13f8483299b6f76051b1473d259c296e4faf10ac45f8a4f2de22151e6e7dcc2c

Resubmissions

25/06/2024, 18:35

240625-w8nq8awckd 4

25/06/2024, 18:30

240625-w5s7jaybnq 6

Analysis

max time kernel
149s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 18:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe
Size

6.2MB
MD5

32459112486a29ed786cf720a9355581
SHA1

32284beb42b108608c192a663f639c270628a486
SHA256

13f8483299b6f76051b1473d259c296e4faf10ac45f8a4f2de22151e6e7dcc2c
SHA512

20fd4cecee1eedf2c026a347d591b7d5e6fe8080e6e05493e8368e089bff1884628841e138bba8bec5b3349ad2587a818e39baa3a96e7cf4af8c1f6c26c40c4a
SSDEEP

98304:E/lBI0kkvsx20xjdy+2yMpgtsVxlGpWU9fGZV8qRWMnLa:E/7vsx20xhn2yMjLw9esqRWYa

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	MxDownloadManager.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe

Executes dropped EXE 3 IoCs

pid	Process
868	MxDownloadManager.exe
1084	VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe
3264	VEGAS_Pro_21_setup.exe

Loads dropped DLL 9 IoCs

pid	Process
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{B88D31BC-9019-446C-9DD7-02CF59B157FD}	VEGAS_Pro_21_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B88D31BC-9019-446C-9DD7-02CF59B157FD}\ID = "5A3FE5FD4E8D45109BC74B9C76639808"	VEGAS_Pro_21_setup.exe

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	MxDownloadManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	MxDownloadManager.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	MxDownloadManager.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
4840	msedge.exe
4840	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
868	MxDownloadManager.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
1084	VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
868	MxDownloadManager.exe
868	MxDownloadManager.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
628	trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe
628	trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe
628	trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe
628	trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
868	MxDownloadManager.exe
1084	VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe
1084	VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe
1084	VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe
1084	VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe
3264	VEGAS_Pro_21_setup.exe
3264	VEGAS_Pro_21_setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 868	628	trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe	87
PID 628 wrote to memory of 868	628	trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe	87
PID 628 wrote to memory of 868	628	trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe	87
PID 868 wrote to memory of 4840	868	MxDownloadManager.exe	95
PID 868 wrote to memory of 4840	868	MxDownloadManager.exe	95
PID 4840 wrote to memory of 4392	4840	msedge.exe	96
PID 4840 wrote to memory of 4392	4840	msedge.exe	96
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3224	4840	msedge.exe	97
PID 4840 wrote to memory of 3168	4840	msedge.exe	98
PID 4840 wrote to memory of 3168	4840	msedge.exe	98
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99
PID 4840 wrote to memory of 5024	4840	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe
"C:\Users\Admin\AppData\Local\Temp\trial_vegasprosuite21_dlm_47zge9--phW7duk4NmcmQ2R57f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:628
- C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\MxDownloadManager.exe
  "C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\MxDownloadManager.exe" -m C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\SetupValues.dat -s VEGAS_Pro_21_trial -r -tc
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rdir.magix.net/?page=57Q4CTJIFYRZ
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee48346f8,0x7ffee4834708,0x7ffee4834718
      4⤵
      PID:4392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
      4⤵
      PID:3224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
      4⤵
      PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
      4⤵
      PID:4744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
      4⤵
      PID:3428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17578109267258826563,672705487571392261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4060
- - C:\Users\Admin\Documents\MAGIX Downloads\Installationsmanager\VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe
    "C:\Users\Admin\Documents\MAGIX Downloads\Installationsmanager\VEGAS_Pro_21.0.0.315_DLV_DE-EN-FR-ES-BR_240516_19-39_8DB35545_21_0_0_315.exe" /M="C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\SetupValues.dat" /dlm LW0gQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXG1neHN3b2V2 ZWRqXFNldHVwVmFsdWVzLmRhdCAtcyBWRUdBU19Qcm9fMjFfdHJpYWwgLXIg IC10Yw==
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\VEGAS_Pro_21_setup.exe
      "C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\VEGAS_Pro_21_setup.exe" /M=C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\SetupValues.dat /dlm "LW0gQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXG1neHN3b2V2 ZWRqXFNldHVwVmFsdWVzLmRhdCAtcyBWRUdBU19Qcm9fMjFfdHJpYWwgLXIg IC10Yw=="
      4⤵
      Executes dropped EXE
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
1024KB

