aac483ae766d6ff52801c293af713e9d19eb9ad455eab64132cb3272043391e0

Analysis

max time kernel
79s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Size

10.1MB
MD5

8b3b520f329d7bcae28e0a13e4596734
SHA1

77b663e66ec4bf6eca0277731fcf2141fbcfbaa0
SHA256

aac483ae766d6ff52801c293af713e9d19eb9ad455eab64132cb3272043391e0
SHA512

79e2c125989536afad9cc6c5fd36137863cca0463767404883c874211fe9b0d750afece50427a8cc4796c32a193d9b5bc9c53b66ff81f4a6a3d71b52f39ca0e9
SSDEEP

196608:kdad4T0xcsSB5orrcbSsi0s/lmPJ7N3VvXWrqufezvq:AadCoXrlAJ7N3pXW2uGzy

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4460	lite_installer.exe
4088	seederexe.exe
3404	sender.exe

Loads dropped DLL 10 IoCs

pid	Process
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe
4960	MsiExec.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\W:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\P:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\O:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\U:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\Q:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\R:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\V:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\Y:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\H:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Z:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\L:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\M:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\S:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\I:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\N:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\X:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\B:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
File opened (read-only)	\??\J:	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI78CE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI79AB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI790D.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}	msiexec.exe
File opened for modification	C:\Windows\Installer\e577678.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7B16.tmp	msiexec.exe
File created	C:\Windows\Installer\e577678.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI77B0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI780F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI783F.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI789E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI794D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7A39.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7AA7.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\SearchScopes	seederexe.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\Main	seederexe.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
3672	msiexec.exe
3672	msiexec.exe
4460	lite_installer.exe
4460	lite_installer.exe
4088	seederexe.exe
4088	seederexe.exe
3404	sender.exe
3404	sender.exe
4460	lite_installer.exe
4460	lite_installer.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeIncreaseQuotaPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeSecurityPrivilege	3672	msiexec.exe
Token: SeCreateTokenPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeLockMemoryPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeIncreaseQuotaPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeMachineAccountPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeTcbPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeSecurityPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeTakeOwnershipPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeLoadDriverPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeSystemProfilePrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeSystemtimePrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeProfSingleProcessPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeIncBasePriorityPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeCreatePagefilePrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeCreatePermanentPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeBackupPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeRestorePrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeShutdownPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeDebugPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeAuditPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeSystemEnvironmentPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeChangeNotifyPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeRemoteShutdownPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeUndockPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeSyncAgentPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeEnableDelegationPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeManageVolumePrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeImpersonatePrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeCreateGlobalPrivilege	1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe
Token: SeRestorePrivilege	3672	msiexec.exe
Token: SeTakeOwnershipPrivilege	3672	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
1576	2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 4960	3672	msiexec.exe	89
PID 3672 wrote to memory of 4960	3672	msiexec.exe	89
PID 3672 wrote to memory of 4960	3672	msiexec.exe	89
PID 4960 wrote to memory of 4460	4960	MsiExec.exe	90
PID 4960 wrote to memory of 4460	4960	MsiExec.exe	90
PID 4960 wrote to memory of 4460	4960	MsiExec.exe	90
PID 4960 wrote to memory of 4088	4960	MsiExec.exe	92
PID 4960 wrote to memory of 4088	4960	MsiExec.exe	92
PID 4960 wrote to memory of 4088	4960	MsiExec.exe	92
PID 4088 wrote to memory of 3404	4088	seederexe.exe	97
PID 4088 wrote to memory of 3404	4088	seederexe.exe	97
PID 4088 wrote to memory of 3404	4088	seederexe.exe	97

C:\Users\Admin\AppData\Local\Temp\2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-02_8b3b520f329d7bcae28e0a13e4596734_magniber.exe"
1⤵
- Enumerates connected drives
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1576

