floxif | 631355e89fe833494f9e95afdd8e7184ac9eb48bf07538926efc0c490571d7f9

Analysis

max time kernel
96s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Size

10.2MB
MD5

bb5d5da1d5466da7c8f9f9934107a356
SHA1

fb50610d4d522d193efedb2bda725c7dc7bb8056
SHA256

631355e89fe833494f9e95afdd8e7184ac9eb48bf07538926efc0c490571d7f9
SHA512

1a197ea852eaeacb5cad5681a1d25c0b9ba980e286bceaea45de00e1b595d7fec837bfccfa7999bf0b3882f80d767bab5c0cdb453ddf38a221f9cb1d5be8f029
SSDEEP

196608:adad4T0xcsSB5orrcbSsi0s/lmPJ7N3VvXWrqufezvqG:GadCoXrlAJ7N3pXW2uGzyG

Score

10^/10

floxif backdoor discovery persistence privilege_escalation spyware stealer trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral2/files/0x000c000000023b9e-1.dat	floxif

Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000c000000023b9e-1.dat	acprotect

Executes dropped EXE 3 IoCs

pid	Process
3808	lite_installer.exe
376	seederexe.exe
12812	sender.exe

Loads dropped DLL 18 IoCs

pid	Process
2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
740	MsiExec.exe
740	MsiExec.exe
740	MsiExec.exe
740	MsiExec.exe
740	MsiExec.exe
740	MsiExec.exe
740	MsiExec.exe
740	MsiExec.exe
3808	lite_installer.exe
740	MsiExec.exe
740	MsiExec.exe
376	seederexe.exe
740	MsiExec.exe
12812	sender.exe
3808	lite_installer.exe
3808	lite_installer.exe
3808	lite_installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\S:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\V:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\X:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\U:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\W:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\N:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\K:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\Q:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\M:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\Z:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\e:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\O:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\P:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\T:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\Y:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\E:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\H:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\R:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\J:	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000c000000023b9e-1.dat	upx
behavioral2/memory/2448-3-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/740-42-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3808-91-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/376-105-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/740-232-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/2448-273-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/12812-8747-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/376-8751-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3808-8768-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/12812-8772-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\symsrv.dll	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
File created	\??\c:\program files\common files\system\symsrv.dll.000	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e57d561.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57d561.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID842.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID785.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID7D4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID8A2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID8D2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID931.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID98F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID726.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID872.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSID9DE.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDA5C.tmp	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lite_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	seederexe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sender.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\SearchScopes	seederexe.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Main	seederexe.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
3596	msiexec.exe
3596	msiexec.exe
3808	lite_installer.exe
3808	lite_installer.exe
376	seederexe.exe
376	seederexe.exe
12812	sender.exe
12812	sender.exe
3808	lite_installer.exe
3808	lite_installer.exe
3808	lite_installer.exe
3808	lite_installer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeShutdownPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeIncreaseQuotaPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeSecurityPrivilege	3596	msiexec.exe
Token: SeCreateTokenPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeLockMemoryPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeIncreaseQuotaPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeMachineAccountPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeTcbPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeSecurityPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeTakeOwnershipPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeLoadDriverPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeSystemProfilePrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeSystemtimePrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeProfSingleProcessPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeIncBasePriorityPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeCreatePagefilePrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeCreatePermanentPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeBackupPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeRestorePrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeShutdownPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeDebugPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeAuditPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeSystemEnvironmentPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeChangeNotifyPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeRemoteShutdownPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeUndockPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeSyncAgentPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeEnableDelegationPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeManageVolumePrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeImpersonatePrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeCreateGlobalPrivilege	2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeDebugPrivilege	740	MsiExec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeDebugPrivilege	3808	lite_installer.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeDebugPrivilege	376	seederexe.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe
Token: SeRestorePrivilege	3596	msiexec.exe
Token: SeTakeOwnershipPrivilege	3596	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
2448	2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 740	3596	msiexec.exe	84
PID 3596 wrote to memory of 740	3596	msiexec.exe	84
PID 3596 wrote to memory of 740	3596	msiexec.exe	84
PID 740 wrote to memory of 3808	740	MsiExec.exe	85
PID 740 wrote to memory of 3808	740	MsiExec.exe	85
PID 740 wrote to memory of 3808	740	MsiExec.exe	85
PID 740 wrote to memory of 376	740	MsiExec.exe	87
PID 740 wrote to memory of 376	740	MsiExec.exe	87
PID 740 wrote to memory of 376	740	MsiExec.exe	87
PID 376 wrote to memory of 12812	376	seederexe.exe	88
PID 376 wrote to memory of 12812	376	seederexe.exe	88
PID 376 wrote to memory of 12812	376	seederexe.exe	88

