76a56aa46b0102a96a4af355f5e03aff2b6ae6076f040ff4ff4e0d943a75d411

Analysis

max time kernel
97s
max time network
61s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MegaDownloader_v1.8.exe
Size

3.1MB
MD5

e88a876515ddca653c424791d614e58e
SHA1

4dd7b4bddac0aac4439e0e1582a943628b670e63
SHA256

76a56aa46b0102a96a4af355f5e03aff2b6ae6076f040ff4ff4e0d943a75d411
SHA512

3d7bc4c0da0216b632551b4520d1b3ab4442175e03db5f4705cbf69ee41d1cf4bdf8ccd275ee40634346f549f16d93d7a98ed929069032fc87a91b8b1c489db8
SSDEEP

49152:2qeNVTiHG5hswaJJoUxpyfKV5SiheRiiZQCu9f0BTHgXhfSUQP:nE5iHUPajqCVlwfgJ0ZgXxxQP

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
3056	MegaDownloader_v1.8.tmp
2380	MegaDownloader.exe
1996	MegaDownloader.exe

Loads dropped DLL 3 IoCs

pid	Process
2972	MegaDownloader_v1.8.exe
3056	MegaDownloader_v1.8.tmp
3056	MegaDownloader_v1.8.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\MegaDownloader\MegaDownloader.exe	MegaDownloader_v1.8.tmp
File created	C:\Program Files\MegaDownloader\unins000.dat	MegaDownloader_v1.8.tmp
File created	C:\Program Files\MegaDownloader\is-4P51U.tmp	MegaDownloader_v1.8.tmp
File created	C:\Program Files\MegaDownloader\is-4QCRE.tmp	MegaDownloader_v1.8.tmp
File opened for modification	C:\Program Files\MegaDownloader\unins000.dat	MegaDownloader_v1.8.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open	MegaDownloader_v1.8.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open\command\ = "\"C:\\Program Files\\MegaDownloader\\MegaDownloader.exe\" %1"	MegaDownloader_v1.8.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mega	MegaDownloader_v1.8.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mega\ = "URL: mega Protocol"	MegaDownloader_v1.8.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mega\URL protocol	MegaDownloader_v1.8.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell\open\command	MegaDownloader_v1.8.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mega\shell	MegaDownloader_v1.8.tmp

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	MegaDownloader.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	MegaDownloader.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2380	MegaDownloader.exe
1996	MegaDownloader.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3056	MegaDownloader_v1.8.tmp
3056	MegaDownloader_v1.8.tmp
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
2380	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1996	MegaDownloader.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2380	MegaDownloader.exe
Token: 33	2380	MegaDownloader.exe
Token: SeIncBasePriorityPrivilege	2380	MegaDownloader.exe
Token: SeDebugPrivilege	1996	MegaDownloader.exe
Token: 33	1996	MegaDownloader.exe
Token: SeIncBasePriorityPrivilege	1996	MegaDownloader.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3056	MegaDownloader_v1.8.tmp
2380	MegaDownloader.exe
2380	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2380	MegaDownloader.exe
2380	MegaDownloader.exe
1996	MegaDownloader.exe
1996	MegaDownloader.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 3056	2972	MegaDownloader_v1.8.exe	28
PID 2972 wrote to memory of 3056	2972	MegaDownloader_v1.8.exe	28
PID 2972 wrote to memory of 3056	2972	MegaDownloader_v1.8.exe	28
PID 2972 wrote to memory of 3056	2972	MegaDownloader_v1.8.exe	28
PID 2972 wrote to memory of 3056	2972	MegaDownloader_v1.8.exe	28
PID 2972 wrote to memory of 3056	2972	MegaDownloader_v1.8.exe	28
PID 2972 wrote to memory of 3056	2972	MegaDownloader_v1.8.exe	28
PID 3056 wrote to memory of 2380	3056	MegaDownloader_v1.8.tmp	30
PID 3056 wrote to memory of 2380	3056	MegaDownloader_v1.8.tmp	30
PID 3056 wrote to memory of 2380	3056	MegaDownloader_v1.8.tmp	30
PID 3056 wrote to memory of 2380	3056	MegaDownloader_v1.8.tmp	30
PID 2380 wrote to memory of 3060	2380	MegaDownloader.exe	34
PID 2380 wrote to memory of 3060	2380	MegaDownloader.exe	34
PID 2380 wrote to memory of 3060	2380	MegaDownloader.exe	34

