floxif | a1f05c329a829fd7f0f1d95eecf3665758c75f598e73d0c6b58fbe37f02dd9d1

Analysis

max time kernel
95s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2025 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Size

10.2MB
MD5

5ae8e7af36bf402634bfac8ae989a083
SHA1

c6fd81b68c3f2c09c35f2d6411f30291a8b8de12
SHA256

a1f05c329a829fd7f0f1d95eecf3665758c75f598e73d0c6b58fbe37f02dd9d1
SHA512

686eda018f424aad2cf6b3f0cd922f55ce246605773b8d65f3692fd2a47557515a27463ca110073c96a8287a11aa33daedcb146092567f6a191e77d778d08361
SSDEEP

196608:Odad4T0xcsSB5orrcbSsi0s/lmPJ7N3VvXWrqufezvqb:CadCoXrlAJ7N3pXW2uGzyb

Score

10^/10

floxif backdoor discovery spyware stealer trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral2/files/0x000c000000023b51-1.dat	floxif

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000c000000023b51-1.dat	acprotect

Executes dropped EXE 3 IoCs

pid	Process
3260	lite_installer.exe
844	seederexe.exe
5752	sender.exe

Loads dropped DLL 11 IoCs

pid	Process
3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe
1096	MsiExec.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\W:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\U:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\J:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\K:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\N:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\e:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\T:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\L:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\V:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\O:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\S:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\Y:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\M:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\Q:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\R:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\X:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\Z:	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000c000000023b51-1.dat	upx
behavioral2/memory/3664-3-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral2/memory/3664-227-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\symsrv.dll	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
File created	\??\c:\program files\common files\system\symsrv.dll.000	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8CA3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8D52.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8EBC.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}	msiexec.exe
File created	C:\Windows\Installer\e5789f0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8B48.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8BB6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8CD3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8D91.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5789f0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8C06.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8CF3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8DF0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8F2A.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sender.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lite_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	seederexe.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000\Software\Microsoft\Internet Explorer\SearchScopes	seederexe.exe
Key created	\REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000\Software\Microsoft\Internet Explorer\Main	seederexe.exe

Modifies system certificate store 2 TTPs 3 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
2140	msiexec.exe
2140	msiexec.exe
3260	lite_installer.exe
3260	lite_installer.exe
844	seederexe.exe
844	seederexe.exe
5752	sender.exe
5752	sender.exe
3260	lite_installer.exe
3260	lite_installer.exe

Suspicious use of AdjustPrivilegeToken 61 IoCs

description	pid	Process
Token: SeDebugPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeShutdownPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeIncreaseQuotaPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeSecurityPrivilege	2140	msiexec.exe
Token: SeCreateTokenPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeLockMemoryPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeIncreaseQuotaPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeMachineAccountPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeTcbPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeSecurityPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeTakeOwnershipPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeLoadDriverPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeSystemProfilePrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeSystemtimePrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeProfSingleProcessPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeIncBasePriorityPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeCreatePagefilePrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeCreatePermanentPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeBackupPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeRestorePrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeShutdownPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeDebugPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeAuditPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeSystemEnvironmentPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeChangeNotifyPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeRemoteShutdownPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeUndockPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeSyncAgentPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeEnableDelegationPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeManageVolumePrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeImpersonatePrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeCreateGlobalPrivilege	3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe
Token: SeRestorePrivilege	2140	msiexec.exe
Token: SeTakeOwnershipPrivilege	2140	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
3664	2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 1096	2140	msiexec.exe	88
PID 2140 wrote to memory of 1096	2140	msiexec.exe	88
PID 2140 wrote to memory of 1096	2140	msiexec.exe	88
PID 1096 wrote to memory of 3260	1096	MsiExec.exe	89
PID 1096 wrote to memory of 3260	1096	MsiExec.exe	89
PID 1096 wrote to memory of 3260	1096	MsiExec.exe	89
PID 1096 wrote to memory of 844	1096	MsiExec.exe	91
PID 1096 wrote to memory of 844	1096	MsiExec.exe	91
PID 1096 wrote to memory of 844	1096	MsiExec.exe	91
PID 844 wrote to memory of 5752	844	seederexe.exe	92
PID 844 wrote to memory of 5752	844	seederexe.exe	92
PID 844 wrote to memory of 5752	844	seederexe.exe	92

