e513658df9b96c8a30dfa822752035830d1e77fe643dc6ca41650b3120f440d3

Analysis

max time kernel
146s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11/06/2024, 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MAGIX.Vegas.20.0.411/MAGIX Vegas 20.0.411.exe
Size

290.4MB
MD5

8622ee90b19fdb3c04234d55e17844bd
SHA1

4fc63affa302cb432df0015f6286928cd08903cf
SHA256

c65c0d2f9ef496d1f551f9f36e2e3ff14af71cac6b0e46fcfacb9dcdecc453a2
SHA512

623efd9b55389d0ffc713b00c0ae8b0910e50fce8a72a444e2af75041376e0ac4358b35e76aaffd6dc6932bebb2d47373d42592adcddd9363b3dbac23814ec96
SSDEEP

6291456:UkWGE/bxgO+cvg/Dbn5wUIzVR/bednZIb3fx6xtrc2Ha/6MIZULCqFGUytE/8:Ukmicg7bnOVlqkb3fx6xtrd+UZWCqn5E

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3044	MAGIX Vegas 20.0.411.tmp
3052	vegas200.exe

Loads dropped DLL 64 IoCs

pid	Process
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
3492	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
2652	MsiExec.exe
3036	MsiExec.exe
3036	MsiExec.exe
3036	MsiExec.exe
4904	MsiExec.exe
4904	MsiExec.exe
4904	MsiExec.exe
992	MsiExec.exe
992	MsiExec.exe
992	MsiExec.exe
4364	MsiExec.exe
4364	MsiExec.exe
4364	MsiExec.exe
3956	MsiExec.exe
3956	MsiExec.exe
3956	MsiExec.exe
2884	MsiExec.exe
2884	MsiExec.exe
2884	MsiExec.exe
2480	MsiExec.exe
2480	MsiExec.exe
1656	MsiExec.exe
1656	MsiExec.exe
1656	MsiExec.exe
4984	MsiExec.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{413A0975-168F-46C8-AE58-88E8D4D36AFD}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F24-196D-11D1-B99B-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65A0ED34-90A1-46F6-99B7-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224541-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA1-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\xpvinyl_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA1-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1919819-AA5F-3A56-A45E-E96DD1AEC641}\LocalServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\DLLDEV32i.dll	msiexec.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3052	vegas200.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\ffmpeg.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\ProjectInterchange.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\RegModule_x64\mxmpeg2_x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\opencv_core460.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\sfldsim.ldd.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_cutout.ofx.bundle\Contents\Resources\spica_cutout.fr-FR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\System.Buffers.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Synth Bass Compression.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm6K_to_REC.709.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\contents2.gif	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\CredentialManagement.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_48_nits_Shaper.RRT.Rec.709.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.fr-FR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Resources\TitlesAndText.fr-FR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\VegasOfxRotation.pt-BR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\AjaVideoProperties.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\colorgradingwindow.dll	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm	msiexec.exe
File opened for modification	C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\eFX_TubeStage.htm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\2fca99749fdb49aeb121a5b63ef568f7\plugin.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\_msi_keyfile_ixgm1x634e7u2mw2nsqodvrcc	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\DeEsser\Default.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Phaser\Default.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_1000_nits_Shaper_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\sfsbdmux.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Tube Console Master Bus.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Presets\PresetPackage.de-DE.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\TransitionWPFLibrary.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\[Sys] Female Up-Front.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] SlapBack.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\flacplug\flacplug_fra.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixAiFx.ofx.bundle\Contents\Resources\MagixAiFx.es-ES.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcmp4xavcs\mc_cpu\mc_enc_avc.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.Web.WebView2.Wpf.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Presets\PresetPackage.pt-BR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxhevcplug\SonyRawDev.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3plug.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\Default.efx	msiexec.exe
