Analysis Overview
SHA256
4994d99b024a69536c6df49657916c91ff00d64d371a27c52be4bf85f45fb037
Threat Level: Known bad
The file 2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber was found to be: Known bad.
Malicious Activity Summary
Floxif, Floodfix
Detects Floxif payload
Loads dropped DLL
Reads user/profile data of web browsers
ACProtect 1.3x - 1.4x DLL software
UPX packed file
Executes dropped EXE
Blocklisted process makes network request
Checks installed software on the system
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-16 17:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-16 17:46
Reported
2024-09-16 17:49
Platform
win7-20240903-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Floxif, Floodfix
Detects Floxif payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E3083844-F653-4AEA-83C0-B6704C280507\lite_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E2EBC324-FE07-40F6-BBAA-981347BDDCB3\sender.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI9C46.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9CC4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76954e.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI982A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI978D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9A7E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9D42.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76954d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI98A8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9A00.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9AFC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9B79.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI9C07.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76954e.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76954d.msi | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\E3083844-F653-4AEA-83C0-B6704C280507\lite_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\E2EBC324-FE07-40F6-BBAA-981347BDDCB3\sender.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding DCA8DCC2AD9918DB120FC6C938F58327
C:\Users\Admin\AppData\Local\Temp\E3083844-F653-4AEA-83C0-B6704C280507\lite_installer.exe
"C:\Users\Admin\AppData\Local\Temp\E3083844-F653-4AEA-83C0-B6704C280507\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/
C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe
"C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\E2EBC324-FE07-40F6-BBAA-981347BDDCB3\sender.exe" "--is_elevated=yes" "--ui_level=5" "--good_token=x" "--no_opera=n"
C:\Users\Admin\AppData\Local\Temp\E2EBC324-FE07-40F6-BBAA-981347BDDCB3\sender.exe
C:\Users\Admin\AppData\Local\Temp\E2EBC324-FE07-40F6-BBAA-981347BDDCB3\sender.exe --send "/status.xml?clid=9183476&uuid=7e512cfb-18B9-43E3-B357-302BBB5D31f1&vnt=Windows 7x64&file-no=6%0A15%0A25%0A45%0A57%0A59%0A111%0A125%0A129%0A"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| RU | 87.250.250.14:80 | clck.yandex.ru | tcp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | soft.export.yandex.ru | udp |
| RU | 87.250.254.20:80 | soft.export.yandex.ru | tcp |
Files
memory/1744-3-0x0000000010000000-0x0000000010030000-memory.dmp
\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/1744-5-0x000000000041F000-0x0000000000423000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
| MD5 | db69b41b1827ccc598a416e0d32e4a39 |
| SHA1 | acc35592e318c32d0f4ac768f32f1f8243ba230c |
| SHA256 | b5a4c7a05785ac51553953bf951c284ff03a9ac7d1cba15fa391d0b6c7aed5cc |
| SHA512 | d40479e0dd384a99fefbc8a43381dde21b2633320393566ecdb2895fa88008794b996d7fac3ddae102c6dd516cdb3c14e3e52ff7371472cc0894c444a4b4d867 |
C:\Users\Admin\AppData\Local\Temp\Tar92E2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab92CF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log
| MD5 | c469cccb63e3452aabf183448df47406 |
| SHA1 | a8039b2251cf5464004075546862126f65007d9c |
| SHA256 | a2d1211986607c4cabc78cee7a9617b0f49856ac5733bd3e552e43b28a9b454f |