C:\Users\Admin\AppData\Local\Temp\MegaDownloader_v1.8.exe
"C:\Users\Admin\AppData\Local\Temp\MegaDownloader_v1.8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\is-40LQR.tmp\MegaDownloader_v1.8.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-40LQR.tmp\MegaDownloader_v1.8.tmp" /SL5="$40108,2536378,780288,C:\Users\Admin\AppData\Local\Temp\MegaDownloader_v1.8.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Program Files\MegaDownloader\MegaDownloader.exe
    "C:\Program Files\MegaDownloader\MegaDownloader.exe"
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2380 -s 2836
      4⤵
      PID:3060

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2364

C:\Program Files\MegaDownloader\MegaDownloader.exe
"C:\Program Files\MegaDownloader\MegaDownloader.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1996

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\MegaDownloader\MegaDownloader.exe

Filesize
2.0MB

MD5
f3b0a05d8683d57861e9a42f451f7349

SHA1
1eec6fb2649038ae4ec2daa1d7464fa7e7c5ed3a

SHA256
388af83e7ab90e23beb0f662c3e08211f63230a7f985e92d4b4d559d8d62b556

SHA512
c8385282e269772902db470d12784046a6dd62c067ff6d00874159116d20942bb5d02997874377cb6a1ad24fbd60eb954cb713c30de3efe45ee6db066e57b214

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Config\Configuration.xml

Filesize
2KB

MD5
c8c0fe4ced882b685e9671b5e644f03c

SHA1
c14aadff205b8fd132ec117f1b57ced24a4b1373

SHA256
ce67149cbd6ed2dc918015b73ce2101a7d56604ed1dc00f3d65334525736a15a

SHA512
f618d11abf5e0263a61103b1717e90dca4ee4ba6cecedb9f24e70340d93c84c242826255d97a35049551450fec7e54143e7cdf1a86199a6e370b114d0ee132f8

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Config\Configuration.xml.bak

Filesize
2KB

MD5
d5950a8834667583315949fc6b56ee37

SHA1
0f2f71ee5a0a592f0bd3b0d0a361a00a5ace3e4b

SHA256
eebb43abb4a7d162fb28f605375548048a048475163685d0446b9eaed565fc81

SHA512
8ddd26cca91647dacabbc91cce633bced4d5bc43a0a4e609fdcfcffe239919fa46beae1b660ebb6e42fd93e8363992fb350a88c79c8d8cd0992d5c7af8d910e5

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Config\DownloadList.xml

Filesize
17B

MD5
1a5f39d6e4af9f4825929fbc8d3a51c9

SHA1
5c534f154fdf879d1e7d14e215e872dc083e9e2c

SHA256
87e06ad305554830307c972ce7e94ff01ab4272a56db56d8db76474e2292fed0

SHA512
de3f1bf484dc1207173619f3378e4aec7764291ce2dd426d576cdfde548030c9f9f9bce67004b5c15d0114d3786d007fd9ab6063e2a3a799b8aed0d6b60e2992

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\de-DE.xml

Filesize
25KB

MD5
a4f67753bcb5c5dbfa768e6e144fb159

SHA1
0967bc5a43dd72b244ebfd7a2729f0ff79254318

SHA256
2cec94cffa0c61ca0e18c6674761e00724af589b9afb9fcb5d8b103fb8a4b484

SHA512
f26a7dc162dcdce85e9b73b00fbc06980f817e963e20dc76336eebc2d0be72ed59da997084847dd4bacd5617ebb45d59eedd56e0bef1f8bbe9ae3c48d87b8976

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\en-US.xml

Filesize
32KB

MD5
bf2e92ae7c472b30934b61f25e4f4f26

SHA1
eaac2628eb79e0c4d790b38e5b7afb6dd699b6e4

SHA256
0327deb81a52bae540fc30873765d7c636f296de64e093f1e3d34235ab68240c

SHA512
9c4e57ca77506a7650a470dae1e3da8427b23b1d54bb160db725bf10fbaea1282542aa8586d7b78c409af372b49509b777339ee83f3170397326c0caaf3582fe

