6acc7eb046aeef6f49040284e9fbf59637c5bc074bd56f22106f67d07a7686b7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/06/2024, 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Size

10.1MB
MD5

334e8d84ca45749879312c751ae88ab3
SHA1

be93f412d63842f6d573e610e8819f1563fe1a8d
SHA256

6acc7eb046aeef6f49040284e9fbf59637c5bc074bd56f22106f67d07a7686b7
SHA512

3aa0db5677201ab179dc6cf57628cf01e90696bc8d33224f2ae743b50af49e3eb9f5edf2f5fed0789cbefd26c9c033b58e6bae1b5e2a372b83196d06434a9261
SSDEEP

196608:Zdad4T0xcsSB5orrcbSsi0s/lmPJ7N3VvXWrqufezvq:vadCoXrlAJ7N3pXW2uGzy

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
820	lite_installer.exe
4892	seederexe.exe
13420	sender.exe

Loads dropped DLL 10 IoCs

pid	Process
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe
4712	MsiExec.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\P:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\R:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\S:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\W:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\B:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\J:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\K:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\Q:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\X:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\Z:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\H:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\T:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\V:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\Y:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\I:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\L:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\M:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\U:	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI49FA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4C63.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4D6E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI498C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4A3A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4B76.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4BD5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4CE1.tmp	msiexec.exe
File created	C:\Windows\Installer\e5747e6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5747e6.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4A99.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4B37.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4AD8.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\SearchScopes	seederexe.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Software\Microsoft\Internet Explorer\Main	seederexe.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
3684	msiexec.exe
3684	msiexec.exe
820	lite_installer.exe
820	lite_installer.exe
4892	seederexe.exe
4892	seederexe.exe
13420	sender.exe
13420	sender.exe
820	lite_installer.exe
820	lite_installer.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeIncreaseQuotaPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeSecurityPrivilege	3684	msiexec.exe
Token: SeCreateTokenPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeLockMemoryPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeIncreaseQuotaPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeMachineAccountPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeTcbPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeSecurityPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeTakeOwnershipPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeLoadDriverPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeSystemProfilePrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeSystemtimePrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeProfSingleProcessPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeIncBasePriorityPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeCreatePagefilePrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeCreatePermanentPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeBackupPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeRestorePrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeShutdownPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeDebugPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeAuditPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeSystemEnvironmentPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeChangeNotifyPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeRemoteShutdownPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeUndockPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeSyncAgentPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeEnableDelegationPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeManageVolumePrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeImpersonatePrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeCreateGlobalPrivilege	1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe
Token: SeRestorePrivilege	3684	msiexec.exe
Token: SeTakeOwnershipPrivilege	3684	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
1036	2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 4712	3684	msiexec.exe	87
PID 3684 wrote to memory of 4712	3684	msiexec.exe	87
PID 3684 wrote to memory of 4712	3684	msiexec.exe	87
PID 4712 wrote to memory of 820	4712	MsiExec.exe	88
PID 4712 wrote to memory of 820	4712	MsiExec.exe	88
PID 4712 wrote to memory of 820	4712	MsiExec.exe	88
PID 4712 wrote to memory of 4892	4712	MsiExec.exe	90
PID 4712 wrote to memory of 4892	4712	MsiExec.exe	90
PID 4712 wrote to memory of 4892	4712	MsiExec.exe	90
PID 4892 wrote to memory of 13420	4892	seederexe.exe	94
PID 4892 wrote to memory of 13420	4892	seederexe.exe	94
PID 4892 wrote to memory of 13420	4892	seederexe.exe	94

C:\Users\Admin\AppData\Local\Temp\2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-08_334e8d84ca45749879312c751ae88ab3_magniber.exe"
1⤵
- Enumerates connected drives
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1036