File opened for modification	C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\_msi_keyfile_dw332cbm3b6ue5z2b4gwxp4ut	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\DetailedRenderLibrary.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces\luts\adx_adx10_to_cdd.spimtx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.Extensions.Logging.Abstractions.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Resources\Stabilize.es-ES.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Aggressive Bassdrum.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\44.css	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Snare Cleanup.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\fr.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_48_nits_Shaper.RRT.sRGB__D60_sim._.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.CognitiveServices.Speech.extension.kws.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\[Sys] Fast modulation.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixAiFx.ofx.bundle\Contents\Resources\MagixAiFx.de-DE.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.pl-PL.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\es\ScriptPortal.MediaSoftware.Archive.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\V-Log_to_REC.709.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\WebView2Loader.dll	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Compressor_Acoustic_Guitar.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Resources\Filters.ko-KR.xml	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx.chm	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1118-0\System.Security.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13c4-0\System.Numerics.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSI60F8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI61A5.tmp	msiexec.exe
File created	C:\Windows\Fonts\marguerite.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8898.tmp	msiexec.exe
File created	C:\Windows\Installer\e585fd2.msi	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\650-0\System.Data.SqlXml.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\950-0\System.Windows.Forms.dll	mscorsvw.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Fonts\Grand_Aventure_Shadow.otf	msiexec.exe
File created	C:\Windows\Fonts\hotel_de_paris_Xe.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\45c6202a7ea96c52643221352c836c4b\SMDiagnostics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\a0cdcec9e91c643473569865e49a8857\Microsoft.VisualC.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1094-0\Vegmuxfa.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSI61F5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI690D.tmp	msiexec.exe
File created	C:\Windows\Fonts\Gloss_And_Bloom.otf	msiexec.exe
File created	C:\Windows\Fonts\work_in_progress.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI93C7.tmp	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdh\e32d8fa2a75184a2d5ac3458fa2e1e89\Vegmuxdh.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ec0-0\Accessibility.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSI65DE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6E56.tmp	msiexec.exe
File created	C:\Windows\Fonts\LaGuapita.otf	msiexec.exe
File created	C:\Windows\Fonts\rose_of_baltimore.otf	msiexec.exe
File created	C:\Windows\Fonts\SilverCharmDuo.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI93FB.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC586C3A0CC4AB4CF.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6354.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6366.tmp	msiexec.exe
File created	C:\Windows\Fonts\Wasted.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9f0-0\System.Runtime.Serialization.Formatters.Soap.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\994-0\System.Configuration.Install.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\10ec-0\Vegmuxfc.dll	mscorsvw.exe
File created	C:\Windows\Installer\e585fce.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI64ED.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI650D.tmp	msiexec.exe
File created	C:\Windows\Fonts\MarkMyWordsClean.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\7c4-0\BdmuxServer.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\6c4-0\mux.net.dll	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\Fonts\beyond_the_mountains.otf	msiexec.exe
File created	C:\Windows\Fonts\mark_my_words.otf	msiexec.exe
File created	C:\Windows\Fonts\the_breakdown.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8887.tmp	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\c4b8b8fd8fb0bfdcc45bd23336395c65\System.Runtime.Remoting.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\6dbe1f10baaa1b605d747b4359036e1c\System.ServiceModel.Internals.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\Installer\{B7A01017-2E89-43C2-8B05-C03E0CD4C64D}\ProgramIcon.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI91E1.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI67C3.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6A87.tmp	msiexec.exe
File created	C:\Windows\Fonts\bakery.otf	msiexec.exe
File created	C:\Windows\Fonts\mocking_bird.otf	msiexec.exe
File created	C:\Windows\Fonts\Thinking_of_Betty_Light.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.82d5542b#\9576fa690680ac6742feeedf37f7019d\System.Web.RegularExpressions.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4ab6b86800d4391f78a1da9440138c33\System.Web.Services.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\Fonts\base05.otf	msiexec.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\3db036b964974b08b3fba860d798e263\System.DirectoryServices.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1190-0\System.ServiceProcess.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSIC55C.tmp	msiexec.exe