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\es-ES.xml

Filesize
34KB

MD5
5b112fe88e97a5abea97d130e034fce5

SHA1
46facadeb850b2f8069eba1fb6278cee2c116df9

SHA256
37c3090d3e0e96b5798352180529301fc4140a2dce6cf164ab7bee8830d286f5

SHA512
8c94446268349df731c4dc5a7b8f56e596fc9bf104520d190fe594e54dc3abd914b1f5567789235c8493783eca77a2b988108ee231044469f9111955aa2d5b37

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\fr-FR.xml

Filesize
29KB

MD5
f6a68c9f9aa1138ef0e3e2dbb7ea3eb6

SHA1
3da6acf646be00c0f452352d1debb9b7f2131935

SHA256
81d8348d26a2a7e68797757c48632a0633b979cd473fc6349bf789cd7c9fe350

SHA512
e53d5db3fb13984b5feb3be5d51bd0e35f2da1aa6d82e92a15eaf36aa506ed5af550646679c90e1172c2dcb4f3d640862f9cd799a74170b3384b4f846e2ceb5c

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\hu-HU.xml

Filesize
28KB

MD5
574d1f82212e2080316a0afbeb603d4a

SHA1
e7095dee85e3f99668c7cb9b21915557b13c109b

SHA256
f0abad92b8238b09f3fc7eff97b114237937728c31955a7dea2a943060e83520

SHA512
1a3ee6d8a96ce8556bda5627724d5e0749755b44792042c92ad964ecc3b223edd412d35c18b888ffb0e682a4be27bcf114282246b9ca11c6db8a54fa0c204043

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\it-IT.xml

Filesize
25KB

MD5
4e316056ab88b3efb2bd84828149ab47

SHA1
4ac65cf517f1a3a7a47cf750f6eb6ef3544ac192

SHA256
ea802b85670d0d68af19acabbade695b17eeeeb8d70170936068948b4af54f1b

SHA512
af495f4cd9b6633eda6767ea47879f3ca981ad752cb26f1e4e4c3c52c6303c547895e39f570695f085c0d7f019822ee455bc912c8dbbb1717feb7f4a78699dd1

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\pt-BR.xml

Filesize
28KB

MD5
5e78b8a413b2ad84eed89a1e00267a03

SHA1
affc1eccd87c72a8c8be9e8a91d257f640fea7ec

SHA256
eeca391428992fc504eee0448285750d2ace048409730b28f658e18be2916acf

SHA512
9018f7d7d3da3ff88efbfc80fac1ad10ff328cf6aea893b8d1ea5f613c2498104c0f4f0c584e6f2f5b12c0a7137f4ccc717aac023e355a55b97bebf0e6e3542b

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\ro-RO.xml

Filesize
28KB

MD5
54867276edbc9aa48628494ae3d565cf

SHA1
3a14abfb965d56cdf0f6366d734c55a8c4d54bc2

SHA256
bfdd3dcbe42e7e9b8ec25d710f0418189870abc99786e96799211939b83eb2c9

SHA512
147a705f287072f85a905e710616ff3fc740afc9f9178a342172774fd9ca6c88ee4a54daafdde2ee7e9173dde8eebedfe763cd6e363a2940b16ded12ed11d032

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\zh-CN.xml

Filesize
27KB

MD5
2dfc67147f55e300945dd15cf77876d6

SHA1
ce944badf7899cfc9a304055696fec5838133f2b

SHA256
4d0299381994b9d1a8d7a67738a480acdb19d5554463515d131c077442391ec1

SHA512
f9a142236774538c039f4f6b8579f5adbb27a9a0d856293507d37cf697ab43e7df0141bb047ce047b7d36b992eade1aa615f70dc2c1966713938d4db9185e54f

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Language\zh-TW.xml

Filesize
27KB

MD5
8a63bb49245795fb7001cc3cdd6ca856

SHA1
32965879bfb0d8cae0d9cd25450b48b5636c1a7e

SHA256
73fc69edebd1b1bbfcb6ed84f9ef59793f0bbc7a164adf98751fb44af4ee907b

SHA512
585d47166bbf08c540d3e8cb45b6e97f67c81b91f89ee1eb530b9de04bcfe43bb9861ba09bb636e9606750dd1d0d047d80a15bbd1340d72e42291318f2b1644f