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 34B679A53F3CFAD7A14029CF01114250
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4960
- - C:\Users\Admin\AppData\Local\Temp\9F4DC88C-B01F-4AEB-A243-AFC64D2D61B2\lite_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\9F4DC88C-B01F-4AEB-A243-AFC64D2D61B2\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4460
- - C:\Users\Admin\AppData\Local\Temp\C0A2E470-9A44-4CD7-B437-FD7C4B4EE138\seederexe.exe
    "C:\Users\Admin\AppData\Local\Temp\C0A2E470-9A44-4CD7-B437-FD7C4B4EE138\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\4058AAA4-6663-49D0-9E5A-ECCFF8000AFE\sender.exe" "--is_elevated=yes" "--ui_level=5" "--good_token=x" "--no_opera=n"
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\4058AAA4-6663-49D0-9E5A-ECCFF8000AFE\sender.exe
      C:\Users\Admin\AppData\Local\Temp\4058AAA4-6663-49D0-9E5A-ECCFF8000AFE\sender.exe --send "/status.xml?clid=2413642&uuid=b4878bd3-d2db-4b07-a5ef-7edaa63551f9&vnt=Windows 10x64&file-no=8%0A15%0A25%0A45%0A57%0A59%0A102%0A111%0A125%0A129%0A"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:3404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e577679.rbs

Filesize
575B

MD5
d8f731d1d0b018191f08f78d8d78d144

SHA1
0d7a9479e9e7ed610e6f4efd7f380d0a531fc084

SHA256
b0e3d4a4a4f8398ec55b93135f93378a738c19b2c3015f6d8f2f9a17e6732291

SHA512
5d43d067d1ec92f2448d702d540eece2ff2b9d0b4ec94fd2435e3b2b65dc4453bd565e7cd82095af793439d8c0cd9785e7c1421b4d88c55598b114c641943c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
60aa3a921fa65d3c97e0b9ab8a115523

SHA1
45ef9f9223d9ffffa7b7eaa36c2d48b05d953743

SHA256
5063b86247118032dbd4c3d7b2332cc438ff5e3531b1c4420e52d2d527c31493

SHA512
f7dbe43471b090390855394e4e5e36f0ef3a17849a5f8de98241737a7eeea22db81cfe5df0572ed320253447015b51b0dc988e7c0adc18c13d9667568366a392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
1bba3fbd68609d5ccbf527b3970c9a0a

SHA1
e6b8ba271fdf9af4bbf7e357bcdff264a66e9f44

SHA256
512a0bb45267b7420232bd969efcfd9bbe36761a84e9b0e8c208c8fc9dfcfd5b

SHA512
888dd6b591fca675dae3eca1983ac355b1d7e508ec06fd48395a402cd0ccc0adac442b20df409385a2c7e885a451ed2531bbf69a509a0b9b5b55aebe05fdd819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
8aa752f5539d369fbc6fa80b51b6c769

SHA1
2688a6789ff2d1dbd665340ec6fab8126f62ffac

SHA256
168498b93ac6169e384abddb97ef4e6ce6091c08f55baba2eedd48be803c1cf2

SHA512
1cc2a782cc03922296c4da4086b926ed6b8a7aae547a137641c3f33cabba98e741f476638543e87fa936a2098fc50e147cb75608365bca1d15a46eea3fa787bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
98e4eddfbc3d865b56cf39e31a263a1d

SHA1
f00e0801c6ce50db8829157b2b5b8152dfc18935

SHA256
1f8779005a7b28a0850165d208ae51f66977b409008d991ca9d9424a008f17ad

SHA512
671b88e9e75084c6bb1ad9bb149dbaa0b8065a4eed9911979e1c514e57442ae2039816a4341ec02e6997fcb8793fc2469eccbc0627e713e1d537c6d6a0135215

Download Submit
C:\Users\Admin\AppData\Local\Temp\4058AAA4-6663-49D0-9E5A-ECCFF8000AFE\sender.exe

Filesize
260KB

MD5
f1a8f60c018647902e70cf3869e1563f

SHA1
3caf9c51dfd75206d944d4c536f5f5ff8e225ae9

SHA256
36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577

SHA512
c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\9F4DC88C-B01F-4AEB-A243-AFC64D2D61B2\lite_installer.exe

Filesize
419KB

MD5
aafdfaa7a989ddb216510fc9ae5b877f

SHA1
41cf94692968a7d511b6051b7fe2b15c784770cb

SHA256
688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc

SHA512
6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\C0A2E470-9A44-4CD7-B437-FD7C4B4EE138\seederexe.exe

