A3A2547D21C8A980
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Users\Admin\AppData\Local\Temp\BB64F8E1-59E4-4FC0-86EE-DC26C5364400\lite_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\BB64F8E1-59E4-4FC0-86EE-DC26C5364400\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3268
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D28DE1B85CB154BD58E5FE02944C8A82 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\18001481-6F94-45DB-B2E2-011A4547A9F6\seederexe.exe
    "C:\Users\Admin\AppData\Local\Temp\18001481-6F94-45DB-B2E2-011A4547A9F6\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--locale=us" "--browser=" "--browser_default=" "--yabm=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\6F5B1B02-0079-4470-BA17-880130441D1A\sender.exe" "--is_elevated=yes" "--ui_level=5"
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\6F5B1B02-0079-4470-BA17-880130441D1A\sender.exe
      C:\Users\Admin\AppData\Local\Temp\6F5B1B02-0079-4470-BA17-880130441D1A\sender.exe --send "/status.xml?clid=2313866&uuid=8ec490bd-e3df-401c-828a-dc2c3f6e5a8c&vnt=Windows 10x64&file-no=8%0A15%0A25%0A37%0A38%0A45%0A57%0A59%0A102%0A106%0A108%0A111%0A129%0A"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:8272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5748c2.rbs

Filesize
591B

MD5
a02b97594d7fe1db310b20b6f36900da

SHA1
7af468a4398110bf772389dfda2c4915c3ec86d9

SHA256
a755238b0bb9d1b4e09ec4f8c3d4a9bd510c2a7cd2814a67d1b1e8beee791c53

SHA512
10b8f15827a09c087c6ded97d341f8a3eebeca1603d2f03c57364550117655fa40b438cbe3d6ad2d85e908723046cc44143b05af70c1d3a7e6d5402e4af5142e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

Filesize
1KB

MD5
11328a348d752e784815f061ce51dab5

SHA1
9e8d50eb943ae29cfc518c34f9278e67337454f6

SHA256
da16b92efcb80b2c86ac8c6a4e94e56a55c59daafb709c103c10a16ee54c1ea8

SHA512
d8aa9a8a92f11bd527430d71a7228a8209fb7d75a8ce9beae81a01d4a5f65c14a7b7d5014cd67595f12123a0c9e7746d35ab88611049d055351e291dcd511a1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_22252D7CC6CD0EA80FCE3FF30A53AFB2

Filesize
1KB

MD5
aabe78bb91ed894ab06f04a446c88db2

SHA1
80fcfcab60a31e7d990de60e95b0344456717d0b

SHA256
3ed80c0428aaa38ebd9e8454e5ab7d8a47902f18c82838451f71eed5d397994e

SHA512
0b54f3e2b81255dccddca85ab10a9a9d7d84811642c3ed2d275639b9e036a649488adccd428d575b91da4fcbc161f2ae5d7c1217d7c85eed73dd48a7ad55d453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

Filesize
1KB

MD5
620a1c6b22223c244b0f865f69523c95

SHA1
d200ab4f3c4e0df8d102ff23a3d0b8dcb34e79cf

SHA256
0edeef353604aaf6af04a8fba9931fd0772a9963d142c28b0a5ddd50ec338060

SHA512
e805ce01052ca1a672e8ff3b9c50c493bc26bfb1efdecbb2eed27bd99a89db9806adaf08f74db98a0efdd6c3d4cab77f27d78cf26789fc306e9314f97f7adfbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B0B1E3C3B1330A269DBEE4BA6313E7B4

Filesize
1KB

MD5
2ffbdb98df2a2b022a48adeb94a3af50

SHA1
6c86923b5c5832bb102f041cb7d38db397074f12

SHA256
dd12c5733bc4b682e1da6353c8c27650f53d11a8ada8fd8a2d06f23cecae5ebd

SHA512
a5f29661ac78ea205dd945fcc53e015152277426af4bcce688231ca1a564dc49144b2953409651737733fec72e9042468c780917543c007d7de74ed44058dbfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501