C:\Users\Admin\AppData\Local\Temp\2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-29_bb5d5da1d5466da7c8f9f9934107a356_floxif_luca-stealer_magniber.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2448

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 012E52EBB1BA79BCF648C2DB0B5A2701
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:740
- - C:\Users\Admin\AppData\Local\Temp\1A6848DA-3673-48C3-A6CE-874D323BCAB8\lite_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\1A6848DA-3673-48C3-A6CE-874D323BCAB8\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\BBCA8892-3ACE-4214-B9D2-3613D67CF9A6\seederexe.exe
    "C:\Users\Admin\AppData\Local\Temp\BBCA8892-3ACE-4214-B9D2-3613D67CF9A6\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\1034FADE-DE80-45E1-9AD3-DA976FD87FBA\sender.exe" "--is_elevated=yes" "--ui_level=5" "--good_token=x" "--no_opera=n"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\1034FADE-DE80-45E1-9AD3-DA976FD87FBA\sender.exe
      C:\Users\Admin\AppData\Local\Temp\1034FADE-DE80-45E1-9AD3-DA976FD87FBA\sender.exe --send "/status.xml?clid=2414917&uuid=f297d378-95e6-4608-a124-4be154b786e5&vnt=Windows 10x64&file-no=8%0A15%0A25%0A45%0A57%0A59%0A102%0A111%0A125%0A129%0A"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:12812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Privilege Escalation

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57d562.rbs

Filesize
575B

MD5
5b867b7f03ac3ec46b186b0c263b76dd

SHA1
83dc4f4858fab0c6f978b5aeac29d0ac31bb6d6a

SHA256
56f2136c76e092f935e50407040bec33bfe4cc89b1878090d90111cb4cffc867

SHA512
7ad0ce339d03744c64372099282251cc57db83126ebe1a41a42a97efd9fa52c23fa08b9812edb1140e927fbe075028a1282c52bbb74d280491b31f45b144d24e

Download Submit
C:\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
740959436988f1c44208ddb07086c963

SHA1
3926a413a3fa7e3ebabe7a26fd6a57f77468b48f

SHA256
f14f4b48dbc7b7f5a6f1196738e4d580254a08afbda1025096db7c43594f3544

SHA512
ab1f1ba1a29ebbf5d84457d4eabe369e290324d40987dc8e0779eb1c311e980e16a6f101892f85db3a342f0ffcade5311e20380e301df0dedafcfea30b584520

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
2ce7d38642a7377b048c5138fca9214a

SHA1
dc4281273bada40898b040d11f832d566ff72b58

SHA256
6079c97828fb8e96383a73056c135ff9f0dc2f1f2d2ee709fc63d23125030b0c

SHA512
c9bdf227f0fda8eda3d110905057a103090e3314d75d35ca3aa5fa20119cf8961407a1fde673296607bfb7069c242058853df506896e084fb4bbcfce0a356345

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
d7efa10377c4aa63937dc8f7d0884d56

SHA1
f091781c13ba7e1b8cdb190daa7f5124a59bf20d

SHA256
99fa5b4925e156cac775abea3cc1c45de55302b9a6a0dd56d2c88a110d7142bb

SHA512
2b47ea68e262d2ad8be087682df6d846f089e8e8844c3c749cd31b662703983e1246b46905881d4d085deb02e30cd775af1beca4a378d29831884d871c30c8b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
593075cb7a42a9fecc65bf8903d05e91