Filesize
8.6MB

MD5
225ba20fa3edd13c9c72f600ff90e6cb

SHA1
5f1a9baa85c2afe29619e7cc848036d9174701e4

SHA256
35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797

SHA512
97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

Filesize
34KB

MD5
1e0d5ea8a9c17e9aa4cf4de562c4750b

SHA1
5224b7a7eb2e1f01733a601655c05b72fab952cf

SHA256
a4865de7e6016ef58d17977274754161e2b427959c6ecb5bd09023061fce7e75

SHA512
c67508458016da4c6f50766128162cfcfd123dfe4703eb2bffd71cef145884abec4fa25f0d36ff0a9287f6531f2db4e3fb5df5213a148ab5d0040f66a562d7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

Filesize
530B

MD5
9df18cd11f2e352459261c19a94c4b0e

SHA1
f0b76ff6392d7689e746379c862654e68b7d9470

SHA256
274275dcb5bb6666968e62e1168ca025c6ae0cb29fc5b4018ffcb1fbc0b7b645

SHA512
a0d7cecbf45bfc83a3e664235cbe8a8146f33db714243cd7fa31e862a06034b06bd0e30882035877b987eb02ae6955fc3545ecd6b861ef94562e0fe18e269658

Download Submit
C:\Users\Admin\AppData\Local\Temp\omnija-20245802.zip

Filesize
40.8MB

MD5
658aa024518ec5438b422b495ab37b13

SHA1
a701e43135642af41b6eee681920cc96bb4c4f52

SHA256
96e461cd252c9f4de41937999cfc5baa63fd5e7f5527b7049ba70d5052141429

SHA512
cc25360f6f1141e9e7a5d762fd164aa7d65ea56420b6e29192e8531f18ca3e3a5a030866edd80e828976b8644824917c0ac96b44114b5966a2a2d04bbfe9a504

Download Submit
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

Filesize
509B

MD5
3b03e3552f4735cbc1eb75e3411b6bec

SHA1
877e906f16dfa4f971ccf1fec9565f492707b766

SHA256
819b8d391af71b5521e78dabbd33df5eba7ff07799edcce9ecb806e78569fcff

SHA512
3f2d08dc06fba08d5b6a5da5123c27d649025c8ed4ffaf808bbef48bfde90c0159c63eacc35e8428601ad87d5b6720dbcc4988a2898ef672aa3f702a73eefcee

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

Filesize
9.8MB

MD5
843ebfc87d45f97581c2b82b81a68d4b

SHA1
16cb4d4e594b04d1079f2bef4cd187862406e96d

SHA256
c173c79096bd20ca67fa399a60f25d8b76381ebea3b1643becae751e7c479657

SHA512
c54975a09a194eca36c69766f9ebd00bbcb90acf23dd607948ca372839ac045876976018da3deb509cc857f9ba94668dc5dc4dfeea2cbba0ee0e16f0a26772cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dl59x85f.Admin\places.sqlite-20240602185831.331335.backup

Filesize
68KB

MD5
314cb7ffb31e3cc676847e03108378ba

SHA1
3667d2ade77624e79d9efa08a2f1d33104ac6343

SHA256
b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

SHA512
dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240602185831.503189.backup

Filesize
1KB

MD5
3adec702d4472e3252ca8b58af62247c

SHA1
35d1d2f90b80dca80ad398f411c93fe8aef07435

SHA256
2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

SHA512
7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240602185831.503189.backup

Filesize
313B

MD5
af006f1bcc57b11c3478be8babc036a8

SHA1
c3bb4fa8c905565ca6a1f218e39fe7494910891e

SHA256
ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

SHA512
3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2e72a9d870115049e0ebdbe097391ec7

SHA1
5284c7c5c395fdb084e0f9e7602144b7c384f70b

SHA256
339fddb58b3c716ff8ae464df9c08b20d21b8dd9aa3d49a935fae252db432022

SHA512
61aa5f16b9966b043927d5f3ba502b1abb3ebd458fa3c807d515cfff94a13e9327494606700398e1e5e6259c1694b923dd9e2257001fd5c1aa85b137c2ceac92

Download Submit
C:\Windows\Installer\MSI77B0.tmp

Filesize
181KB

MD5
0c80a997d37d930e7317d6dac8bb7ae1

SHA1
018f13dfa43e103801a69a20b1fab0d609ace8a5

SHA256
a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86

SHA512
fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

Download Submit
C:\Windows\Installer\MSI780F.tmp

Filesize
189KB

MD5
e6fd0e66cf3bfd3cc04a05647c3c7c54

SHA1
6a1b7f1a45fb578de6492af7e2fede15c866739f

SHA256
669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2

SHA512
fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb

Download Submit