5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949

Analysis

max time kernel
50s
max time network
141s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-05-2023 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trial_vegasedit20_dlm_z72jp2.exe
Size

6.0MB
MD5

d972ff5f4d61d431fecab867a52b0826
SHA1

13a0df9e547c410b7b56dd906357c6d9821ce82c
SHA256

5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949
SHA512

052667efefc4a911bf5c058ff0fbc0c52a87f253303bc55f6dc674689a6f87f7be0fcf7dbc61c24a83c051b501d7520e5e08723bebbb84a6fb9261abea1558b4
SSDEEP

98304:J/lBI0kkvsx20xjBteQFelhjTtJuTA76Yn87Tm6saDN:J/7vsx20xdoQulSA7jnszzD

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
984	MxDownloadManager.exe

Loads dropped DLL 6 IoCs

pid	Process
2036	trial_vegasedit20_dlm_z72jp2.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	MxDownloadManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MxDownloadManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MxDownloadManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MxDownloadManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	MxDownloadManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	MxDownloadManager.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
984	MxDownloadManager.exe
984	MxDownloadManager.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
984	MxDownloadManager.exe
984	MxDownloadManager.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2036	trial_vegasedit20_dlm_z72jp2.exe
2036	trial_vegasedit20_dlm_z72jp2.exe
2036	trial_vegasedit20_dlm_z72jp2.exe
2036	trial_vegasedit20_dlm_z72jp2.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe
984	MxDownloadManager.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 984	2036	trial_vegasedit20_dlm_z72jp2.exe	28
PID 2036 wrote to memory of 984	2036	trial_vegasedit20_dlm_z72jp2.exe	28
PID 2036 wrote to memory of 984	2036	trial_vegasedit20_dlm_z72jp2.exe	28
PID 2036 wrote to memory of 984	2036	trial_vegasedit20_dlm_z72jp2.exe	28
PID 2036 wrote to memory of 984	2036	trial_vegasedit20_dlm_z72jp2.exe	28
PID 2036 wrote to memory of 984	2036	trial_vegasedit20_dlm_z72jp2.exe	28
PID 2036 wrote to memory of 984	2036	trial_vegasedit20_dlm_z72jp2.exe	28

C:\Users\Admin\AppData\Local\Temp\trial_vegasedit20_dlm_z72jp2.exe
"C:\Users\Admin\AppData\Local\Temp\trial_vegasedit20_dlm_z72jp2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MxDownloadManager.exe
  "C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MxDownloadManager.exe" -m C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\SetupValues.dat -s VEGAS_Edit_20_trial -r
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:984

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6070.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\Bitmaps\mxgui.4.0\CPleaseWait.ini

Filesize
2KB

MD5
2a3825bed1711c17a63b94591de18f60

SHA1
90af15a3a46d084af3a7cc7debca24b053d5c85d

SHA256
4e23afcb82536d015aee2d822412e630a9db9fd52ecaea61b7d92d7adc2afac2

SHA512
9c354a4b8c0c9d3277074f5cac878a1cff4ee35f8609aaa17b38c076ed336ccf5a5e03c44cab2fbaaa2cffe6f5344fd64a9b87eb73749507a9f3e092e4b27ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\Bitmaps\mxgui.4.0\ProgressDialogTemplates.ini

Filesize
2KB

MD5
a8ab1555dc45a8ab1ffa4ce0f75a9fb0

SHA1
4cbd26a560a433dfc1d165fa4bb1e1b3b3a4dc24

SHA256
3cd528388545c659dbce6317ef29b9833a9163e1c07fd44c11a87f942efebc90

SHA512
ebf0b975af50329b4b8059dff39af61e2555198fe6aa9ce54f79359b55772272daae55a867171013f21d9d84ffd84fd8aa5ad410c2e695be4e5dd06944c7bc18

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\Bitmaps\mxgui.4.0\ProgressDialogTemplates.png

Filesize
38KB

MD5
cbe0a7c1ee665c7272873c031a0c5d52

SHA1
318173f246374dc2486aecbcf52c32d66ef12888

SHA256
9cf7ce3d45c97311e6a400413c61befccf9bf6e9820d5886414829d1d2f2ca86

SHA512
ed98e44a663f650e07231cd54f5d7b989ec4e5d5c11a1b4709a585a5f1cb4bcab9df5f78344754fb3d844cab0b72d6479e97b1568a5db8b2bb42ede038ba571e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\Install.cfg