MD5
15455831befc610f9dc68b5c87b2622d

SHA1
8e8f2da1b7af48388cb6550121212774187b646f

SHA256
c695206a44bbe81afe409aa466289c287336b2f87e5b777a0a07756364763920

SHA512
a470d4e17e91575cdb774568e905fd4a9f4162ddeb69b9f8d62e487d4e8f78224f4fca3dcb5416e4518dda2e7486f1e2064857fac967f83d364477efbd2c8666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4a47ab2a03f60ccc01658a96d90870f8

SHA1
0cddd633da64d7ff59e152d88efd62116a98afbf

SHA256
a7ab066d7040c2a07fa999755a119f8e905dc3d4137a761f2cd27e576af88175

SHA512
b089d63ab78af407e90abc7a806b5b93de1c6c009d83e5dd8d0b00e98d9febeb57f83e7fd81d91c22479bf321ca8aa2487af2581535628cee7cd7ed6e880c46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
869B

MD5
1004a19d012403df452f0cf49917f3e4

SHA1
d646752d36c8ee996a846a54dbc45190694ba696

SHA256
07733c59b4658c8496285a40f447e885d1c4012704ed0ae4ebf9e7c932c296ae

SHA512
802b04fd06abe3e8b75fc126de040ed6a6d54396558d8df434a787a70fd163a50cfdf5365135681a7e043857af1097c9559803b390658e9954400c75ca031a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d161fb75351bad67b4384a393b2c3004

SHA1
79a8d5f78187a2f7d521a2be270a9680765101cd

SHA256
d37bdc073052da4493d54d73bb297caf320b4e2b9fae50739529a649b4a195ef

SHA512
27babc68b32010a662abf19e0834c38dd4a24a3f8bed8aedfb98dcde0c04fec023d03c1cff9bbbd711aa3cf494543ea1c87e14df396e56ef3e5693d1a1d1e497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38e85e36c517222023c76aa22a98a0db

SHA1
4ff161dd9ecc0446d552321c9cc1c7dd0d8722ec

SHA256
5a13e38a933b415a39ab80e80113b053946c5ab1b8ae3e5f6a53954465971150

SHA512
936de0f3d95458dd6bcaabc5eaf39aad19d4cb9c5d8a1f9a382291b20b6a174fa822667b4757b0fff698892274844ab518c0062717cdec7d57efdd425ca5c07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d65997f3d24a1db135957d7224ea0a0c

SHA1
514c1b747a9d7ae1164377c270ecc7380b578a2b

SHA256
a3f8dcfd54e6d57197cdb3a399f962148fc5751a59d6ae327ff9dc487a5a7190

SHA512
caa64ad50ddac5ea98abf337401cd6f4c584c2e8f7419f18d73ebf26cf53ff5cf09b26fdad0b84a8234cdcfda077d65f342bca72cc59a5627c705ebf2b42a820

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\VEGAS_Pro_21_SetupInfo.ini

Filesize
2KB

MD5
709bdab1e775577b76e3927c1e79332c

SHA1
6b0e754f1607bbcdca260e307301eb1eaa861418

SHA256
50ae4f50426e86af79d6ce5eb77fbeacfff833268eabfb2dc638cb7a547fdd9d

SHA512
f871d72e40dcbb03e1474af955f8097be97ed5a648ac8139591a0b5113b5961556c923f1d665b46f323607b08bdd48ecc3f46a40a2d5948d7552548219d63f91

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\VEGAS_Pro_21_SetupRes.mxres

Filesize
3.6MB

MD5
7b759f8f577abce828992682ccb26d9d

SHA1
c17dd8d43298e454abf278bf4cdb00dd30b9cdae

SHA256
e1715f5cffbee884e720493cbe181663f8ecfa5109f9e4e552843a7cd9aa3ae0

SHA512
4f612c1f16c68cfb94237d9a857c18a3273887c83bfe4087003db4797804e081a8b75b5f89b4304e34b9d313464a4d5f395b3f12cc77515523c162648e9c5db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\VEGAS_Pro_21_es-ES.mst

Filesize
56KB

MD5
a3c70851266443f303e17ea35b5f4c17

SHA1
bb8f2da653aedcdf1a7dc795a888ed9e72eea977

SHA256
3ca9732c87cbca98dc503b3c78937e040ad0e499092d759bc6fff2cf908c2f53

SHA512
26ddf0c18e5d86ed2222b472c0024009d6b8c0f7f09cba26076542e78167daca2d2399772808faf143920eb7ffd2f054f3bb975113f6d51e893035128801892f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\VEGAS_Pro_21_fr-FR.mst

