134b02268dca5da0e72cd543d9e62f6a2b6fe662744274d4f18e5c4ea090c359

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
Size

7.1MB
MD5

e7c557791a5d351a51a51c5f122389ce
SHA1

c16b7bc74dcf89f6acd6726fcfc9673ce24a7886
SHA256

134b02268dca5da0e72cd543d9e62f6a2b6fe662744274d4f18e5c4ea090c359
SHA512

d0ccd6a93e48c6e9672efcb610d23f9b86b08cb3f515db5b2acda41c37702ec82990fb684b8e37a422c9f4a6d07c45fd519645d9382b7324e8b4d975f01dc0b7
SSDEEP

196608:uBx62ceuZ01jC1TWO9WrKVo1wRuNBuyiMfypdL:u8eS01j4pWAEuyiMKpt

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exeServiceStartMenuIndexer.exeoct40F2.tmp.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	ServiceStartMenuIndexer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	oct40F2.tmp.exe

Executes dropped EXE 3 IoCs

Processes:

oct40F2.tmp.exeServiceStartMenuIndexer.exeServiceHostAppUpdater.exe

pid process

4360 oct40F2.tmp.exe
1668 ServiceStartMenuIndexer.exe
4012 ServiceHostAppUpdater.exe
Loads dropped DLL 2 IoCs

Processes:

oct40F2.tmp.exe

pid process

4360 oct40F2.tmp.exe
4360 oct40F2.tmp.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
4360	oct40F2.tmp.exe
1668	ServiceStartMenuIndexer.exe
4012	ServiceHostAppUpdater.exe

pid	process
4360	oct40F2.tmp.exe
4360	oct40F2.tmp.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe

Modifies registry class 60 IoCs

Processes:

ServiceStartMenuIndexer.exeoct40F2.tmp.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	ServiceStartMenuIndexer.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	oct40F2.tmp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	ServiceStartMenuIndexer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	ServiceStartMenuIndexer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	oct40F2.tmp.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe

pid	process
1844	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
1844	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
1844	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
1844	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

ServiceStartMenuIndexer.exe

description	pid	process
Token: SeShutdownPrivilege	1668	ServiceStartMenuIndexer.exe
Token: SeCreatePagefilePrivilege	1668	ServiceStartMenuIndexer.exe
Token: SeShutdownPrivilege	1668	ServiceStartMenuIndexer.exe
Token: SeCreatePagefilePrivilege	1668	ServiceStartMenuIndexer.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exeoct40F2.tmp.exe

description	pid	process	target process
PID 1844 wrote to memory of 4360	1844	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe	oct40F2.tmp.exe
PID 1844 wrote to memory of 4360	1844	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe	oct40F2.tmp.exe
PID 1844 wrote to memory of 4360	1844	2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe	oct40F2.tmp.exe
PID 4360 wrote to memory of 1668	4360	oct40F2.tmp.exe	ServiceStartMenuIndexer.exe
PID 4360 wrote to memory of 1668	4360	oct40F2.tmp.exe	ServiceStartMenuIndexer.exe
PID 4360 wrote to memory of 4012	4360	oct40F2.tmp.exe	ServiceHostAppUpdater.exe
PID 4360 wrote to memory of 4012	4360	oct40F2.tmp.exe	ServiceHostAppUpdater.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-25_e7c557791a5d351a51a51c5f122389ce_mafia_magniber.exe"
1⤵
- Checks computer location settings
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1844

C:\Users\Admin\AppData\Local\Temp\oct40F2.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\oct40F2.tmp.exe" /S
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4360

C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
ServiceStartMenuIndexer.exe /PRELOAD
3⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1668

C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
"C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe" /LOGON
3⤵
- Executes dropped EXE
PID:4012

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
Filesize
10.6MB

MD5
975e50a6a7987c4daedb504fe99a92fb

SHA1
5373cad041a4f508315aec0aa1ad9cc2e095dfc2

SHA256
4b7b6fef62293e81f274b496068bc83dd06b7cf9a21cbf3be6efff6029b44872

SHA512
c351a77d06bafce1adc4226fb283cce9ac28bf6de2bdc41c5835a2eedc30c72e3f2c360746f501991d05b8fd7b05f61f3c5d7206881929fc0dc49db514823817

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
Filesize
2.9MB

MD5
da1032987448c5271e1d90e39ee991f5

SHA1
df9b8780c10de47f8c829f419ac107c7d0677682

SHA256
d8cae77dccaf4c3eb1e943f257204bd09084d810c90ad90ac20c318e4261e80b

SHA512
78152652ada500216f755ea8323a630f8c92b3894e21bfc298915df31eaab5f88723a3d2276f81635477bdc217306812220b5f5385a4075816c9992c45a63c2b

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b72f21a8411efbca5f6d93f980912.png.compare
Filesize
846B