SHA1
6d149efdbff245260bd39e22cf8e477bc2ad6a50

SHA256
8ca766cea459aced218f69591dc96e84f38b4751ca3b4f50cabac0ab314fdfb4

SHA512
fd9d1503afdd03cd58125ccc465023dbfde2a3d31269c028074556d4a2adbaa2dc86e0237f5696571c3b073752de637f7a62334c246820589082196a40337df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\1034FADE-DE80-45E1-9AD3-DA976FD87FBA\sender.exe

Filesize
260KB

MD5
f1a8f60c018647902e70cf3869e1563f

SHA1
3caf9c51dfd75206d944d4c536f5f5ff8e225ae9

SHA256
36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577

SHA512
c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1034FADE-DE80-45E1-9AD3-DA976FD87FBA\sender.exe.tmp

Filesize
337KB

MD5
b3078f0a27d8656e92511d269b2b318b

SHA1
b48d797bf98d2f030ba29e3e194b443a7fa78606

SHA256
b03c1f89cd88fa858561c60ae91519a913296c5050ff93b88437f37ed483ab01

SHA512
592324ce0b268a51294ca01f1ba39595996ec0b5cb17cae1bab9e0cb3f55aeac8514a3b75641fc56b3923c4c71a2b24345f92ff84a2836133c2d7d99c5078cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\1A6848DA-3673-48C3-A6CE-874D323BCAB8\lite_installer.exe

Filesize
419KB

MD5
aafdfaa7a989ddb216510fc9ae5b877f

SHA1
41cf94692968a7d511b6051b7fe2b15c784770cb

SHA256
688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc

SHA512
6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\1A6848DA-3673-48C3-A6CE-874D323BCAB8\lite_installer.exe.tmp

Filesize
495KB

MD5
f8a1d32bbf7c4b297a2ad6d5140d5aa4

SHA1
a9da80ca1c399a5882612e4b58e02079189df906

SHA256
3cfe1dd6fdf4c858b378c2866d1f15d0f878dacc6e9dc4517f06435dece0cc42

SHA512
7908f790b2cbb945eccbd1c796ec596fd5ede4b5d595f31b29dcc44448bb2ca90e2244af3bc16cb48a4c1103fa04700b3e9effc68b60ce96d56cf0b6f9050e6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\A1D26E2\CFD31244990.tmp

Filesize
10.1MB

MD5
a6e544cd5444adbb28a23ad13e021af6

SHA1
7e6202eb5a6d1b7d8dc8ccd1358c615ea08f231c

SHA256
b385bafcb39d1f1058984f10820492b95c3a4532eb8e72d3a155b7e3ad34b3ab

SHA512
c06e102c25e04365f907a68762c392226986bc872175b068a3c2501ad6d1624091580e1052205b557252b34410b55603d01a1c60b2701ecf25cab7a894ef4023

Download Submit
C:\Users\Admin\AppData\Local\Temp\BBCA8892-3ACE-4214-B9D2-3613D67CF9A6\seederexe.exe

Filesize
8.6MB

MD5
225ba20fa3edd13c9c72f600ff90e6cb

SHA1
5f1a9baa85c2afe29619e7cc848036d9174701e4

SHA256
35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797

SHA512
97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

Filesize
34KB

MD5
de53c3292f55ae9feede02f845e6fef1

SHA1
ff856a3c17ad7af27372606a591caada2c9d61a5

SHA256
80c754d39f1d819707c6867d5029139809ac74e090a8b2a61093db1a8ffc9d03

SHA512
91e2fcd4fc7653727ac50455523dcb16b93b7014623856f3746a629f6206e5540e6a08adbc858e0f44e9159b8fe06e1164e1322173a42bc0c9a5c2a62ed48fa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