Filesize
60KB

MD5
952e3adf1011c5edab243aae0aea10b3

SHA1
d4188aa266bdbaf1a05caab3fc0488c4f4a17edb

SHA256
2eb607b5e246496c0a41aece7c9745df1a132db724f7d1dc40bd6eaa6fe753f5

SHA512
7dfb51588c6a6ce6f735c86660373f3532146253d77ddc305f0e9f6f8d408fdd643e64643e9ed7b72fd5c69bee91fff608a4113cf1968cba08d51af56a2173f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\VEGAS_Pro_21_setup.exe

Filesize
4.6MB

MD5
9ed33728b3569729fd0a2ced35bd3833

SHA1
a3820df233f361e775d08dd259ad48787b2ba7dd

SHA256
58aacfb91f2d3c1b281e84c7cfb5979256e056e637071dcb715e2b904e91cb11

SHA512
37dc97d53d47037b4b57b755a8c6a3e989219f9df69d188895d6fac69282dc1f07724cf8f3a9e716ba496152df8591a73a867e4a0cafd37ae4b4bcb8be7bca37

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxb15ek9i0\product\_8mir9uw.cab

Filesize
36B

MD5
8708699d2c73bed30a0a08d80f96d6d7

SHA1
684cb9d317146553e8c5269c8afb1539565f4f78

SHA256
a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f

SHA512
38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\Bitmaps\mxgui.4.0\CPleaseWait.ini

Filesize
2KB

MD5
2a3825bed1711c17a63b94591de18f60

SHA1
90af15a3a46d084af3a7cc7debca24b053d5c85d

SHA256
4e23afcb82536d015aee2d822412e630a9db9fd52ecaea61b7d92d7adc2afac2

SHA512
9c354a4b8c0c9d3277074f5cac878a1cff4ee35f8609aaa17b38c076ed336ccf5a5e03c44cab2fbaaa2cffe6f5344fd64a9b87eb73749507a9f3e092e4b27ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\Bitmaps\mxgui.4.0\ProgressDialogTemplates.ini

Filesize
2KB

MD5
a8ab1555dc45a8ab1ffa4ce0f75a9fb0

SHA1
4cbd26a560a433dfc1d165fa4bb1e1b3b3a4dc24

SHA256
3cd528388545c659dbce6317ef29b9833a9163e1c07fd44c11a87f942efebc90

SHA512
ebf0b975af50329b4b8059dff39af61e2555198fe6aa9ce54f79359b55772272daae55a867171013f21d9d84ffd84fd8aa5ad410c2e695be4e5dd06944c7bc18

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\Bitmaps\mxgui.4.0\ProgressDialogTemplates.png

Filesize
38KB

MD5
cbe0a7c1ee665c7272873c031a0c5d52

SHA1
318173f246374dc2486aecbcf52c32d66ef12888

SHA256
9cf7ce3d45c97311e6a400413c61befccf9bf6e9820d5886414829d1d2f2ca86

SHA512
ed98e44a663f650e07231cd54f5d7b989ec4e5d5c11a1b4709a585a5f1cb4bcab9df5f78344754fb3d844cab0b72d6479e97b1568a5db8b2bb42ede038ba571e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\Install.cfg

Filesize
175B

MD5
fbd5f855ca3f3093b4264909e8e303d9

SHA1
bb1f3e07166ace8df277e2af5c0675b3c2fe6fd8

SHA256
783aba4fc1ac59d9421a4060fab520f2d431d35e5287969177486dedba33a94e

SHA512
748451d7ea1178c0259a2df401ec6b7ea3768d6acdcbd3d31fd473ab54f89e921cf45045568a2e52f5f046deedffdfd2b0500cc96caa05afdf74b077238a28d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\MFL_rel_u_vc12.dll

Filesize
2.1MB

MD5
b88fd8372de2875ee11836dad935e27c

SHA1
c680045eb198127ac0da412d1ea13670851d2b6f

SHA256
96489b71ae034959eab304956112d89a54a56f37661a63e7950edac9ac1891ee

SHA512
34cdef026356bf61b5a676e4b7f072653d5315ea6bba0528d1e0c310817d9bdb1d43fec6dc9e239bc489a6c0e906115aa20645034aa510c803ddb87d98352d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\MxDownloadManager-en_us.dll