MD5
d495e09bd9899c0410c4d67aca1192ff

SHA1
22e0eb07a794c1fb2fa7127f2d6e30685f9b5f10

SHA256
f90e336bb5f46bdbd6144e81daa57af8eab0f752620c0cbd151b45fed1bc34b9

SHA512
02e188ff6c076f550d4b676dfa77a6da31a412c27f9fb09766f88fa56a7652fada23a7692e708f26202ab5110a12ad78eb6bad958354fe65e0a9691c1c4f0c75

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b72f61a8411efbca5f6d93f980912.png.compare
Filesize
531B

MD5
9d3a7815aebefca02c1fafb0b7fa87cf

SHA1
3052ad2feef0b2d211b51c8180e8f77782aeccfc

SHA256
601333277a511e3e079cb71acf743419496a5e430f89cdd8b0cc93cde9e8f8b0

SHA512
955f651b805fe7db0cec8a6970f3dbc466e711c8ff0150b9d744f53ee905d8c85b8f811dbf99b1d60b1dec32d09723229b0d6611d9ee377743a4fdcb2638cd2f

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b72fa1a8411efbca5f6d93f980912.png.compare
Filesize
614B

MD5
27666a793fa11760547454944f089546

SHA1
a3166a4a1a04891d2a30d7988f6ae2be5b5608db

SHA256
b14f658cd0f545e53148b65dfcf3b9630ef2af84cbafd6bfa48f8c165a2500bb

SHA512
b56ebb454a360ee4bc65e655adef136a1950a015f136b756b8059c5bc13e8df7914045582a5741651ac6a80f3ba35c6801b92a106fd2020caf1f444104b64a25

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73021a8411efbca5f6d93f980912.png.compare
Filesize
802B

MD5
df7a4fa395ad23842a01a678994b50d1

SHA1
aa88706aff04026caca74dc352c568cf4c92fcf9

SHA256
ccc44bdcea482f2f2fd89c6d350071ed0e5879fe46693a0dc5792192c14a9178

SHA512
e5dc4c54821990825a6eb9c415519a38f4c5a214a7a55540a4c6bef7aecb86137e4bbbc70026707dbdde4a3e30f5c4ed825b2a0b5c594c5f5e15e632351aaaa5

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73061a8411efbca5f6d93f980912.png
Filesize
662B

MD5
24fbc352a44321963d09c74fb30e9f08

SHA1
71fbbd923882741a17f35656231f836c59b03da4

SHA256
d848fbf20333fb1f097e7402a27e281e6109f8c1aba3f598b66e5c83dfedf30b

SHA512
1edc6a5ca9e4d1227b8ebfc79a6551c7f87dcce13b9981f57100ab482b4bee375dd653ac4245f3fdd83d13236819f62ed21ade3cd503c9ca35e9a6cedc4b4240

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b730a1a8411efbca5f6d93f980912.png.compare
Filesize
627B

MD5
09179b2a273b7d279068f570027a43bf

SHA1
0f7d5c0fc142df7819d9bbd17fabc5edbbc61b1d

SHA256
0af2b0f377e2f51306f6f8762d606944bd73aee140798c9454ad30cf9658a5aa

SHA512
eef7c4cac7990e22619bc7aa883f686cb8e832177749c3e7cf63b678f37b4bd67b77077639826fe115651622deacda80407f68e9a52853434be24103c375acff

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73121a8411efbca5f6d93f980912.png
Filesize
303B

MD5
409f205360f9aeadb925f46f4f2a5ac7

SHA1
118b94885125d199ca27b32ae5d30e51f867d26c

SHA256
03799be4d9b5c71541905081ce2313ead4bad19b92a2d2424bbbb1439ed5d04a

SHA512
6a476ef92278c1d996f0b604947581faa1ec43d11e2945f7dbaa73f7d76ef621238fd9bce56c16718767f236de9a281838a7206e304b0efaba487604bc0815c6

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73161a8411efbca5f6d93f980912.png.compare
Filesize
898B

MD5
57659d81293e851d6211392ced456e7a

SHA1
4556b8958edc41aba8f64ebb3b0d9674c6348db5

SHA256
83d8869e2ea0de994d785bd482a522bfbb23bb3caac44916f0697aac2b4653cb

SHA512
74ef58fd0c405318ae570ac73bb82706c520627ef1aa9782645001ff57145118f27b73a3480b6bc5e4c5cc13413fdf99ce004f03880e8c74129160878645d7d4

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b731a1a8411efbca5f6d93f980912.png.compare
Filesize
816B

MD5
b20e9c46a6c3f312c67194f6f3665d0e

SHA1
c3050b3226a28aa90433a6a2ac524b22d8a03458

SHA256
8a74bd7bc15a20012e176233f407789e036cd979017e42bc0d3db93a7706cf1a

SHA512
e6ee5ff1a86a809c0b57543325e6a6157f9458e391db17dc4b5482556b9206194f30658a572db9e0535c7063e3cfc55523af9b00307f3c52deb35e6bd02de0fd