Filesize
530B

MD5
c0cfa158f6441d43bb397b15ca1675f3

SHA1
afbab04c2907398d7f235b784f485bc18d3c1e72

SHA256
add07fef94e1b178b2249b4e3e08617462ee947af47e8fea482ef709ed10ca3d

SHA512
b0b78c5ad8629975d78d8db5c508eb9d361f322664e899623fd2d45f1eeedef828b91c02f514f5180300b081c1d049a99e69a1a2da558c8349cb23beea02e185

Download Submit
C:\Users\Admin\AppData\Local\Temp\omnija-20243129.zip

Filesize
42.1MB

MD5
bf952b53408934f1d48596008f252b8d

SHA1
758d76532fdb48c4aaf09a24922333c4e1de0d01

SHA256
2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686

SHA512
a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

Filesize
509B

MD5
05e3ea69740948960f63ad39f75944da

SHA1
a130186e3072180eddd8cacb54d337f88779d057

SHA256
5ded61233d99c2834af07bff0690a6a0e9c745229c59c5f4fb7aeb0ecc9c71cd

SHA512
97c303c5b3cf7f2074bb093bf8e3640e1b6051294e7d2df9dd5b6957e42f1cff6032f1e82233e3fcae5d06404501204ea1f7e2f25ba645f119079e957c571bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

Filesize
9.8MB

MD5
7d0bbbe45fcdf75ccc2ef62438f2e362

SHA1
150a12869119484b43028b76f984d29cd5aa310b

SHA256
278495b4f83bbf9ba5d1e9be4cabbb286b06a2e74e54448a91ac117847d184f2

SHA512
f2de2bd795e68b3c6d95fa372fc6101076079d86d9eeb1bd2f05caac025fd3749617ea3713f992d4c2e781afd761591596136edc2d3e4ddc788c76da6fa095f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5keoqj3l.Admin\places.sqlite-20241229183114.680112.backup

Filesize
68KB

MD5
314cb7ffb31e3cc676847e03108378ba

SHA1
3667d2ade77624e79d9efa08a2f1d33104ac6343

SHA256
b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

SHA512
dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20241229183114.742629.backup

Filesize
1KB

MD5
3adec702d4472e3252ca8b58af62247c

SHA1
35d1d2f90b80dca80ad398f411c93fe8aef07435

SHA256
2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

SHA512
7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20241229183114.742629.backup

Filesize
313B

MD5
af006f1bcc57b11c3478be8babc036a8

SHA1
c3bb4fa8c905565ca6a1f218e39fe7494910891e

SHA256
ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

SHA512
3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
d8e6aec2fbbd0456636902de16c9f552

SHA1
6b26a51c17833c680709996b4749dc5df9355575

SHA256
a6f71ea07fd73ef56d598a3944f0f1fc995c0b28e92cbd3d185789db9d2d646e

SHA512
ebb95fbffbd5f1f0fe286d89c1bc5903426b54c1506bd775180f3b70178a7f3b7c1ae5570357b4e6c961f20bdc967f4c038ca6bf8f9cbea531f3fde26ed36bfc

Download Submit
C:\Windows\Installer\MSID726.tmp

Filesize
181KB

MD5
0c80a997d37d930e7317d6dac8bb7ae1

SHA1
018f13dfa43e103801a69a20b1fab0d609ace8a5

SHA256
a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86

SHA512
fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

Download Submit
C:\Windows\Installer\MSID785.tmp

Filesize
189KB

MD5
e6fd0e66cf3bfd3cc04a05647c3c7c54

SHA1
6a1b7f1a45fb578de6492af7e2fede15c866739f

SHA256
669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2

SHA512
fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb

Download Submit
memory/376-8751-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/376-105-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/740-42-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/740-232-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2448-5-0x0000000000411000-0x0000000000414000-memory.dmp

Filesize
12KB

Download
memory/2448-3-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2448-273-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3808-91-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3808-8766-0x0000000000570000-0x00000000005D9000-memory.dmp

Filesize
420KB

Download
memory/3808-8768-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/12812-8747-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/12812-8772-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/12812-8770-0x0000000000960000-0x00000000009A2000-memory.dmp

Filesize
264KB

Download