C:\Users\Admin\AppData\Local\Temp\2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_5ae8e7af36bf402634bfac8ae989a083_floxif_luca-stealer_magniber.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3664

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2C15FAAA89178ECC4B8B405882D2ABF0
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1096
- - C:\Users\Admin\AppData\Local\Temp\03931193-75FC-4771-9A26-B10573F5A118\lite_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\03931193-75FC-4771-9A26-B10573F5A118\lite_installer.exe" --use-user-default-locale --silent --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3260
- - C:\Users\Admin\AppData\Local\Temp\B144C5D0-AA38-4E59-84CB-E52B534E2F5B\seederexe.exe
    "C:\Users\Admin\AppData\Local\Temp\B144C5D0-AA38-4E59-84CB-E52B534E2F5B\seederexe.exe" "--yqs=" "--yhp=" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\E2881970-EAA9-4D3D-85E0-0563529DEC97\sender.exe" "--is_elevated=yes" "--ui_level=5" "--good_token=x" "--no_opera=n"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\E2881970-EAA9-4D3D-85E0-0563529DEC97\sender.exe
      C:\Users\Admin\AppData\Local\Temp\E2881970-EAA9-4D3D-85E0-0563529DEC97\sender.exe --send "/status.xml?clid=2270201&uuid=40048f7b-279b-49d0-b768-d4b81aba0005&vnt=Windows 10x64&file-no=8%0A15%0A25%0A45%0A57%0A59%0A102%0A111%0A125%0A129%0A"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5789f1.rbs

Filesize
575B

MD5
e7288109e9c1290cd2481bf9d0407ae2

SHA1
d64467a1487d801e008da2e06a6948cd0361c837

SHA256
651e28accb68726f0cd0f61074b1c1e216e6d5b2c3164ceb1ef29015454ccc71

SHA512
e48f137e4288c76bb6e4fd25b9248edc3b111c9ddb39c18a2972748f8a671f0b0fc796f988bb9bd085e204e1be08aab4ba40effef375d1c61920f8b126c8131e

Download Submit
C:\Program Files\Common Files\System\symsrv.dll

Filesize
67KB

MD5
7574cf2c64f35161ab1292e2f532aabf

SHA1
14ba3fa927a06224dfe587014299e834def4644f

SHA256
de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

SHA512
4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
1KB

MD5
d463deae82088ebefd1c9b996606a5bf

SHA1
f75fc30aa2a71f059b300778a3bff49f816667fa

SHA256
2d87fbcd5d7000fff79b638e3c0d0ec74f09ddbe06c4cd5bc4d3239a55e335b1

SHA512
27e486b8a2d5337ac508422aea05e192b3d071150868cddbe0107720404802690e1bbc8851a50583bcf7880c0bffc9a13e7e0a6f6ac7c0d9a6488cbf5afa3c48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
62d5f9bf75d1b0af9c69ffcfa08a0783

SHA1
49ca98729a8fa9469c3fc6889c20da4a395eebe0

SHA256
a9f505b455446c5be813e8df5cdad9d67f6dbd8f2786b417c73dfaadbdf1549f

SHA512
9bd9839b21ed5cd1f654bda2b0288207e2a83251ccfde8f6b6bf2397a1bd17b99ed7d5b45480a7131d2ef8cdeaed02b703cefc1d58b526e4457cb663a1afbaf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

Filesize
536B

MD5
71a3712ad651ddc9ccc56c25dad42676

SHA1
29c580125f9486bcefabcd72b417da0c2170f391

SHA256
7c12283ca6c48df4b30c47785bfe16a1b96528ae7bc59125cece3e753c8c1e60

SHA512
fd412b0f079b4ac3270fa761e936e13296d6490e0958c75158034fdfbaed33fa267383ec9365c338c0ee407b5b848291f2543b7cd05701f71268b963e7d4c4ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
02c4ce336e6531ec74bfff2e9bd5b94d