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b731e1a8411efbca5f6d93f980912.png.compare
Filesize
526B

MD5
a63c60af2e9a1ea35a80e93d95a25bf1

SHA1
76fd06bccce4fdda8b3a088b7d22d2a8017ad53c

SHA256
60f1134cb1b26e89894a127eeff8579dca3a25dd86af5ca7bd03dc9602c6fd70

SHA512
a91558a60260c19e35ef76619b13214ae017995c14c4ecf3144717ee05e0a3bed2b0f66a9d192260fd88563931f83cd5de72e531f35e1d6f41599f1162d741fd

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73221a8411efbca5f6d93f980912.png.compare
Filesize
449B

MD5
37e050bfb1f28142eb03a3f8b5790925

SHA1
8d59237279dcdcc706c1fc040043fc39aa10e21b

SHA256
4d2e1151e591ede48d31ccdf4c982abb5424733325a91c3190e87752d4363282

SHA512
eee941ece7fadb2f1371bd7a3f85869e21b2231d8691270f922b9cf7732903bd2531b31b9054066f1e595d96836f04b198d977f599eefbb66c5cec51172f2206

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73261a8411efbca5f6d93f980912.png.compare
Filesize
379B

MD5
ded7c6e8b9868e660d490859e69efef2

SHA1
cc045e91f0ffc9f182c8ead8ecae069680fed42e

SHA256
f0376d903299f9a81a5d002870630f94d0bd90866a201c01c0ff79d6f6cf94c0

SHA512
f231e17b1c8edf764fd23160bf0f87288e5fe476d361e57fdaa697bf844f2bf781eb5fb50c8b0b4d2f7e37649b0a532aed0c9829c6c3372a0f38a6df80747663

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b732e1a8411efbca5f6d93f980912.png.compare
Filesize
888B

MD5
5f916bfe3d914b43934342c8481d227f

SHA1
6d17ed159fbb62f768da8cb5d6c123527e95090b

SHA256
640170ca50156b97a584baddbb81374e3b56f37c5db32605351b8886de56eaa6

SHA512
5415fcb1ea840320b4bd2dc108e9ad2ea8903ce5cfe1deeb6f0360cc323efd6abebde188eb541ec84e6ab2c1524a274a0754199af2ffe47eb61f12a6cda19932

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73321a8411efbca5f6d93f980912.png.compare
Filesize
742B

MD5
34502e147705e3e2fddb6297236816e8

SHA1
74ee02c9f7aeb5c49cbde7bb324c4b458e72904b

SHA256
24a3a9042e1ee7719307850ed29a4359cd7d9a0ca08d76af047282967bd06bd6

SHA512
76e053593fe9b11efdcd41ef8e87ee5e44d79a12dec5f8f0a8df8afb9dad4c594c4e8dc4455d8b92e1d6f6593833aa7824464f14b79cdb13d9d3a0538f0fa20c

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73361a8411efbca5f6d93f980912.png.compare
Filesize
363B

MD5
0c47baec3f396891e4e2e8c29ebf666d

SHA1
2e4d55e5dcfd5cedac7b6ab6c0ae65b4649863dc

SHA256
a3832962dc8ec8ce5b14e0318b5f023c77b23909f21f931f5b4caa13b0f20675

SHA512
07abad8641f73a0b188eef06cddec23f173035e68b60b96552bbff9060d8e6130b4c8a0ae8366109d3346987ea5298222be59b4d10e9f7ce1ad01fb956fc450b

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b733a1a8411efbca5f6d93f980912.png.compare
Filesize
600B

MD5
46f8418c8fff05fdfaf6e1dc11c6df14

SHA1
de93b619e6838789e14e7b243b6c9eb4028b5209

SHA256
29dc4d1956e5874ecd46aee57fbd5fc9156e6fe921c9029d7d32534ebcc15757

SHA512
08731185412cf5ce26c34f387db85337a0a233b67f63cbab3081f050225c82d85921a31f2b520fffea0d2c562b88bfb09d8d1489f1e36573e41f1c0cf9d298bd

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b733e1a8411efbca5f6d93f980912.png.compare
Filesize
836B

MD5
0c618eb7fc772cd238017e84a21a88a8

SHA1
d7ed0c390500bc6869a507cc6dbf3f729aac887e

SHA256
1e3a4cf80be3b203f1c2037b9dd940731d6a2b8f1709ab04834fea1e53220812

SHA512
49bd1921746a7ca9b83c9ce191e602387d2d93a798fcbd9342ab315dda7eda7b3cf9a7698fd7ba1e56c87d51289a5b3a18d0820f4b5ab104dd76a90e062818f6

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73461a8411efbca5f6d93f980912.png.compare
Filesize
687B