Filesize
150KB

MD5
d8aaa2f36b997156812b985239019186

SHA1
09b855172fecf0daf3767e3fc32b0c1979e8c953

SHA256
f663e71fd3d133f47e81e3ed3ef0bca3278f3cdd8b5adff9c8a22766c114bc33

SHA512
eab47c1f6191598bfb8e698da2f4383e05801d090fced4b60cb5c4a4c96298ba0c2d18424ad385802353c2e40dace53a591f37ec1b2e1e3a2b998f8459e31f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\MxDownloadManager.exe

Filesize
4.5MB

MD5
830d61e91d851bd03aa3e6ba082db25b

SHA1
3bd4567f869f7e82636fdcabfbca134d9dc093cf

SHA256
0ed8d5ab398ad9d3eff5a0e782cfc3aec764f3d66bd27d664877f768a256bec8

SHA512
d37eeaa5e8abd1f3781c1eecd962d145c4983bceb4ad5b7d93e9efb6efba4125f85c402a84ef67faa9f535fe89ff99a7f1bd49cd9fd468e1e0d2ded34d0888cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\PlayRIpl.dll

Filesize
30KB

MD5
e654458d548ac52b4cfa4f33d64cc942

SHA1
c0bcac19220988d6dc695eb495801c0316cf94a0

SHA256
9369a487343aaa55dbaddd61fa5b4f6429fa3d57488001c7ee52ebcbe4099f14

SHA512
1fd263fb29a346468461fa351c55045a4061e9da10c2f99f23f74bee6d24712608f3a001205d1efe27f2650df22cd1b0a4e2a72d45147a54ec4a4b8f802288b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\PlayRIplPX.DLL

Filesize
634KB

MD5
bb97115847874bab8a84a610a442a9ba

SHA1
20073b74cfad9bdfd0c196bb375268a772b77371

SHA256
a442df596144bc29a71f83cc474312d6090e88fe9499e12392699506878dc9c2

SHA512
f7929c1f9709fbb9f914bf77f4ab124379115c0ea2e0ce21104c78e75cdf3bd016276455bbee721abb82a03e2dc1586bb0f5ba46569950954eaa713e9cf823a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\SetupInfo.ini

Filesize
3KB

MD5
d223b552f119664e5245b8d6d963a6b2

SHA1
8e4ad99d670d5ac62132c542b5c9b0bd9f9e1680

SHA256
d8426d2f3ef2e487e8f2b363172a38df3ad109799a3944b7f949cce189cdae89

SHA512
7edbaea223af35137f1be64b84ced8eb9611f580b702abbafa2591c629de20f261fc8fd1e8335936c4c93964796a53b096341a7f7cb1cb1dd7c42c628105b149

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\SetupValues.dat

Filesize
25B

MD5
615b8076d323ee006c54dbd84ddf1ebb

SHA1
b51dc670d962c7e6136b091bd8d27bfd7e797df9

SHA256
01f662bcfcac047feca68b2840655ffc828c43bf09fa1aa62af23756f1c6b063

SHA512
3b71c077d56583d46a2c9998f789030b0e728eb4e93b5fcc38d41a6daac53ef712794f0e4a3c3008ee6dedc246d9cad19826a31bfc23e86e8bb5b95c0131c2dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\bitmaps\mxgui.4.0\CMxDownloadManagerDlg.ini

Filesize
8KB

MD5
f5763a04b92889a6f8c08172451cfdc3

SHA1
83504aad8cdb73ccf9c1f4ec8afe0cd0f6c4b470

SHA256
f733d9056c7c9e47e8e835518a677a1d75e2654f05698ea684790f3af7d9117a

SHA512
c0935fd4d8ee3a7591137efe1ba47bfff7fb85de4b1dc9067fe112e6a02558ed39797a2b0e51a17f19f0fa3d0788122a12b744b537268fa64738f0ff5568abc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\bitmaps\mxgui.4.0\CMxDownloadManagerDlg_1.ini

Filesize
7KB

MD5
cb3982f5daf177bea4bfb4a9e72a18f5

SHA1
81dae2d3ccfd76fcc7b67e5a968ba5c8a3256262

SHA256
bf9aec3600822017b2580f1f3cef4725e2580184e9b2a3f476b304f3192b4a18

SHA512
3966758cd23c2e03f1e56f2ad8f57ea1aa728f28a16329d13ca8e197c533258af52f2cd7362e9d3782a4b7bc7f1807983cb31f845ba9a9978f239999f5cfe933