| SHA512 | 84bcdbe61c7bb327b645109c581e1925a40e7a6c6e2b848aeba6328ec10e6b923ce44739ec481a9951437b4e94de0a80f5d8b8b2c58612463e362aba226a70d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee1915bc0f88ac43a42e0ce727a6122b |
| SHA1 | f7100e74480e4f0486bbf2c2270a7a304202d6c5 |
| SHA256 | 4c63c581b9a12305c9461c3395172aae8db0a6ddd0f9c86a3f1769f99398edab |
| SHA512 | e045967605502aa47f5bd005db80b56ec19d777ab774160c68f4a750ac226d8da0269cb81f20c7e2b8c471e7de5655c717fe9723d0dfe20333b58c5b95513c73 |
\Windows\Installer\MSI978D.tmp
| MD5 | 0c80a997d37d930e7317d6dac8bb7ae1 |
| SHA1 | 018f13dfa43e103801a69a20b1fab0d609ace8a5 |
| SHA256 | a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86 |
| SHA512 | fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5 |
\Windows\Installer\MSI982A.tmp
| MD5 | e6fd0e66cf3bfd3cc04a05647c3c7c54 |
| SHA1 | 6a1b7f1a45fb578de6492af7e2fede15c866739f |
| SHA256 | 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2 |
| SHA512 | fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb |
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
| MD5 | c528466ba6d4f66966aa31021aa339dc |
| SHA1 | ee953f22f33b25d80cbfe250d64fed4d2da80091 |
| SHA256 | 546e928b7127a4515b089f0b913078404b664a5df33c928a281888c25b03760f |
| SHA512 | ebd159dbc6f47b6f70e4f47d9de6bc540c86c915c44df7a4dd50c1c6a431303bb06e22382e8a76e9e2399d24263feca64305a74fa4b50314f8b429b141af601c |
\Users\Admin\AppData\Local\Temp\E3083844-F653-4AEA-83C0-B6704C280507\lite_installer.exe
| MD5 | aafdfaa7a989ddb216510fc9ae5b877f |
| SHA1 | 41cf94692968a7d511b6051b7fe2b15c784770cb |
| SHA256 | 688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc |
| SHA512 | 6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44 |
C:\Users\Admin\AppData\Local\Temp\E93922E8-D20F-4E38-95FD-7FFC6E69A675\seederexe.exe
| MD5 | 225ba20fa3edd13c9c72f600ff90e6cb |
| SHA1 | 5f1a9baa85c2afe29619e7cc848036d9174701e4 |
| SHA256 | 35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797 |
| SHA512 | 97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | c04df45d070dcac5ae4ec7175808a08b |
| SHA1 | d5738cbfad7bb35b631e3ba3f50f24099bf9ea59 |
| SHA256 | b9c342d39d22007c6d4a0e74ff4679aee477f50208a60f944b55e53e82a6bbaf |
| SHA512 | bb4590593b2f4694caeb985e0540396d6b54be25fb7ce83ad0fa7270ea3f710ccd25d8dff9304327719223aa7adf0573b3d8e5c6d5673e305fe9fee6aa0a2287 |
C:\Users\Admin\AppData\Local\Temp\[email protected]
| MD5 | 7f660989e24ff4572061bcf5e68c8ef6 |
| SHA1 | 5c4e99f17c899c2851f8c45f1c114592865bceb5 |
| SHA256 | 0521c674f681c2ee1eae55066e64131b08fac3a571a1ede27920bee0199cb36c |
| SHA512 | b22e5c7bc353d4c5cbf9c1f26642be232e825f8f9bc3b39bffbc9e9382d671b767f8bba86ef09c2421ae701eca09182002606b47e47424a901c4e23dcd30619d |
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml
| MD5 | f1083a9453af8796ae5b0df6d4e8ce57 |
| SHA1 | 2567b4c551c179614d213514bed8ceb20e4f97e8 |
| SHA256 | 637a4d28261e4819483ca7296cf6b6eb5768e2e82b218a3edca4c007b9941788 |
| SHA512 | fd5993494290326be52da2105ca176c588f490fd9c4a98514178a1459887064b6bd09f4e4168dd1a35a2e5e5b58b887cfc0e595e4b1a8e2a79bc93c2ea1cd880 |
C:\Config.Msi\f76954f.rbs
| MD5 | dc565893956cb209747a64cc2a0c645d |
| SHA1 | 9a063e92cf0f6a49f03bc870ccec184dfc17ecfc |
| SHA256 | d7971fb06425f96d590464d39a1467896433dde26cf7f9bd3b7fc3d90e8956c8 |
| SHA512 | d030a56bf5b80fc29129e2bd67c3e1d655f507d268f159713d732a099cbc1f81c9d05024239ef3e2d93fd71e20db042846ffbf5893ad95b63099211ef3e8e103 |
memory/1744-472-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OMNIJA~1.ZIP
| MD5 | 1d6cfd7db58008d1b44328c5a3a4220c |
| SHA1 | 8e8304bfd7a73b9ae8415b6cbd273e612868a2b2 |
| SHA256 | 915e46dcc29d6fee123c4b8e88d846ac95ffd4a6f4eb956dc882d305ee1b8256 |
| SHA512 | 4c17160aa83abeff897462f981226902dd6694817ad95f246511fc63c637bdffa0989a3db00c4309fa673a13b4993c509df538ddad482d1be8b4058749ee93f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.Admin\places.sqlite-20240916174707.759000.backup
| MD5 | 314cb7ffb31e3cc676847e03108378ba |