Download Submit
C:\Users\Admin\AppData\Local\MegaDownloader\Log\Log_20240319.txt

Filesize
1KB

MD5
3ec9d7f622fcab7b3fdcdb94f4c2bf27

SHA1
f0db8b836350000acf8fcf841fd17204db63f3ad

SHA256
fb52e1d3738c62b584b188d8aa5bea27a1a7062ea9871a8d1322a07df5038114

SHA512
e9aa158e8df4a432022a33721e8921bd02733cc7f8c810e789c1c43c311d86b1d12fec4e58738d2a87840e14bd0bdff7cfc48d544f170965219ed60d8858585c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5ED4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
\Program Files\MegaDownloader\unins000.exe

Filesize
2.5MB

MD5
86d9f15fb28060c7c52735ceab6f3b02

SHA1
f9f7e4e51e046ad82d01e0bf1a91da70a2186dca

SHA256
4c57d90eeaba9e1281f8d70d3fddd8d994019fc372c96a83102b81adffc500a9

SHA512
506a381cd2fdf52419358dde957b7fea097f01218c5850437fa855bb21fdafc3119faed1f8297be2ae747dcae009af40bbe47d9c145d29313fcf93cb24731c95

Download Submit
\Users\Admin\AppData\Local\Temp\is-40LQR.tmp\MegaDownloader_v1.8.tmp

Filesize
2.5MB

MD5
96eb39b5d1650daab0a9fde463532dba

SHA1
4fb2fb85a00120526bac8439209241b00bacb987

SHA256
cee4083982feb0e7b78423295621a98ec63df522cf4475e3cc103ab3a95c0896

SHA512
780c558be33290fabae820f02c62d0e3a61792a56a06d80a248e9cf12b345f6d1bb45421970305ddb3dd17866b62d600d999c465803f68d0e103182715313fd9

Download Submit
\Users\Admin\AppData\Local\Temp\is-PIDQT.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
memory/1996-91-0x000000001B670000-0x000000001B6F0000-memory.dmp

Filesize
512KB

Download
memory/1996-104-0x000000001B670000-0x000000001B6F0000-memory.dmp

Filesize
512KB

Download
memory/1996-90-0x000007FEF51E0000-0x000007FEF5BCC000-memory.dmp

Filesize
9.9MB

Download
memory/1996-89-0x00000000011B0000-0x0000000001212000-memory.dmp

Filesize
392KB

Download
memory/1996-113-0x000000001B670000-0x000000001B6F0000-memory.dmp

Filesize
512KB

Download
memory/1996-112-0x000000001B670000-0x000000001B6F0000-memory.dmp

Filesize
512KB

Download
memory/1996-111-0x000007FEF51E0000-0x000007FEF5BCC000-memory.dmp

Filesize
9.9MB

Download
memory/1996-105-0x000000001C3A0000-0x000000001C3C6000-memory.dmp

Filesize
152KB

Download
memory/2380-35-0x000000001B600000-0x000000001B680000-memory.dmp

Filesize
512KB

Download
memory/2380-37-0x00000000010C0000-0x000000000113C000-memory.dmp

Filesize
496KB

Download
memory/2380-36-0x0000000000D70000-0x0000000000DDE000-memory.dmp

Filesize
440KB

Download
memory/2380-34-0x000000001ADE0000-0x000000001B266000-memory.dmp

Filesize
4.5MB

Download
memory/2380-33-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

Filesize
9.9MB

Download
memory/2380-32-0x0000000001140000-0x00000000011A2000-memory.dmp

Filesize
392KB

Download
memory/2380-53-0x000000001B600000-0x000000001B680000-memory.dmp

Filesize
512KB

Download
memory/2380-56-0x000000001B600000-0x000000001B680000-memory.dmp

Filesize
512KB

Download
memory/2380-87-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

Filesize
9.9MB

Download
memory/2972-1-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/2972-52-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3056-51-0x0000000000400000-0x0000000000682000-memory.dmp

Filesize
2.5MB

Download
memory/3056-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download