MD5
ef19dd8f73bea37d9e28e8cd85ee4e95

SHA1
4ef634e974a59fe976f2c2ec2e092f5b55bda9bd

SHA256
93b3a0f4e4b3da6e8af72d93df7785d634f0d0d2613fe000e84d422b85230987

SHA512
e9dd565c2c400f0136fe6978c9afecaf00a309263b94eb23fbacaf9c46cbc8fdd65c798653a8e4266668c287bef5144cf8cb62c1db146de73c6d27512897d141

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b734a1a8411efbca5f6d93f980912.png.compare
Filesize
603B

MD5
a8320db85f8650a85953d8f375f31d7f

SHA1
5051406133fb903094334d2a44ff3ad35d89f240

SHA256
7c4c73eab72c234b1220bac99a4b62d5ae23455be5740d4d6e0a07ee8617e1dd

SHA512
23b7f7fb767d597b189aa819ab54377122704467d0b725ca18208c57e0de31fa9254ecb0fa094e95d764d5a78aa1ca7a960a4268fa7de469bdd7e302bf26d750

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b734e1a8411efbca5f6d93f980912.png.compare
Filesize
903B

MD5
e418610d2901a954c45ca7d8d14def94

SHA1
50add435db112f4633f05aa82e6f8dfa6b89c09f

SHA256
2500e33d8ac3ab15e60e7b98b91da9b298a777c41e2def355e7a173f910d4765

SHA512
54ee32888a7021deb59d5294c9eae8f0a44b7fbf7b1456783688ae65cb30febf2d7c87918864a418b609139c73e4fac054ec4b291b4e55ec3f5241104422b450

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73521a8411efbca5f6d93f980912.png.compare
Filesize
912B

MD5
f08ceae28618ba55cef1ebcbf954a628

SHA1
d8524df8efdacddfa8d9f96c1086655b7657d39c

SHA256
e6bc98021145873772bac0fc4aca7a2a63dc5c535f93185d6ef8497ad748b18a

SHA512
0dc758ee4e28aa74e13a768117e5f5067232fe4569fa8877a4644c9d6fea7023ad059e3239f68715a963232712136b3284b8b65a72b026a602d76719620f4037

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73561a8411efbca5f6d93f980912.png.compare
Filesize
501B

MD5
851d2c4d0119dbfc5e2da4b05e6e3f48

SHA1
610100221bc7fb32230983b48e3f11b8c72554df

SHA256
f2793b70e8ed1c7ffdc02bd4e5e83a94dda0ee9d30995396b729d74315c2d1a7

SHA512
e2e509ed5a37734cd36473a6996056e420bf0ba687cff6ed8ad429f1152436a2802c0933752b55c445452f9319faa8aa677feb207c0896184ef5a17e22aea628

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b735a1a8411efbca5f6d93f980912.png.compare
Filesize
486B

MD5
ff966ae89b1366ae6e07e66ce3ab3ba1

SHA1
51d570794235e4bbf5f0a4a3093abb9b855c3d9f

SHA256
42f44b5a5dabb08539c9c3588b5665c05d27d8de7831592d72cb6769470ecbe2

SHA512
360ecd1b04beed28e9e103b21f48f88547d0eea30fcde307e666142ad97e5498a98ad55d7aa09a59683e818682ed00eb023a533ba08b94b82e6c91873d73f9af

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b735e1a8411efbca5f6d93f980912.png.compare
Filesize
415B

MD5
a4d10a8b9dbce7598400bbbd96a11248

SHA1
c552286ca4ccb618856f107d738c471810f55118

SHA256
ee60b8267fabde8ba2118580b3935d56e5a4e713d3be115421a8909f666cc68d

SHA512
2d32aecfefae82d0c412dee11c66f7c3f23d4bc06bc88174ef84257728db4beeace4aab05b201c26ed514d64204524a234d0b8a921264727b3055e609692fe33

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73621a8411efbca5f6d93f980912.png
Filesize
483B

MD5
23d34cfd73e18438d7a352fc58008a67

SHA1
38c6158ed085dcfa9144a3f8ff3fcb801a10ba1f

SHA256
e8178172cb8280545c3e115b09e14cd42b04910018758f7d46959469f11c2ade

SHA512
b73d7de71189ea0fedc014b5ab53317237d4f7becb29af6d9b26e1a76b8297b9d0ffb6dde52a39410d057ed750345b2da1fd19cfc4c67890e55a529124ab4190

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73661a8411efbca5f6d93f980912.png.compare
Filesize
742B

MD5
e167f54e12462548e9134434c085b2a1

SHA1
58ace4ba5a71d15db04f2eb62cb7d41f039ba4f6

SHA256
e02536a4279072c13539a00f6378fc44e021a055485520f8c988a0699962dfab

SHA512
05d7e0ca0082a8ca6ac642d4878f8d8288ce648f334b16b4eca8d1ba605dce3a396b66118b942a4d429a723e151cdd9efdd1eae53a120e04cd66586c9b35a399