SHA1
bb8dafc5dee4ece7d78d36374cf583af1b648478

SHA256
b4f48c2e03bcd4eab1ce8632a0b26613409ad2d782dae469dc1e1de7de909832

SHA512
32959708fb5deb7382da2618212f7dcafb78122bc83a1bac99700afa36c5c218b5ed030129078352436db57f46d9e9cfebe4bbda4f5400df77462a22cc5ced38

Download Submit
C:\Users\Admin\AppData\Local\Temp\03931193-75FC-4771-9A26-B10573F5A118\lite_installer.exe

Filesize
419KB

MD5
aafdfaa7a989ddb216510fc9ae5b877f

SHA1
41cf94692968a7d511b6051b7fe2b15c784770cb

SHA256
688d0b782437ccfae2944281ade651a2da063f222e80b3510789dbdce8b00fdc

SHA512
6e2b76ff6df79c6de6887cf739848d05c894fbd70dc9371fff95e6ccd9938d695c46516cb18ec8edd01e78cad1a6029a3d633895f7ddba4db4bf9cd39271bd44

Download Submit
C:\Users\Admin\AppData\Local\Temp\B144C5D0-AA38-4E59-84CB-E52B534E2F5B\seederexe.exe

Filesize
8.6MB

MD5
225ba20fa3edd13c9c72f600ff90e6cb

SHA1
5f1a9baa85c2afe29619e7cc848036d9174701e4

SHA256
35585d12899435e13e186490fcf1d270adbe3c74a1e0578b3d9314858bf2d797

SHA512
97e699cffe28d3c3611570d341ccbc1a0f0eec233c377c70e0e20d4ed3b956b6fe200a007f7e601a5724e733c97eaddc39d308b9af58d45f7598f10038d94ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\E2881970-EAA9-4D3D-85E0-0563529DEC97\sender.exe

Filesize
260KB

MD5
f1a8f60c018647902e70cf3869e1563f

SHA1
3caf9c51dfd75206d944d4c536f5f5ff8e225ae9

SHA256
36022c6ecb3426791e6edee9074a3861fe5b660d98f2b2b7c13b80fe11a75577

SHA512
c02dfd6276ad136283230cdf07d30ec2090562e6c60d6c0d4ac3110013780fcafd76e13931be53b924a35cf473d0f5ace2f6b5c3f1f70ce66b40338e53d38d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log

Filesize
34KB

MD5
6dfc428404da395cdde91b063a6e8db6

SHA1
39a3dafada33c49f2891aae6892ef5a6564858bc

SHA256
7d50ab973b994b7c1364dfb011b248f86ce2a97aef8d287f47bbe560e3ef6b6c

SHA512
8bd78614042f626829cf39d607a5d350efe1197d95fdf21f3f963c183769a123d85872f8d5df120ecb9f8ea2f74e4c2d425d95f1ea5c40b15e5f15f41b46e826

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml

Filesize
531B

MD5
54ead660b816390c2b87cd7d71a2afcc

SHA1
cc262283e37d30a7b8bb9979b33b00da835f2bdb

SHA256
a988e91ea29d58ab71185c76d5cc57c149ca560881153b3f76cb1e300f065c03

SHA512
09834497c73221590af52c9ddac52898a65d1ecfaa4cfccb42d9af630aa2aea158bca344aafbf505351ce5dd2b2877164ddccd74f04168c357838cace26dc016

Download Submit
C:\Users\Admin\AppData\Local\Temp\omnija-20252502.zip

Filesize
42.1MB

MD5
bf952b53408934f1d48596008f252b8d

SHA1
758d76532fdb48c4aaf09a24922333c4e1de0d01

SHA256
2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686

SHA512
a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\vendor00000.xml

Filesize
548B

MD5
cb52ee95e3ed46364871a8e4c074b83b

SHA1
836cbd90bbf68d483c10a38a9ee3fe4527c28fe1

SHA256
c2df50fe261a20e3a10b4da51bbb08b117ac46fc1f93aa42a344c0409f41155f

SHA512
0ac33bd1e64fa30214b3034db2ac6162a806649e1af1ffdfc0d82462a3de34161b858127a22cb33e37f2dd284800699fde7f55844dc493ac6ce2382961bd2469