Filesize
175B

MD5
fb03abcdad743f8878bf0cad99be93d7

SHA1
bb43a4feaff4c228831b2d26f03317a1c8064e6a

SHA256
70ba0fe32e0543b091e8b8685571f7140b4d167909cbc2b432c96560dd735069

SHA512
1c3ef31ccd01acb39568486bfeff2b335948145db2525b54293cac61563290375ec899cb67c4412bb37d49370bbc5a4547e84090fbea56a107e6ed57bade165f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MFL_rel_u_vc12.dll

Filesize
2.1MB

MD5
10a2916057e394bdf133ec9fc1af53a7

SHA1
5fadbef77b4d2d025ce25bd58a38316506c395eb

SHA256
73ccaa16d2d51b91f13bf614bb58ab1c7e3e718f8f1b5d8cc7cc273c6975fc9f

SHA512
b185dbb3d79d9eabc64fe830141fb66b003182395ae1af025b41796014ecadb8d4ab7c1176eaad6bacb75b1514d19892ed1581fb07b2185abc8a0fbae673b435

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MxDownloadManager-en_us.dll

Filesize
146KB

MD5
b7265a7947fafb2d5171c7b670f09ffd

SHA1
0488099f2b4fa03eb9f8a59a775ed84798694920

SHA256
97da4a27405892cc76768cb0c0395676f52e13badbea23e5ab34ff57a2b0a065

SHA512
25c0931ec8a8dd2f9e185b1b3b91654b2488612c52c01349ff6a44ed747f6c9e980073b4b6fe96ba09e9cd15dd64235401c2b801997186c9398a5aeb07cd1cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MxDownloadManager.exe

Filesize
4.4MB

MD5
905d131d7b194f043763ae13bdaefb0b

SHA1
a8970cc49d84810b38a6dcdf15230af9da0a6544

SHA256
16fa6a5718c680796b8c57869e3f0f1f9777f1f7b4f8c1175484f4e8643523b7

SHA512
ba5419f0090284075ebc36d72f8e06782294277a389ed62c6ad2da1bbf42276c73c0261e65ccac156919d22c0f993cf2154fcbf5f906a77dfb511824a2ff3f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MxDownloadManager.exe

Filesize
4.4MB

MD5
905d131d7b194f043763ae13bdaefb0b

SHA1
a8970cc49d84810b38a6dcdf15230af9da0a6544

SHA256
16fa6a5718c680796b8c57869e3f0f1f9777f1f7b4f8c1175484f4e8643523b7

SHA512
ba5419f0090284075ebc36d72f8e06782294277a389ed62c6ad2da1bbf42276c73c0261e65ccac156919d22c0f993cf2154fcbf5f906a77dfb511824a2ff3f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\PlayRIpl.dll

Filesize
26KB

MD5
af0e57d11bbf785061dedbff7fed542f

SHA1
1a42c58de59c241ad10e672842685474bb3432fe

SHA256
3ad1ccbf5b5b8929289ac3de3030a140558318e6fafdfd981d09ed46a8cee142

SHA512
bd5df27e549dbf7435d92dedefcbf36f8cbee5705ff60b509e9aff6ea7de9a836b391737ba45acf4eee21b0cea95389a6d9dd98351690c8bb881f34d6cfc6868

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\PlayRIplPX.DLL

Filesize
630KB

MD5
62a6eb1dc7eb3ba7d79ae21b83684c59

SHA1
734d1ecd22cc60708c5bb62ef3b89ee80b4540e1

SHA256
03e4119172350c5cb01772da26856b87c2a1635ce0fe9d21decc8d710f9d51ed

SHA512
e6924b5da581bdf14f9a91bf7eabb42386f039ce30b7a3108ad87228922bef7329fc25f7542b6e4f2c729bf866f1a38bb33e0672d6157259309d1622d3194b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\SetupInfo.ini

Filesize
3KB

MD5
5cf3ed275e6edb0d76f67cdba53ba942

SHA1
62078f5db380438d9f2a29710828c4c032d1a4f4

SHA256
3ea0361075eaf6629117884510d610168b739630fc9e33681a0b56bd01855f78

SHA512
eaa91e2c48db5d8f310473741931b93b7238ba82763e63dc9f56c4f456db2180c17b80ed275e4dcab81a1c063119ff44361969650272757290382a19ac72d88b

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\bitmaps\mxgui.4.0\CMxDownloadManagerDlg.ini