Filesize
508B

MD5
e19b0bb3fc467f10ce7860242f9a02f4

SHA1
6dbc4787ff26c068d9184c48ddd1e481a368032c

SHA256
fd566ee68494a7c068c2ab1b7b7259b2710f3bee814dbdeac9ce728486d32c47

SHA512
26fa2385e8bedf5897c2f22ba262f5c4c1ea0bd8e951def08ce04b0820662eb3c8262f71e62ad361883f94ec240561ddf3ea26c17729fbd3c7b29d00debf1fc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_22252D7CC6CD0EA80FCE3FF30A53AFB2

Filesize
522B

MD5
6477c8712480986997db2db0f41c1096

SHA1
aae53d818cc19b9b5059b290eeb712da7ff30b22

SHA256
115250b6dcf91d789fc7c38c1706459177f94af052f611e4ab88f4efc6bb6b89

SHA512
ada0539baf83d881b3d4108a521e036f8e76d751af42cd85782d0d60782c37b12480529fe16bf35e2bee3dbd9a64146f3572960b513330923cb945364e5e0672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

Filesize
502B

MD5
3db44cf740c0c69ae18a241598fcefbe

SHA1
9697796240a697c2123ad5f7a9cb2bba709e1bc5

SHA256
f4ecd2a677531c0b3e027f45d75579a902b0a4383e8fcf6865a11c2743aee7ea

SHA512
446461b03dbf8afd913e4e581f97ccc3c42e097e8995a81f89ac878a62575229310ac00cde8a3fbf87aaf663e3adca625161bfce8876226fcd0e95197fa34f41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B0B1E3C3B1330A269DBEE4BA6313E7B4

Filesize
208B

MD5
fc8f30d380ccf131a7a376fa7276560a

SHA1
c3eaba0295a0f7f78612723b12da378707aa0740

SHA256
23486e55c798b089c2f90414fe71ce7e6b624a3cb67e90e189d936c21d16af56

SHA512
17588a3d9d26e943875bc94fc83973a2c03524c7cacf2828aeeb9493fcc6a04e4bf0c26c9f273d90d0f3b3fb46f6cfc425e2499096c7f0818a0f8293fc3a75cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_4EA93225B46C4B45501FF0DDE9E306D0

Filesize
440B

MD5
a52b0eb1b2099efbad6feda10c5b338f

SHA1
13fdafbdf15223c814e977fc0d6560a5daa36590

SHA256
fe4db45ec140a6aa62ddddfc7c4d2f540b0f920069b549a15c2b4408176d3d2f

SHA512
44bb56a9f1f8344cc6b4a582924d7abb6d26b1f504639a8df666b81349adb331bb8f554c2476e8d0515d1d70f7d78b84bd5a87eafd83e208d2db60629d3899c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\159aa730-2f1c-47a3-88bb-d7e6c484a01c\[email protected]

Filesize
1KB

MD5
5a40649cf7f6923e1e00e67a8e5fc6c8

SHA1
fc849b64b31f2b3d955f0cb205db6921eacc1b53

SHA256
6d432ba7096090837f9533a33a686c846ad67aed8ecc43af7ce8af42649cd51a

SHA512
0fc42a2cc61528b14478f4b9ae098ea90e6b05ddbe10f3a6cdd6326d0d8e6185b49d2b8143b76a9f329bdc277cf02b54d98f374edd65df68a1ffc41e1c817786

Download Submit
C:\Users\Admin\AppData\Local\Temp\159aa730-2f1c-47a3-88bb-d7e6c484a01c\[email protected]

Filesize
688KB

MD5
ab6d42f949df8d7e6a48c07e9b0d86e0

SHA1
1830399574b1973e2272e5dcc368c4c10dbbe06b

SHA256
205ebf52c47b42fa0ad1a734a1d882d96b567e15a32b19bdb907562db8ea09e2

SHA512
6c4f9bb726384c87b6523e08339f7821ad4ec8717b26db902ca51df74eb89b46e4ded1504a131683b07b2bba3e6e911a549a8a83b2aad3971047c0fe315a1ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\159aa730-2f1c-47a3-88bb-d7e6c484a01c\[email protected]