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5B983F5C777AF610EA75E810CA32E06D
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4712
- - C:\Users\Admin\AppData\Local\Temp\29AD5D6B-D3E4-4631-A145-B0A81E327E01\lite_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\29AD5D6B-D3E4-4631-A145-B0A81E327E01\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:820
- - C:\Users\Admin\AppData\Local\Temp\0285B1E0-4AAE-4723-BD73-4055AE2B5649\seederexe.exe
    "C:\Users\Admin\AppData\Local\Temp\0285B1E0-4AAE-4723-BD73-4055AE2B5649\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\CE2128DF-70D7-4084-B778-BB8C5D22D571\sender.exe" "--is_elevated=yes" "--ui_level=5" "--good_token=x" "--no_opera=n"
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4892
  - - C:\Users\Admin\AppData\Local\Temp\CE2128DF-70D7-4084-B778-BB8C5D22D571\sender.exe
      C:\Users\Admin\AppData\Local\Temp\CE2128DF-70D7-4084-B778-BB8C5D22D571\sender.exe --send "/status.xml?clid=3762839&uuid=7becfc84-1d88-4697-81d0-e07ad0d0665b&vnt=Windows 10x64&file-no=8%0A15%0A25%0A45%0A57%0A59%0A102%0A111%0A125%0A129%0A"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:13420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5747e7.rbs

Filesize
575B

MD5
c22da0256e10b754ef131989aef35670

SHA1
955fc88a69b4608ba72eadb4ebfc5a0b4b375798

SHA256
da46696ad996fbe5030f3c0d820aadab608a91de6d35686194084084c888c31a

SHA512
b95828087f57129b22182b5485fbd7a7968cd19b5a96e076e3075ae1609fbb69e7a55400b268c56a8ef1fbcfc7b096735745c6f3306a0fd2dedeab25ccba0282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
f08c3b23857e7a85883210b346f1d831

SHA1
0d08f77ba3e8861ba0cff29f9e5b06696ec34d88

SHA256
5597510ab4b55494f1d6fc95ec71ca4c72903f53b7dc9ccafeee631bd26642fb

SHA512
a70a9c37d17ab05307fb672f1e954339b94ded5d6bcb3edd1547842175db3ace80fd8d7c3932320bf6a7c1c9f4353295bd80da2e19d405774e453632de71e8dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
09b528d11f0dbfde41c54fad44d5bce2

SHA1
01126cdc06330013a43a6a58f2ba4b0d6a9c1762

SHA256
7b35f1c6cd0d16b341819a1c9cd0236a25a468aa13eab784be72a15bdaf58a65

SHA512
eb492c9a5b68ce9bacebebbcb44f342a0f384811ef163f1fb6061bcebdffd0829aab28591653474a983098db2240d0a7e8dce12a67e3c35d7398ca5420534edf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
c96f92569538ad7df351fa8b061e56f7

SHA1
7ff2ef241a26878be4457ccef13d30acb9f03c98

SHA256
f9acaaf4c182894da14e100a178c7471b00a7e2e07acd768a888a14b8f35421a

SHA512
3af07145f58ca998f82b5025b618d154c0414bfeb9596d758f36171fd4390d6b34bf586a8da53c5be37abd4abe13273c4196cb2bbf91342a310ea922b08e04de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
f338e21ec807b29661a1de76196a291e

SHA1
a3fbc74efbc43236c036e08d1570cd0d814fe9a8

SHA256
cc797327475356a3a27319ee4f8a97f08d5dc25f18b0609d7cedb067a4124092

SHA512
f3571f2270707653d34a5b6ddaff11762140134d5074ce3a47645d262eaaa0650b5a8516e82a5644f3b71c9cb407f24c09e2735d503eb6b6493d325caa542669

Download Submit
C:\Users\Admin\AppData\Local\Temp\0285B1E0-4AAE-4723-BD73-4055AE2B5649\seederexe.exe

Filesize
8.6MB

MD5
225ba20fa3edd13c9c72f600ff90e6cb

SHA1
5f1a9baa85c2afe29619e7cc848036d9174701e4

SHA256
35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797

SHA512
97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\29AD5D6B-D3E4-4631-A145-B0A81E327E01\lite_installer.exe

Filesize
419KB

MD5
aafdfaa7a989ddb216510fc9ae5b877f

SHA1
41cf94692968a7d511b6051b7fe2b15c784770cb

SHA256
688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc

SHA512
6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\CE2128DF-70D7-4084-B778-BB8C5D22D571\sender.exe