Filesize
8KB

MD5
f5763a04b92889a6f8c08172451cfdc3

SHA1
83504aad8cdb73ccf9c1f4ec8afe0cd0f6c4b470

SHA256
f733d9056c7c9e47e8e835518a677a1d75e2654f05698ea684790f3af7d9117a

SHA512
c0935fd4d8ee3a7591137efe1ba47bfff7fb85de4b1dc9067fe112e6a02558ed39797a2b0e51a17f19f0fa3d0788122a12b744b537268fa64738f0ff5568abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\bitmaps\mxgui.4.0\CMxDownloadManagerDlg_1.ini

Filesize
7KB

MD5
cb3982f5daf177bea4bfb4a9e72a18f5

SHA1
81dae2d3ccfd76fcc7b67e5a968ba5c8a3256262

SHA256
bf9aec3600822017b2580f1f3cef4725e2580184e9b2a3f476b304f3192b4a18

SHA512
3966758cd23c2e03f1e56f2ad8f57ea1aa728f28a16329d13ca8e197c533258af52f2cd7362e9d3782a4b7bc7f1807983cb31f845ba9a9978f239999f5cfe933

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\bitmaps\mxgui.4.0\Logo.png

Filesize
4KB

MD5
0e4712a4e4eba8b6b6829ca21fd6def8

SHA1
9ea22307eae3e98c4164aab685e5f651700f3f4f

SHA256
63a0002efbbb5698778ca16e61cd47654450614423bbd75d20f3f6e2bc3ac8ad

SHA512
79fba4b40495ba9fe59a577cb447f10be97d51c482a937471d10e3042a50f60428a8ef464064ee518f9f23aaed29d3e1bc6dc6a0ee744f441817d09b62fa4ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\bitmaps\mxgui.4.0\Promo.png

Filesize
6KB

MD5
88d4fb8ccf428e03806e3158d808e807

SHA1
65ba74821f4a64501f2e2b4b30da61ff398c0ad5

SHA256
7bc7a85a9f80fd97151ed4da6b3cfb27997f7dd7657a968b9ec8878266f4da34

SHA512
90d5d7c2c4e35b591f62cd5fdbd7c7b85a92c713d778c9d2fecc176dc71922d15022a07c638332c05aeaadc6ac9169dcdbe8354fc5155a95d2388172f54d6572

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\bitmaps\mxgui.4.0\controlTemplates.ini

Filesize
3KB

MD5
1c52b45ab82dec4d07801e6868a4c5da

SHA1
9d70baa7c74e97f1f32715d597f63fdb1c7998d7

SHA256
59ed53aab5990137b4c459dcbebe39fba5d6e2345628c0942dd3ac64d984b5fc

SHA512
62e9416df26baa25ea782e22426c4623b94afda7d934619843c3917a5ceb66d45da11838dd834b1a2788d89e04cdf29722f9bbe06475509729893e676abb6533

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\bitmaps\mxgui.4.0\generalTemplates.ini

Filesize
329B

MD5
d8acccb39fa2bcbc59ae3b7d26b1bc6f

SHA1
4b0d023e773cfc2db337e470b85fa8c4ed7fced4

SHA256
c1de2a676bf7c42f2626a7f9dd63b79774e8d8d39d3716d4e14372172b816608

SHA512
671aa9dba205da3de9f1aabd923f1f5c54e857de30758b63e765016de42b66af6dcd7a58666c3d9afc7eb666a5a760a63d59dcb51fc54465d8895beedc92a795

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\dm.xml

Filesize
1KB

MD5
2e95fc5a7cf2cb844f65aedc6bfce073

SHA1
19afaae86bc728933d54b77719a6c22d92766ce2

SHA256
b9211d7e370e247a50495fa376cb3b9ad9d9bfd12f7722f105bdf221d66df880

SHA512
14d82c3f2a0d417919dd4197ed112f714fc24d4e71d4d6b24e3af40c359723e8cc898f091fdd6f37f827e11af1f74d9cb34db06a436a8947d7c64fd6e3012aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\ijl20.dll

Filesize
2.3MB

MD5
30946bd927ea028b9e241d0075075420

SHA1
7d59bd881d669334dd3e210ed9609d14c0740d40

SHA256
2348bbdf3247e2c5227f58e57d790ceafdbe35625c6264f0912d249d5903c513

SHA512
8d2c34dbf0cb147c5b1933477e533d1d5753f9861d62afd371e37b516b3a5a1f013513e93072a7efc479273ef0a900fdb06de780966a05ca5bafde79bf70f2f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\installed.xml