Filesize
5KB

MD5
856242624386f56874a3f3e71d7993f4

SHA1
96d3199c5eebb0d48c944050fbc753535ee09801

SHA256
d86ed80d2a9e4e1af843a991a6553a2fefd5433b2144be0cfb63a2f18deb86be

SHA512
76d440fe2ed535677a1d249b289463bfedfc5d2afc0e269e4593bb113393f165856c07117735cf3e5a230b5d04a61c7126df24a466594d8c27b47b2047834a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\159aa730-2f1c-47a3-88bb-d7e6c484a01c\[email protected]

Filesize
1.7MB

MD5
e68cea8c6d4b16641f30dd930a952ebb

SHA1
7e8c4b51e6e56f35a2983ab6cb121341aeda565c

SHA256
a7f3f788323a12158d66f341c4711d71fc2244a2b07a68fb8df4baec0ff76f35

SHA512
96351e36a4c5020ed464b96b72bb3063db819981440bde7c6c3a50f7fe470e1d70f0350ec7c4bcd4808fcabe2ddfbdebfc7039ae2248c1455e2245f53ce44ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\18001481-6F94-45DB-B2E2-011A4547A9F6\seederexe.exe

Filesize
6.8MB

MD5
6df2e368846222aef04e596d9ea43aac

SHA1
57b59e1002d9d971fc504df0493d5ac54380027b

SHA256
f4adf79355ff21c11faf8283d06e28013478834a64d9473d27194f4dbcfed359

SHA512
a40636178285fa12b1b6f99802fdfd3b569c674b1864f5c6893ccb6a48c90232539704da8ea478457ead39c1f94c319467b41142c8aa26473a280c4fb329f662

Download Submit
C:\Users\Admin\AppData\Local\Temp\6F5B1B02-0079-4470-BA17-880130441D1A\sender.exe

Filesize
249KB

MD5
4ce9460ed83b599b1176c4161e0e5816

SHA1
ca1bd4f28ec3e6f4b0253764e6339e480d3549bd

SHA256
118d277f46df036ffb1ca69d9da7890c65c3807a6e88248f3ba703b0f51cd308

SHA512
1064da56e85d3b0c34c47e9fa0821b2ceb79e338e602e705b7f801c0a1bfb83246c340fa1351fc222216a12968bcc52540e105f186a3ef6f3e7c32348936daf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\BB64F8E1-59E4-4FC0-86EE-DC26C5364400\lite_installer.exe

Filesize
390KB

MD5
28b10eff9b78787aa18e424fd9319064

SHA1
0bd2bc3665e8988567607460ea6bfc51d45d4d5c

SHA256
dbbbf54115fb97f777180f67ee341cf16803ed6e85bf9af60ea13d9b99be362d

SHA512
a908a231c9db21767066ab13ec4a8ac451bc978f5d8bccf5032e5ecbcaa996c7e2afff0121036cc184a3c19a4caf542bb15dbe6ad6dae16c422f6ac6bc5a791a

Download Submit
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

Filesize
35KB

MD5
e5938904b436796c9b15199930a63c89

SHA1
42756e27244237311abfdabadfe4c8a08cd350b6

SHA256
3db509a98306b99ec0038b2cb7f4af44db5b9df03740e5a855b24e96062569fd

SHA512
b19770179453320cf44c4b631275676857fb1b9559ca91bfe8ebe53476ce16873aa23f9aabc1adbebf5b673cadfa0ea95afb56ec68f923073989478adc57b3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

Filesize
529B

MD5
bf372e44582ea029835e2a820d9cf0a3

SHA1
f7d4c5083d05c155be8213ce93f72559ff1b7046

SHA256
dcc569ff2e5c7caa6e9ee39cd4a2c8cfe8c82b1a2b2c269c4aa2014f83b685f9

SHA512
32990966ddd6baaf473da91701a6944eba49f8cdf179ed7b9d28ed061453ea0cc0e6e07f1907403049845e41bc55a406d8bb6590b94dc6b71d73bd878eb33c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\omnija-20245805.zip

Filesize
42.1MB

MD5
bf952b53408934f1d48596008f252b8d

SHA1
758d76532fdb48c4aaf09a24922333c4e1de0d01

SHA256
2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686

SHA512
a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

Filesize
508B

MD5
7ef54b83135701224135930aff8678bf

SHA1
5b5854e4289c3b6d2e88c3a0745c2063c61a0548

SHA256
8842b70e542dc56c874322cef738e0d2b55321fb531a0b0216d7e51a31111317

SHA512
d418b734c71e59536fa91dfd8e5833d783897613fbca83a46ab7271e0ab3c7e2ce53be6d5179117cce93a4c376195ccf5fbf92847b4ae4a0dd588be4213e09db