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b736a1a8411efbca5f6d93f980912.png.compare
Filesize
679B

MD5
3146166ed1fd8057e2219d03b8371493

SHA1
5c48ea6d05b84d7d606749fd407b6b32ee1e3946

SHA256
dc29d54b597088a3807b862f3eee3c0694093e18bf41b5dc0167781ee49db8aa

SHA512
5467d58fca53f1b4dad65e97ca81adbaeeb8333623d64376d636784a0494688e3b7b51e7e638ad1299719feb33e83050c35c4e4cda50dcb4fdde8604676e65d0

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b736e1a8411efbca5f6d93f980912.png.compare
Filesize
543B

MD5
b0e099d59b68278a221d5ad0e0358d72

SHA1
927d01d9488f49166c7c628d7496e8f0671fa69a

SHA256
ecb6e8c5def4c27b09533b7f3bd140b1eb928da0a905df676589ace2fdd7f8a2

SHA512
61c4047ca8bbf7936035fa097b80091b78cc733c299836102698558da855a5dfc454d53bcf4ee1a4c950f911613190455f52281eeef27a2a79b7c141ec814aaf

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73721a8411efbca5f6d93f980912.png.compare
Filesize
419B

MD5
bafdc1384f760cb24225d8f469b4c850

SHA1
045382a11bb7cd98ee45d854fb710b487dd6499f

SHA256
ffbb91bbee6d387da490a211e82c9dca169670331c1387d28951b2eb0823581c

SHA512
46f9df83deaaf63cfb1508b9021f2a50ab4ec20a266777c1488b4dad994854dada5abffeea71bb30d0162de518c50c87339569f6d6640a2ff884f6a9b696a7a9

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b73761a8411efbca5f6d93f980912.png.compare
Filesize
522B

MD5
a5b89d38f7b57e3d8c54a9d47b5e313e

SHA1
cd99946c765ec449064af3cc1cff7c704776383f

SHA256
8f962f7440af38981fc3e152f35ba1eb71826b6c3c615c15539de33c5f563db4

SHA512
e431b569b73b49577ee24e69a7ccea1ace281472a5683fd71ff9ffa86577af767b839a2df03f8618f36fae9002f7687195390a90a90f3c6c50f18d041ed2d116

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b737a1a8411efbca5f6d93f980912.png.compare
Filesize
713B

MD5
8f885008995299d06b4b05b8d1c84518

SHA1
9219191880e205d8cc4ab9811c66fbf5b54b5b97

SHA256
cc6b2e2e8adfc0a1a830699e44dbad67756a707b80a16df14469b8f669925a28

SHA512
cc5b99241c39865bfbe18de11036888da3b85299e9e044c8e11a63136addc46a6ca7ebac06c58f8ca269d9d805c27e58b9a5806a3497ceb636fc81b37a3cd414

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b737e1a8411efbca5f6d93f980912.png.compare
Filesize
257B

MD5
f3cf25df56c59a6ac274f840b0e6b0f7

SHA1
e14e5524635298cc84df281e4c3451c127d1da83

SHA256
12ba1332a26b7c74aeda5dbd45cab9b7ede2f3dc6672ca07eab9b76a5b4c88d2

SHA512
007200b4d4050d2c384d253ab42af407111846dbdf6da8bf3a663548fb85eb87d67ae01fe3ab9d2dc3590dee554a09ffbdc32204a3665d16972bd26b87699d8c

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b74811a8411efbca5f6d93f980912.png.compare
Filesize
846B

MD5
62d26a02c8f82b63f409dd9b03770272

SHA1
50d2c50caa398744334a3a597636204695fdbb10

SHA256
3ec4a260dbe807de12b4a78b8cd7145b5c110d53b6fb23222232c396c4c30307

SHA512
364b6ee92720280d4672be436795d20819b7868199c27300350a9afc89d41559f251bc31651f91b54569fcd0c8d2ef70ffd97424b7852bfd7e43be1ffa17bfee

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b74bd1a8411efbca5f6d93f980912.png
Filesize
632B

MD5
be79cf3367a8e4981cebf89afd21b8fd

SHA1
922622b173c68d69a48d856e8b71ffb22ce14cef

SHA256
4e0630d842961a0a8b1095f80a4167f5672ea5566f54ae841170e46b9e6403e1

SHA512
f070f187ed5061a8566e3485c01de6a11e31628713c6aa5b0c3ac67e4488a8e2586d62f85d89853ce12775cb912bca142bd78a0fa1425b98d50c96c1110174a1

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b74cf1a8411efbca5f6d93f980912.png
Filesize
1KB