Filesize
35B

MD5
aea624768256ae1708e75309bf8299ee

SHA1
c746983d25965ebfd98c6541731669f0d562c6b2

SHA256
8f49354f824579622074cc96a4e85f0e0e003f17367b6426cf3c0226a7c46fd6

SHA512
6d863b9f30e231b0c535b74ea4a4627b94f8ec20065bc1ab3e852f5c3dc72ab86ca20c83981e2c6f4f303a387d34b511453527f6817b2b48d1c8382cfdfbaea2

Download Submit
\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MFL_rel_u_vc12.dll

Filesize
2.1MB

MD5
10a2916057e394bdf133ec9fc1af53a7

SHA1
5fadbef77b4d2d025ce25bd58a38316506c395eb

SHA256
73ccaa16d2d51b91f13bf614bb58ab1c7e3e718f8f1b5d8cc7cc273c6975fc9f

SHA512
b185dbb3d79d9eabc64fe830141fb66b003182395ae1af025b41796014ecadb8d4ab7c1176eaad6bacb75b1514d19892ed1581fb07b2185abc8a0fbae673b435

Download Submit
\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MxDownloadManager-en_us.dll

Filesize
146KB

MD5
b7265a7947fafb2d5171c7b670f09ffd

SHA1
0488099f2b4fa03eb9f8a59a775ed84798694920

SHA256
97da4a27405892cc76768cb0c0395676f52e13badbea23e5ab34ff57a2b0a065

SHA512
25c0931ec8a8dd2f9e185b1b3b91654b2488612c52c01349ff6a44ed747f6c9e980073b4b6fe96ba09e9cd15dd64235401c2b801997186c9398a5aeb07cd1cb0

Download Submit
\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\MxDownloadManager.exe

Filesize
4.4MB

MD5
905d131d7b194f043763ae13bdaefb0b

SHA1
a8970cc49d84810b38a6dcdf15230af9da0a6544

SHA256
16fa6a5718c680796b8c57869e3f0f1f9777f1f7b4f8c1175484f4e8643523b7

SHA512
ba5419f0090284075ebc36d72f8e06782294277a389ed62c6ad2da1bbf42276c73c0261e65ccac156919d22c0f993cf2154fcbf5f906a77dfb511824a2ff3f73

Download Submit
\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\PlayRIpl.dll

Filesize
26KB

MD5
af0e57d11bbf785061dedbff7fed542f

SHA1
1a42c58de59c241ad10e672842685474bb3432fe

SHA256
3ad1ccbf5b5b8929289ac3de3030a140558318e6fafdfd981d09ed46a8cee142

SHA512
bd5df27e549dbf7435d92dedefcbf36f8cbee5705ff60b509e9aff6ea7de9a836b391737ba45acf4eee21b0cea95389a6d9dd98351690c8bb881f34d6cfc6868

Download Submit
\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\PlayRIplPX.dll

Filesize
630KB

MD5
62a6eb1dc7eb3ba7d79ae21b83684c59

SHA1
734d1ecd22cc60708c5bb62ef3b89ee80b4540e1

SHA256
03e4119172350c5cb01772da26856b87c2a1635ce0fe9d21decc8d710f9d51ed

SHA512
e6924b5da581bdf14f9a91bf7eabb42386f039ce30b7a3108ad87228922bef7329fc25f7542b6e4f2c729bf866f1a38bb33e0672d6157259309d1622d3194b52

Download Submit
\Users\Admin\AppData\Local\Temp\mgxgi72wkz7\ijl20.dll

Filesize
2.3MB

MD5
30946bd927ea028b9e241d0075075420

SHA1
7d59bd881d669334dd3e210ed9609d14c0740d40

SHA256
2348bbdf3247e2c5227f58e57d790ceafdbe35625c6264f0912d249d5903c513

SHA512
8d2c34dbf0cb147c5b1933477e533d1d5753f9861d62afd371e37b516b3a5a1f013513e93072a7efc479273ef0a900fdb06de780966a05ca5bafde79bf70f2f9

Download Submit
memory/984-220-0x0000000002500000-0x000000000259C000-memory.dmp

Filesize
624KB

Download
memory/984-216-0x0000000000AD0000-0x0000000000CFA000-memory.dmp

Filesize
2.2MB

Download
memory/984-213-0x0000000000880000-0x0000000000AC6000-memory.dmp

Filesize
2.3MB

Download