| SHA1 | 3667d2ade77624e79d9efa08a2f1d33104ac6343 |
| SHA256 | b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1 |
| SHA512 | dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240916174707.821400.backup
| MD5 | 3adec702d4472e3252ca8b58af62247c |
| SHA1 | 35d1d2f90b80dca80ad398f411c93fe8aef07435 |
| SHA256 | 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335 |
| SHA512 | 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240916174707.821400.backup
| MD5 | af006f1bcc57b11c3478be8babc036a8 |
| SHA1 | c3bb4fa8c905565ca6a1f218e39fe7494910891e |
| SHA256 | ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c |
| SHA512 | 3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af |
C:\Users\Admin\AppData\Local\Temp\E2EBC324-FE07-40F6-BBAA-981347BDDCB3\sender.exe
| MD5 | f1a8f60c018647902e70cf3869e1563f |
| SHA1 | 3caf9c51dfd75206d944d4c536f5f5ff8e225ae9 |
| SHA256 | 36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577 |
| SHA512 | c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-16 17:46
Reported
2024-09-16 17:49
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Floxif, Floodfix
Detects Floxif payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
ACProtect 1.3x - 1.4x DLL software
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5A8A29E9-78F4-4A1C-B7C2-6BC821FE2A40\lite_installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EDA6B66D-D266-4438-889A-EE6D9FA6BB53\seederexe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A7A20E76-6C06-4ECA-A344-EAA148A7E26E\sender.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Common Files\System\symsrv.dll | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| File created | \??\c:\program files\common files\system\symsrv.dll.000 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIA5BF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57a19f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA452.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA482.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA4A2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57a19f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA2E7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA4E2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA550.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA346.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA3A4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA432.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA66C.tmp | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\A7A20E76-6C06-4ECA-A344-EAA148A7E26E\sender.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\5A8A29E9-78F4-4A1C-B7C2-6BC821FE2A40\lite_installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\EDA6B66D-D266-4438-889A-EE6D9FA6BB53\seederexe.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Users\Admin\AppData\Local\Temp\EDA6B66D-D266-4438-889A-EE6D9FA6BB53\seederexe.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\EDA6B66D-D266-4438-889A-EE6D9FA6BB53\seederexe.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024091618b5196c49a9611141dd28e90986e4b5floxifmagniber.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding BE5FD16574D12B609296BB07739E492E
C:\Users\Admin\AppData\Local\Temp\5A8A29E9-78F4-4A1C-B7C2-6BC821FE2A40\lite_installer.exe
"C:\Users\Admin\AppData\Local\Temp\5A8A29E9-78F4-4A1C-B7C2-6BC821FE2A40\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/
C:\Users\Admin\AppData\Local\Temp\EDA6B66D-D266-4438-889A-EE6D9FA6BB53\seederexe.exe
"C:\Users\Admin\AppData\Local\Temp\EDA6B66D-D266-4438-889A-EE6D9FA6BB53\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\A7A20E76-6C06-4ECA-A344-EAA148A7E26E\sender.exe" "--is_elevated=yes" "--ui_level=5" "--good_token=x" "--no_opera=n"
C:\Users\Admin\AppData\Local\Temp\A7A20E76-6C06-4ECA-A344-EAA148A7E26E\sender.exe