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

Filesize
8.5MB

MD5
c6957c347d86c1e6c1a4155e0484c83f

SHA1
7eac2cc11aaf47a85f7ea100aff666261feccee8

SHA256
e792c8a199a83ea2373a6cfb5bfc4f1fa57d93c9825855422bda19f34cf02ae9

SHA512
d9641ce47626d1cbb96ae247e6125377fe17c2f043a23e3eff5bd23cd3b8fbbf7b2e6439ebe97e13813905623b8dca5c7ee7ef72bb046a5d55c8cffeec2f3b56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7poa3l2w.Admin\places.sqlite-2024580514.528898528.backup

Filesize
68KB

MD5
d57cd95de07d3b15eb5cf8baa80471af

SHA1
322c0e13f2022ab255a8d2a50c5835779b6ccc3e

SHA256
651efdc8961efbf6476e4cc4b3965a4da72690ebedda009fd800c6d936a67696

SHA512
2e98256a9e76ae384f88b83075a321f60cb13ee6f7e8cb93f1919103b82ba79a67b5eec8a7d3043fe26b377fae58545e82323813897c0e67adfacaa885d6f68e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-2024580515.060138060.backup

Filesize
1KB

MD5
3adec702d4472e3252ca8b58af62247c

SHA1
35d1d2f90b80dca80ad398f411c93fe8aef07435

SHA256
2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

SHA512
7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-2024580515.060138060.backup

Filesize
313B

MD5
af006f1bcc57b11c3478be8babc036a8

SHA1
c3bb4fa8c905565ca6a1f218e39fe7494910891e

SHA256
ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

SHA512
3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
0d77485b35e3c9447d3ce38e43827aec

SHA1
1908d2124fa279793f3ba74fd725ef5891a31343

SHA256
16c5da2f41a594725648888c0356f98603ef857dc151a96ed42085bf8f1e47f3

SHA512
46e7b4346fef42adba1bb608aacc08f99e876c3266f956cb0e662dc5de86f4d0674b73cce58a6fa77d3fb00e1db4685184d4d63b26e47b944ae16eb8e86c28c1

Download Submit
C:\Windows\Installer\MSI4AB5.tmp

Filesize
172KB

MD5
694a088ff8fa0e3155881bb6500868bc

SHA1
096626661b9bcb3b3197b92e7e3c4e77ad4b2df4

SHA256
6f3a5bbd29f669712d6c2c7e5174dea6807cb86fda293acbe360bde81d29a633

SHA512
bd3a9cdf9ea591d462be8e00e9bc44c391897c40d598ada19f0377f3a6aea97aba03627d97d6362edbb81763fe3c7570d07bdfd5a004dd9e7af4531bc490bdeb

Download Submit
C:\Windows\Installer\MSI4B33.tmp

Filesize
189KB

MD5
c3a831564e7b54fb7b502b728e232542

SHA1
82a4f969b1f19dc6489e13d357ccad9fef4837ab

SHA256
43097d66f86e3a1103d4cc7c410e46daba8d1a7a991ab6c222d41bd2620c19ca

SHA512
4855ca4429974a0b111d42b86cb8f89188310aaaf9174b4cf462a968163c8b92e38d4a519c78133301b341be5cd02e34b55b55575e84f0d01c2cd11ae74cce05

Download Submit
C:\Windows\Installer\MSI4D10.tmp

Filesize
202KB

MD5
ba84dd4e0c1408828ccc1de09f585eda

SHA1
e8e10065d479f8f591b9885ea8487bc673301298

SHA256
3cff4ac91288a0ff0c13278e73b282a64e83d089c5a61a45d483194ab336b852

SHA512
7a38418f6ee8dbc66fab2cd5ad8e033e761912efc465daa484858d451da4b8576079fe90fd3b6640410edc8b3cac31c57719898134f246f4000d60a252d88290

Download Submit