MD5
1e93c63b27175215d330f71df243ed36

SHA1
bcb8444e0aae425978b6e7b75559255f9fc6b6bb

SHA256
41bc2267ce6c52bd380781177601275f4f4baf85d15416c8b22c5710ed201e66

SHA512
cb1e8ccc6305cafa023743aa9c94ac294ba19d0ae10f8dbbb572829ae53e0307c7e70e1096128d7ed5cbc577d298c8cb1238e4e9aa47771443f9091e4bd141ee

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b74d01a8411efbca5f6d93f980912.png
Filesize
2KB

MD5
d92e99ab213ee4c655ed0d6618ff288e

SHA1
354037d41bbaa9a21d4386f381a0f75e8480ad19

SHA256
90edc17ff5ca4d6a2e265f4473563334a7e799da4f45f07b6188c8f4f418350a

SHA512
c269799d949b37e35bd0afa76d6985f4e43a3b331a6667922fe06518a499eb4b4b523dfea6caefee0c4a17fe428c1f565d35e1163aa8db831038cc6d7450c530

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b74d11a8411efbca5f6d93f980912.png
Filesize
53KB

MD5
ff322d763ec1f410fe65de234d587909

SHA1
08e3fe6409f344890a3a75eb3b36e1dd5a59f75d

SHA256
03e0db119333cbda7c2a692d414ac7e2770e97eb373998cfc9e6ea9bfeb22104

SHA512
26a08d792f856fd12bc11897c7f86c8dd2b134ff990e854fa83ad59b8b4a471b922754b8d57c1c1f5bd25822dd2c49fa5733e50627d79ff6a8a46bfee93ec457

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b75051a8411efbca5f6d93f980912.png.compare
Filesize
605B

MD5
52073ca1be30dc0807acf7459e3a3d8e

SHA1
fe56a698e0478f30d19058394735dca75efd9ec8

SHA256
7fb86e8afbe25ce25b07524e84eed5f7f6c656afd3103ddad4a80533974acaf0

SHA512
0b973ec70be9968d298ae2cce622200d248695459c00c46dd70f8f1814fb62826539cf99b744ed7660f5b5c4b81f350b5afbb335312739b651354eb2705f3c3d

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b76501a8411efbca5f6d93f980912.png
Filesize
213B

MD5
ae43f1321d104fcb03c1da6154286ce3

SHA1
20e917c3f0b556a51ee07fb3de512dda8c0fcf5c

SHA256
939fe49c93f1a1fa4ebf600f22dcd1ef0adfc0ac817735a465861deb5e4d50eb

SHA512
a305dfe8842b5473e6161779d7ef5f9ec739cacf85cea45ef70c232a157faa061491a9f64324665a6e44a928132719ce6b0cb11742d95e458cb6948889025a8c

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b76511a8411efbca5f6d93f980912.png
Filesize
389B

MD5
7ec4f8dc8ee3b2f23bd56eb3891c4c09

SHA1
7a7f3a486fb66b461f4e692666ab419f2924cc27

SHA256
575ef7061a2ec30fccdd46ac67e7ddb51f7b19215b4adac6bcf86b3d5a988616

SHA512
b702e85283f7ba6c532a150c106ab0eeb161120729de0d8c8f37361372bd4ef857c3a609b447912299e4739808c1d9cdd2aa46991d9f0c81ea7cf3cd23e87d61

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b76521a8411efbca5f6d93f980912.png
Filesize
533B

MD5
4762fbae75b467040222b16a94616ac5

SHA1
5684ad88f049145a099a546d9131264f233c354c

SHA256
6c2431538f213ad2c95d28df6446f9a42c785d8241e60bf799832d6b827eea84

SHA512
369dc792c430c67b2a6017a0c7cf8b8286d00459f4e9896097c92f3f55a33f03c3d408321972eb56b37d1b0584427d0bbd7ad893b016664dd0bb7b6e98b33b77

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b76531a8411efbca5f6d93f980912.png
Filesize
3KB

MD5
74f1e54688409597f6f3e0c4d3e21a10

SHA1
17029462506e44c94263072b8c6298bfcfaf8283

SHA256
6e54f5c10b49429a15214d34d8061e06ba9ef9ec5c18d852c20ddcd92bbe5990

SHA512
f1d5368efadf37cc849c63cd75a138bd5470ea30537c6d169b6fdcf3af1f2bca958306e570eeeb6d3c3efc3bedb62c54084f52babed92d082ccd5ff107fb4b21

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b76e11a8411efbca5f6d93f980912.png
Filesize
2KB

MD5
8fd601909484c953bb7987b888c61691

SHA1
3989a87d56c92d09a17b5befdec1ccf07143ad94

SHA256
f5fa1535df7c76244faef920b6a6b84cdbad37affb3fd855e17759a00da0f814

SHA512
51845af88d9f4bc6bea9107f4953e7744c8a936c644ba16eaa6a0e535bf7842a1fc847f7bfff1f24192c4737c6a11a93b43a4075a993f2d4d4ce6bf4485141a1