C:\Users\Admin\AppData\Local\Temp\A7A20E76-6C06-4ECA-A344-EAA148A7E26E\sender.exe --send "/status.xml?clid=9183476&uuid=1bcb2a9f-7d23-4585-846d-ccf59f867551&vnt=Windows 10x64&file-no=8%0A15%0A25%0A45%0A57%0A59%0A102%0A111%0A125%0A129%0A"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5isohu.com | udp |
| US | 8.8.8.8:53 | www.aieov.com | udp |
| US | 45.56.79.23:80 | www.aieov.com | tcp |
| US | 8.8.8.8:53 | 133.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.79.56.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clck.yandex.ru | udp |
| RU | 77.88.21.14:80 | clck.yandex.ru | tcp |
| US | 8.8.8.8:53 | soft.export.yandex.ru | udp |
| RU | 213.180.193.14:80 | clck.yandex.ru | tcp |
| RU | 87.250.254.20:80 | soft.export.yandex.ru | tcp |
| US | 8.8.8.8:53 | 14.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.193.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.254.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Program Files\Common Files\System\symsrv.dll
| MD5 | 7574cf2c64f35161ab1292e2f532aabf |
| SHA1 | 14ba3fa927a06224dfe587014299e834def4644f |
| SHA256 | de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085 |
| SHA512 | 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab |
memory/1980-3-0x0000000010000000-0x0000000010030000-memory.dmp
memory/1980-5-0x000000000041F000-0x0000000000423000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
| MD5 | db69b41b1827ccc598a416e0d32e4a39 |
| SHA1 | acc35592e318c32d0f4ac768f32f1f8243ba230c |
| SHA256 | b5a4c7a05785ac51553953bf951c284ff03a9ac7d1cba15fa391d0b6c7aed5cc |
| SHA512 | d40479e0dd384a99fefbc8a43381dde21b2633320393566ecdb2895fa88008794b996d7fac3ddae102c6dd516cdb3c14e3e52ff7371472cc0894c444a4b4d867 |
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log
| MD5 | c914f5b83ed80cb8b93df05637dc6701 |
| SHA1 | 2f5fcb2daf7bfbc2a8d4f313a95fd2300674547b |
| SHA256 | a732200faff9d4f3e1537d08aa1c5116abf88f540d3f612cc418c9c9beddc850 |
| SHA512 | 0c17156d9badd83da1ea05a12ce650ee11f2b9da225642ec7cdafca5cf0d9219384225470fb5c01ee4635f092c0a28292fe66e6bb416aef66b65cd344624d7ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | e1158894b18f52d33151e37e5f9648d6 |
| SHA1 | f9d13b45ac50ac2811fca3f381f2ea4647d75c7a |
| SHA256 | 233f2b250918c7d7015c373b5ca163c0efeb8bc46aa285742a5fe21a53e78bcd |
| SHA512 | 5eb7f3547501363ebc53e36eca4f80abe72bf4c62451be6918f1f8270b43a10e8bcfef122ec1c04927c48971f5e49c811057a51c38eadcc617d1830e205c05cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
| MD5 | 891b1beb45c53a0b6d367668cf940bda |
| SHA1 | 9fb59590131a924f28dbac1fc3fca2d6b149b716 |
| SHA256 | 9255a65b809b158171b6c4c0ae11e28220e84bc63e5982d06e12134e886177be |
| SHA512 | 7ce8635c9fc8a3183e5493073b82777e984f291f566b4ae2822b8578045fc583de3b7b9d0c55f846897fd439174304911bc215a41c3943bd878f478ac9a23577 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | 9301f8b08f4a50edfdcb00222eff6d38 |
| SHA1 | 3572b7930dc0d057b9ce3da8f2e3ae55c6e8d1d8 |
| SHA256 | daf5a7b210974af392bc4b1f5b525f4780b1861dd80418a15743e09d1c1e4e9c |
| SHA512 | 371aa39b2c49599fbb72ffd66abaeb612204e9c95054b0c236b925365a48480e35a93c097967ac5960aa97f881940fb262fdc51d5305eaa0aeeeaf33040b3cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
| MD5 | 41abbf43f4ffb8d6fd44c6cc1d0df535 |
| SHA1 | 06ea5ccc2d8fdd9c3de05a127fa27a36eea5352d |
| SHA256 | baf69982271ba57e8b845dd473e465e0ce54836af8c46078c3cdba4c908066c7 |
| SHA512 | ec6225202f9b3d30bc7a63edbbd6b02ded1d610de2293aabbb8a3a2930dad23c8f4795ba41dedd68fe0657f0fa7cfb55594665b9aad6d77a77e932453aea38b5 |
C:\Windows\Installer\MSIA2E7.tmp
| MD5 | 0c80a997d37d930e7317d6dac8bb7ae1 |
| SHA1 | 018f13dfa43e103801a69a20b1fab0d609ace8a5 |
| SHA256 | a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86 |
| SHA512 | fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5 |
C:\Windows\Installer\MSIA346.tmp
| MD5 | e6fd0e66cf3bfd3cc04a05647c3c7c54 |
| SHA1 | 6a1b7f1a45fb578de6492af7e2fede15c866739f |
| SHA256 | 669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2 |
| SHA512 | fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb |
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml