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi

Filesize
9.8MB

MD5
8508abd9cfaf608797ab4cc0086e7988

SHA1
ac7441383d2c377e8ce2c510c14a3a96c8112d36

SHA256
bb7d090f731836ab07bcf84a827596c512c07d0d18fbe40ef6858aacbadd4156

SHA512
95c3724650ab7ddad392b62f385ca1b6b092fc5a95b5a4df88b817c828b51f7d987c750d8a7329e812ff68cc1ae9ced7eb8455bdb90b5ffb997d84a8d1a88308

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mls0zwi.Admin\places.sqlite-20250202192534.310813.backup

Filesize
68KB

MD5
314cb7ffb31e3cc676847e03108378ba

SHA1
3667d2ade77624e79d9efa08a2f1d33104ac6343

SHA256
b6d278384a3684409a2a86f03e4f52869818ce7dd8b5779876960353f7d35dc1

SHA512
dc795fa35ea214843a781ee2b2ef551b91b6841a799bef2c6fb1907d90f6c114071a951ebb7b2b30e81d52b594d447a26ab12ddb57c331e854577d11e5febef5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Bookmarks-20250202192534.404551.backup

Filesize
1KB

MD5
3adec702d4472e3252ca8b58af62247c

SHA1
35d1d2f90b80dca80ad398f411c93fe8aef07435

SHA256
2b167248e8136c4d45c2c46e2bff6fb5e5137dd4dfdccde998599be2df2e9335

SHA512
7562e093d16ee6305c1bb143a3f5d60dafe8b5de74952709abc68a0c353b65416bf78b1fa1a6720331615898848c1464a7758c5dfe78f8098f77fbfa924784c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Preferences-20250202192534.404551.backup

Filesize
313B

MD5
af006f1bcc57b11c3478be8babc036a8

SHA1
c3bb4fa8c905565ca6a1f218e39fe7494910891e

SHA256
ed6a32e11cc99728771989b01f5ae813de80c46a59d3dc68c23a4671a343cb8c

SHA512
3d20689b0f39b414349c505be607e6bfc1f33ac401cf62a32f36f7114e4a486552f3e74661e90db29402bb85866944e9f8f31baba9605aa0c6def621511a26af

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
c4c21c502909ac1eb4096ba0be7c5f9d

SHA1
203125acd2c3a605399a1e497f4fc24f485fd919

SHA256
e32191a1d943c4163d03fad2296c7a0accfa72a923b00b6550947aabaaacdc17

SHA512
34562b9dcde59b4d726802d341337b46e0639b3ed54c98f2c1ba8ffe03e9c4d18b75785c4e7522d91c596c076c53df33e47c7c8ba71fe2967611dd1027077631

Download Submit
C:\Windows\Installer\MSI8B48.tmp

Filesize
181KB

MD5
0c80a997d37d930e7317d6dac8bb7ae1

SHA1
018f13dfa43e103801a69a20b1fab0d609ace8a5

SHA256
a5dd2f97c6787c335b7807ff9b6966877e9dd811f9e26326837a7d2bd224de86

SHA512
fe1caef6d727344c60df52380a6e4ab90ae1a8eb5f96d6054eced1b7734357ce080d944fa518cf1366e14c4c0bd9a41db679738a860800430034a75bb90e51a5

Download Submit
C:\Windows\Installer\MSI8BB6.tmp

Filesize
189KB

MD5
e6fd0e66cf3bfd3cc04a05647c3c7c54

SHA1
6a1b7f1a45fb578de6492af7e2fede15c866739f

SHA256
669cc0aae068ced3154acaecb0c692c4c5e61bc2ca95b40395a3399e75fcb9b2

SHA512
fc8613f31acaf6155852d3ad6130fc3b76674b463dcdcfcd08a3b367dfd9e5b991e3f0a26994bcaf42f9e863a46a81e2520e77b1d99f703bcb08800bdca4efcb

Download Submit
memory/3664-227-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3664-3-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3664-5-0x000000000041B000-0x000000000041E000-memory.dmp

Filesize
12KB

Download