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b76e21a8411efbca5f6d93f980912.png
Filesize
4KB

MD5
bd6d22ca1617d4d6594bc59ebd577ff4

SHA1
520e595492f8214b8a2e20aa76de323220429055

SHA256
65f2a673da464095878dfe1d94043ad242acd151ed7cd3641c96875c098d3522

SHA512
b4d69579b8b28dada58d14b5d082a7b203a290324727fd2f309a9c2e2c4ea1a1b3a98876d74dfee2963f7006ed9319ed93131628f4862e0f82d073247cd6c471

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\366b76e31a8411efbca5f6d93f980912.png
Filesize
63KB

MD5
a1fb16fb73739d9f0bf9b1123fd3a734

SHA1
149af19c3296bf9993d4e0ded7617582c2501006

SHA256
b5371325df11f175bb21fc9f9d827a4314ff28ecf7846df976d26d8046ed0041

SHA512
4146400e8cab0319107c5f96a1edfc3968492c9b7aab2170ea65f27efbf9a9565b6134df0fc05d8cfe2ee641f2df3d25d2c49df269954186e1b5fada0fbea57b

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba3e1a8411efbca5f6d93f980912.png
Filesize
407B

MD5
e55214ba44abf9fdf68f052b1e85b569

SHA1
6903b785435607385695e90f22c645aed05bc86b

SHA256
5f125f147d6f61f9443f4e9f47dc2efe821702370bd5a1c5ed05eff9eb4dca30

SHA512
5fd2e1d7d670eb940ca858963d210f36c4352374cdcd3aa53ac5be3c138d16944f3c6ddeb6c7aa94b06b2a4ef74f12d9d7996cd266f283bf9cab02c5b7363017

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba3f1a8411efbca5f6d93f980912.png
Filesize
2KB

MD5
677784568590f3c77d0c6434b6eb142b

SHA1
e7b7e40d1dcdc6cac7d9baef359f8a6604975645

SHA256
aaab57852a2c0434de14ae4200f5424106cfca53f1d1a5afc5734734fc933648

SHA512
d0286a4af4e1a72329fce6350b73a90d2c2ede634f1465f064baef7f224d64de2e71b6006a17d7324954328c71d395de38f60b8df676d4716ddd874730d4862b

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba401a8411efbca5f6d93f980912.png
Filesize
3KB

MD5
9a04b5b935c2b7cd902d15317a755504

SHA1
332e7a2f22d7c64b1aef13236e1adb61a008ec14

SHA256
6fa4f184c0a56c9e3425c71abfcf1c12837b4f723fbd060a391ac28f52530d28

SHA512
77fc66a5588ad8b07994019c81b0e89e16873628a3cb06dab61cd65c68117c732a94563c5984e32492c8130f2a755fbec691fb46f5c5a1023f08986c25cffa6d

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba411a8411efbca5f6d93f980912.png
Filesize
27KB

MD5
95223b6fa2a3fe952616e85bcd2f630a

SHA1
d23367e44f7d1826b221cf4077b012efbb58806b

SHA256
2eb5cec4208438e0ab96b78418331c6b84c22087d034fe88763c79c6483e99bc

SHA512
141d8833e8dd859f08443753ae82accce6ccdca77c8bfdedac79c932ae8216be85c8d2d159bab5bb3c18a6fd0195cb92ffc70dcea4b4f5c9a0fa1762890caa54

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba7e1a8411efbca5f6d93f980912.png
Filesize
739B

MD5
3b20a57507e63838a2659b74c0bddc1b

SHA1
da8de7e7a4484d6e8cdfbb269abd3e6ae7041898

SHA256
88b84e826c251e100de58618b4d6e54d5980a75d7c89af79d8eff669c981d252

SHA512
7e1cde9576d26dd10cb0532c653065f3ca16984c1cf6d4453d08055fed5a8d8a689b9966a2ea6c8f07ac7b783598613635f5e3b00ae2a3c13f2877eeed6dfcf5

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba7f1a8411efbca5f6d93f980912.png
Filesize
2KB

MD5
a9271bc5204a7b2c9b013510624807e5

SHA1
2a337424bd6b5a1c71526b4286e08f3237b7b194

SHA256
83b2ffea7ce890626ef8db5a8e087cd4dd6f0680d090aad6b6fb0bcd54aee94c

SHA512
c313d97a23bd404b5ba2e312e76fab3dc6a7a998638ce38d82c87983dc0eb0714a84a6836fe0bab31266deb3f9b6fb29bfc1f003e7c6c3e73f29b7e8efe69c32

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba801a8411efbca5f6d93f980912.png
Filesize
4KB