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\bitmaps\mxgui.4.0\Logo.png

Filesize
4KB

MD5
0e4712a4e4eba8b6b6829ca21fd6def8

SHA1
9ea22307eae3e98c4164aab685e5f651700f3f4f

SHA256
63a0002efbbb5698778ca16e61cd47654450614423bbd75d20f3f6e2bc3ac8ad

SHA512
79fba4b40495ba9fe59a577cb447f10be97d51c482a937471d10e3042a50f60428a8ef464064ee518f9f23aaed29d3e1bc6dc6a0ee744f441817d09b62fa4ccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\bitmaps\mxgui.4.0\Promo.png

Filesize
168KB

MD5
6e896a75a50b4f55bbeadb656f715aca

SHA1
1be79cf29c6474b53309e31adfa7a70f8b4f63ce

SHA256
fd6206e25b91b69d62143f0de7c850be8aaf645d31274b0604193f08b2fe9158

SHA512
abea130b78f621526fb4192212ee0224709e0c35365513ebefb80f89569796829ea04ccf9607cf49320bac800c19da4c3361db39bbaa4977c63934a3d84fbe74

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\bitmaps\mxgui.4.0\controlTemplates.ini

Filesize
3KB

MD5
1c52b45ab82dec4d07801e6868a4c5da

SHA1
9d70baa7c74e97f1f32715d597f63fdb1c7998d7

SHA256
59ed53aab5990137b4c459dcbebe39fba5d6e2345628c0942dd3ac64d984b5fc

SHA512
62e9416df26baa25ea782e22426c4623b94afda7d934619843c3917a5ceb66d45da11838dd834b1a2788d89e04cdf29722f9bbe06475509729893e676abb6533

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\bitmaps\mxgui.4.0\generalTemplates.ini

Filesize
329B

MD5
d8acccb39fa2bcbc59ae3b7d26b1bc6f

SHA1
4b0d023e773cfc2db337e470b85fa8c4ed7fced4

SHA256
c1de2a676bf7c42f2626a7f9dd63b79774e8d8d39d3716d4e14372172b816608

SHA512
671aa9dba205da3de9f1aabd923f1f5c54e857de30758b63e765016de42b66af6dcd7a58666c3d9afc7eb666a5a760a63d59dcb51fc54465d8895beedc92a795

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\dm.xml

Filesize
1KB

MD5
2e95fc5a7cf2cb844f65aedc6bfce073

SHA1
19afaae86bc728933d54b77719a6c22d92766ce2

SHA256
b9211d7e370e247a50495fa376cb3b9ad9d9bfd12f7722f105bdf221d66df880

SHA512
14d82c3f2a0d417919dd4197ed112f714fc24d4e71d4d6b24e3af40c359723e8cc898f091fdd6f37f827e11af1f74d9cb34db06a436a8947d7c64fd6e3012aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\ijl20.dll

Filesize
2.3MB

MD5
28459aadd02b47cc6d12f567e2e04742

SHA1
0fd18549e8e466a892b89e9106e9b0575d1c9ca8

SHA256
ac0e986e81d7c8e7b217fd62106fba30f5e8507a55786082fcb0b10ebfdf3c26

SHA512
86df6f3b20669bb86ca146a5bffe53919a4625b69133365b7cfd323e8fb5527b0464b7c6db1b8834020e0c63238cb4f1bd5cc8ff7dc715de335b206d021dfdbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\mgxswoevedj\installed.xml

Filesize
35B

MD5
aea624768256ae1708e75309bf8299ee

SHA1
c746983d25965ebfd98c6541731669f0d562c6b2

SHA256
8f49354f824579622074cc96a4e85f0e0e003f17367b6426cf3c0226a7c46fd6

SHA512
6d863b9f30e231b0c535b74ea4a4627b94f8ec20065bc1ab3e852f5c3dc72ab86ca20c83981e2c6f4f303a387d34b511453527f6817b2b48d1c8382cfdfbaea2

Download Submit
memory/868-161-0x0000000000DA0000-0x0000000000FE6000-memory.dmp

Filesize
2.3MB

Download
memory/868-168-0x00000000029C0000-0x0000000002A5C000-memory.dmp

Filesize
624KB

Download
memory/868-163-0x0000000000FF0000-0x000000000121A000-memory.dmp

Filesize
2.2MB

Download