Filesize
260KB

MD5
f1a8f60c018647902e70cf3869e1563f

SHA1
3caf9c51dfd75206d944d4c536f5f5ff8e225ae9

SHA256
36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577

SHA512
c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

Filesize
34KB

MD5
3144441e5da9020e2094bf4d6475ad1d

SHA1
d08082ce668475276596e5d50d98481dd2329e86

SHA256
1a210be00e8abb51fb329d8369f786a44a6c84fd655e2e16c83f215e4bf1744b

SHA512
7d6db078aea22160e1fe2ed261f63ebf218372b80becee8e901fcf3bd2212053ee89e7129e8fc6732695d3b62ee6e6603ae469cc70f84d23d397ec165709d9dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

Filesize
531B

MD5
37470bcda88e95eae6575f55958b001d

SHA1
86f83f019368c45b6a3fedde9e74682a09f5606b

SHA256
873d795374ca541d246c584f0ab086a027c9242c9cd77cef2407e7bbf46e352c

SHA512
5099ff27ee9d817976868d120bb7e92b6d650d12c4e1a0f5fbaf236e64830a271c326cbf3f70c5675e667894fb7dfef46d17a182e5619ab4fa795e70be56cbfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\omnija-20240708.zip

Filesize
40.8MB

MD5
dc5128fcb8d7f6b849f1166532db2dc8

SHA1
8427501d440d5edbbb2662294bc5650d2bc8aab5

SHA256
36e682f419c2b5d8e7c285d36088b56d59df3869dbd181943280696d4ca391ca

SHA512
bcf0d463ed4f01a313b8e6be745ad55b42108be84cc5850c411dec19aa7c6d996782da49fc208559f1188941bdd1082d954cfa316f08c0ad2efcf0662952e524

Download Submit
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

Filesize
510B

MD5
29b2508cbcc5c53473692223f2345faf

SHA1
130cab9a60de6c94746b5555d03533d9a517241c

SHA256
b54cd785c0543a209c61de0316205d5d5f1fde919a39ae1c499dd2c8683c8d74

SHA512
f927d54026a02e3c000c1740ff2c9a9dd1d01784f76223fff9df1dd49756a24b8582822cf784052b6d1961b727dda5099a639d334cd705476c21d5d5f36b6823

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

Filesize
9.8MB

MD5
94ac28782eb45847b7896e291958d910

SHA1
c3499d84b8069a911074521e62e14a5a8664259d

SHA256
7bc661c74be100515adbd700878cf44fec41b33838ab5bcf223062d984b5ab73

SHA512
c7f49a8e904fdb4f4ad1fc0631551b89b1f0e8286f82b960baec61b5ff2336c072c4788ace0c38f0a208b21b520907ff8f180c011d0dc64e92a56e051dac511e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u876pmr6.Admin\places.sqlite-20240608200750.112512.backup

Filesize
68KB

MD5
314cb7ffb31e3cc676847e03108378ba

SHA1
3667d2ade77624e79d9efa08a2f1d33104ac6343

SHA256
b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

SHA512
dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240608200750.159395.backup

Filesize
1KB

MD5
3adec702d4472e3252ca8b58af62247c

SHA1
35d1d2f90b80dca80ad398f411c93fe8aef07435

SHA256
2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

SHA512
7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240608200750.159395.backup

Filesize
313B

MD5
af006f1bcc57b11c3478be8babc036a8

SHA1
c3bb4fa8c905565ca6a1f218e39fe7494910891e

SHA256
ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

SHA512
3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
41861e08d78dc761a74c02b759353379

SHA1
9885335a300b0f985b0ea0e665eec4bfe55ed699

SHA256
3a05e8a53175526de18110cf6c952a8a43277ff6e42f782ed1ff8b73462cb77a

SHA512
f8f034b103dadce70b79568e8e0bf3764d7f2a78e4beebcf815729774f3653a2c871bfca2825431c704e6840538f148274892e869d65d56ebc62d4aebe3120c9

Download Submit
C:\Windows\Installer\MSI498C.tmp

Filesize
181KB

MD5
0c80a997d37d930e7317d6dac8bb7ae1

SHA1
018f13dfa43e103801a69a20b1fab0d609ace8a5

SHA256
a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86

SHA512
fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

Download Submit
C:\Windows\Installer\MSI49FA.tmp

Filesize
189KB

MD5
e6fd0e66cf3bfd3cc04a05647c3c7c54

SHA1
6a1b7f1a45fb578de6492af7e2fede15c866739f

SHA256
669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2

SHA512
fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb

Download Submit