| MD5 | c528466ba6d4f66966aa31021aa339dc |
| SHA1 | ee953f22f33b25d80cbfe250d64fed4d2da80091 |
| SHA256 | 546e928b7127a4515b089f0b913078404b664a5df33c928a281888c25b03760f |
| SHA512 | ebd159dbc6f47b6f70e4f47d9de6bc540c86c915c44df7a4dd50c1c6a431303bb06e22382e8a76e9e2399d24263feca64305a74fa4b50314f8b429b141af601c |
C:\Users\Admin\AppData\Local\Temp\5A8A29E9-78F4-4A1C-B7C2-6BC821FE2A40\lite_installer.exe
| MD5 | aafdfaa7a989ddb216510fc9ae5b877f |
| SHA1 | 41cf94692968a7d511b6051b7fe2b15c784770cb |
| SHA256 | 688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc |
| SHA512 | 6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44 |
C:\Users\Admin\AppData\Local\Temp\EDA6B66D-D266-4438-889A-EE6D9FA6BB53\seederexe.exe
| MD5 | 225ba20fa3edd13c9c72f600ff90e6cb |
| SHA1 | 5f1a9baa85c2afe29619e7cc848036d9174701e4 |
| SHA256 | 35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797 |
| SHA512 | 97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3 |
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml
| MD5 | f1083a9453af8796ae5b0df6d4e8ce57 |
| SHA1 | 2567b4c551c179614d213514bed8ceb20e4f97e8 |
| SHA256 | 637a4d28261e4819483ca7296cf6b6eb5768e2e82b218a3edca4c007b9941788 |
| SHA512 | fd5993494290326be52da2105ca176c588f490fd9c4a98514178a1459887064b6bd09f4e4168dd1a35a2e5e5b58b887cfc0e595e4b1a8e2a79bc93c2ea1cd880 |
C:\Users\Admin\AppData\Local\Temp\tmp1664aaaaaa
| MD5 | fefc3d677388386c29d8720c15b9db3f |
| SHA1 | 370f1f40ae5c652d87b3b8f42e67d827af2b1754 |
| SHA256 | 74d5e8d3cd8d659d8df8e6f306832dfc252e1a6e676bb60334e31b5943deb4fb |
| SHA512 | b462ca1ffb0798bedc39c945daa75ff73e0efbb1c6dfdb262e6b2936158933f514f0b4169e811069df11aaeaebd39c826ce0caf9f6eb6d77de249fca6abe39fe |
C:\Config.Msi\e57a1a0.rbs
| MD5 | b9c0200932c380cc01db0dc8ab4a6252 |
| SHA1 | bfa3841893eb761cdd15563b8bfb52a8cae72836 |
| SHA256 | 8be55f52c75145d77d7c75e8f007056cd4a5f831acfdb789493ce8fb86f20263 |
| SHA512 | fc0e55ea57ea17284be54ee22f96e4014776174186bf72bc1a9abfb05514612a6b49cf6f9e8c4188382773adeb95220aaa0b7a72aa8eb3248072ab077d8653fe |
memory/1980-226-0x0000000010000000-0x0000000010030000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\omnija-20244716.zip
| MD5 | c5750fc92569e781bd36bdcc8215aa4c |
| SHA1 | 4c9a2b4b4da46de31c27120c76a8f74d410cba17 |
| SHA256 | eeb36cbca086fc67b9eb6946db764d8d2940a0dc22b2cea28c0d77e4d1e3ed78 |
| SHA512 | 602a26fce9bd2f6b724a7e741191c611cbcbff5fbde616123379cea6a4b8fd629cbdf6d2b2314324d38d8c96b7fe6a57416d93d46b29d35388d0dad9147946f7 |
\??\PIPE\wkssvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8ldjzjqt.Admin\places.sqlite-20240916174709.218969.backup
| MD5 | 314cb7ffb31e3cc676847e03108378ba |
| SHA1 | 3667d2ade77624e79d9efa08a2f1d33104ac6343 |
| SHA256 | b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1 |
| SHA512 | dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20240916174709.359592.backup
| MD5 | 3adec702d4472e3252ca8b58af62247c |
| SHA1 | 35d1d2f90b80dca80ad398f411c93fe8aef07435 |
| SHA256 | 2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335 |
| SHA512 | 7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20240916174709.359592.backup
| MD5 | af006f1bcc57b11c3478be8babc036a8 |
| SHA1 | c3bb4fa8c905565ca6a1f218e39fe7494910891e |
| SHA256 | ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c |
| SHA512 | 3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af |
C:\Users\Admin\AppData\Local\Temp\A7A20E76-6C06-4ECA-A344-EAA148A7E26E\sender.exe
| MD5 | f1a8f60c018647902e70cf3869e1563f |
| SHA1 | 3caf9c51dfd75206d944d4c536f5f5ff8e225ae9 |
| SHA256 | 36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577 |
| SHA512 | c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | 80f3bcfc6945bb24925c96895b4746b9 |
| SHA1 | 34305a706b01c14f079bafcb3df4466d7c4baf02 |
| SHA256 | 38fdbf9e8d4f1e2699def0364c0aa2e99628a23e8e149cc729e3a780507ddbca |
| SHA512 | 34f4eb128055ae771204f81d0020a0e385d53d055fe42cdb67506b909640517c5142efa3ef2445365303aa0523e089501d2132777d81c1538e321999ffb10767 |