MD5
5225f9217c4745edbe95af119c9e0ee1

SHA1
529fbc3fb4ca4d0cf2a244b573f57ab3a1a22e37

SHA256
0e3712fdff533422e544576e5beddf8855d043808e5d94ec3cd976a915e120d0

SHA512
a21a71fcaa43629881445c9b0621d606c57f4e1c4fa3ec1366991bd8a29f5d7ecd4a7b68fdc2c6f4f5dac6a76bf07cfde6725a4daabfb613b8bc4b32b3cffb5a

Download Submit
C:\Users\Admin\AppData\Local\SweetLabs App Platform\IconCache\3c63ba811a8411efbca5f6d93f980912.png
Filesize
57KB

MD5
887b642b2242d057299d47c0df28c7f3

SHA1
0f28ff38538bc6b007418aef2a4a96f820fdbb81

SHA256
af5a4b556490cc6cfd12bdda60ee48cf0bc097d3651c14846f1aa212f02f714c

SHA512
184d4e90e15c4bbda781f90ed1dc4f705088210aa45833cc9728284364d8680cfd167804b71ceb4de23dd84faa430fdc64d24b1409a4717c5f2b929996ae1887

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-05-25.log
Filesize
4KB

MD5
6e37a5ec2aecb7df956ad4c260495bfb

SHA1
9456e4f7629a9a587a0854ff6204a92c087aaa7d

SHA256
ac59f91fdf44cbfdb75af81a86e6a84e98728b13e680430dc92c04463603adbc

SHA512
9eb3bd217a29337bf492a0bdb5fea73c0832c04f7ffc61fd0abe413e655ae00787c956e60054c586a1ae74a99f5689c49192039cf814a0375ed0a95631e06d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-05-25.log
Filesize
13KB

MD5
b4fa6c65c0b6151c9a52535adfb49a2d

SHA1
6840d875430a98cd5acd40a4d5c23727881d6d9c

SHA256
3b88f30dd63c859610fae066d3c1c4812cfafffdd7f0ed2ff7ae36f6007d29ad

SHA512
65a995f8c50e91a941cd153ddaad8c254b84c2732f83b19c74466bcb1efeabf869232060289cc202e7a2abd9f612e66119337c441f62fe5a509c130ba9ff0605

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-05-25.log
Filesize
16KB

MD5
dde2bde7616c794cc6e9aa775caaf644

SHA1
f979c18b964699dde6d2508abbe54b7a76a55697

SHA256
a3709f5eef7e758b9cdbb02a95e9a3487bae491f639a8fa84d9b49f35f1fd6c5

SHA512
28f176f9f1e63d47cf488581de2a070e23bc0c72b3e99ff85244b51cc112510a1e74751e49cb7d29eed14e9061a10d140be19a1a6aa04c7b59a2b54febfacbb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-05-25.log
Filesize
8KB

MD5
e9dfba5889c52934b8bc2c3e41168c65

SHA1
b0e8628dbd1ee7728c69edc33aee9ca0da6ebbe8

SHA256
bd74414c03ffca8cf9df6909640066f105c4b07ca777395a46e3594635ff07d0

SHA512
3babb6f69503d87cdf77457805f67616614b817761b916ca0de8194003bd199ef7d7d24e0dd95e5f36668da3f56c633208091b6e3e48bdd3462babcc8d9a4d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pokki-2024-05-25.log
Filesize
9KB

MD5
bed7a397e807e97a311e08b4aa1c4ba4

SHA1
dbf284f660f7b3191c047066c701d906d67923f5

SHA256
dabe289dea914c2b0bd0b9220b50a51723cd30aa98a542ecad3fa4a527af884c

SHA512
b908574b0f654c551094b84237d09beca69fd60f272eee6e550d8be6050e8956bf5ddcaf52759f33d7bc8a92084486f708194374db59bf382ebc14de4a3cd6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss67C3.tmp\System.dll
Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss67C3.tmp\___ocnsis.dll
Filesize
3.9MB

MD5
bea3bdb7df888a7914181994af62baaa

SHA1
a7e3a6ba00f3a29bfcb052435b380300b9c2cc2e

SHA256
ef603dc803845bec994a01008800dc27b1c7764779957756ea758d7abf4d16c1

SHA512
9ecfcee5e56ea07c50adbdd68587030cfc249a2743d7f188d6c345ac5401e1c18377ac212b0e1161d8dd0207c02484e0b962dfc5397ac89182684413aeb9dcce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
Filesize
2KB

MD5
ff9fc1b3d1c2a20dd5730ccedd308830

SHA1
b10efbdd9a97453ecf4ee19f2ee2cc36a58502f4

SHA256
b97f97c99c833bd59b1c855e11b08a921d34d700dcc39b30fcf2fee6c8bd5bb0

SHA512
e3e4a466c41c85cc13d8bc8a8d6f01799a0e09c1985937aac6e4c185b2af0b0975c3aa30762ca4560e7101df34d3dc406ac7bc02faa29ba1f6ad3136aa2fcc44

Download Submit