Modifies data under HKEY_USERS 13 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	vegas200.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\701 = "0"	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics	vegas200.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\700 = "0"	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	vegas200.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\Merit = "2097152"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}\Pins	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\FriendlyName = "VEGAS Track Compressor"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\ = "SfGeq Property Page3"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input\Direction = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{B97C0F22-196D-11D1-B99B-00A0C9053912}\ = "VEGAS Time Stretch"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Output	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\ = "Multi-Band Dynamics"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Output\IsRendered = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\Pins\Output	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\ = "SfFlange Property Page"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CBDF57B-9A33-4DD4-B33A-4BD31B5E1C13}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000004-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\Pins\Input\ConnectsToPin = "Output"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas200\shell\Open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\03F048F3672C0654F8D505532D221039\71010A7B98E22C34B8500CE3C04D6CD4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5FF5B4A1-858F-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\Pins\Output	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Input\Direction = "0"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000000-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Output	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\Merit = "2097152"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedMany = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Input	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_sfa\ = "SFA File"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedMany = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\Pins\Output\Direction = "1"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000001-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Input\ConnectsToPin = "Output"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Merit = "2097152"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Merit = "2097152"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\Pins\Input\Direction = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71010A7B98E22C34B8500CE3C04D6CD4\PackageCode = "2E406092BA5D40242925FA19B50D305D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedMany = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000001-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Delay"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Input\Types	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\Pins	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000000-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe

Runs .reg file with regedit 3 IoCs

pid	Process
1732	regedit.exe
248	regedit.exe
1080	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3496	msiexec.exe
3496	msiexec.exe
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4348	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4348	msiexec.exe
Token: SeSecurityPrivilege	3496	msiexec.exe
Token: SeCreateTokenPrivilege	4348	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4348	msiexec.exe
Token: SeLockMemoryPrivilege	4348	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4348	msiexec.exe
Token: SeMachineAccountPrivilege	4348	msiexec.exe
Token: SeTcbPrivilege	4348	msiexec.exe
Token: SeSecurityPrivilege	4348	msiexec.exe
Token: SeTakeOwnershipPrivilege	4348	msiexec.exe
Token: SeLoadDriverPrivilege	4348	msiexec.exe
Token: SeSystemProfilePrivilege	4348	msiexec.exe
Token: SeSystemtimePrivilege	4348	msiexec.exe
Token: SeProfSingleProcessPrivilege	4348	msiexec.exe
Token: SeIncBasePriorityPrivilege	4348	msiexec.exe
Token: SeCreatePagefilePrivilege	4348	msiexec.exe
Token: SeCreatePermanentPrivilege	4348	msiexec.exe
Token: SeBackupPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	4348	msiexec.exe
Token: SeShutdownPrivilege	4348	msiexec.exe
Token: SeDebugPrivilege	4348	msiexec.exe
Token: SeAuditPrivilege	4348	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4348	msiexec.exe
Token: SeChangeNotifyPrivilege	4348	msiexec.exe
Token: SeRemoteShutdownPrivilege	4348	msiexec.exe
Token: SeUndockPrivilege	4348	msiexec.exe
Token: SeSyncAgentPrivilege	4348	msiexec.exe
Token: SeEnableDelegationPrivilege	4348	msiexec.exe
Token: SeManageVolumePrivilege	4348	msiexec.exe
Token: SeImpersonatePrivilege	4348	msiexec.exe
Token: SeCreateGlobalPrivilege	4348	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe
Token: SeRestorePrivilege	3496	msiexec.exe
Token: SeTakeOwnershipPrivilege	3496	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3044	MAGIX Vegas 20.0.411.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
3044	MAGIX Vegas 20.0.411.tmp
2360	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 3044	3836	MAGIX Vegas 20.0.411.exe	77
PID 3836 wrote to memory of 3044	3836	MAGIX Vegas 20.0.411.exe	77
PID 3836 wrote to memory of 3044	3836	MAGIX Vegas 20.0.411.exe	77
PID 3044 wrote to memory of 1732	3044	MAGIX Vegas 20.0.411.tmp	78
PID 3044 wrote to memory of 1732	3044	MAGIX Vegas 20.0.411.tmp	78
PID 3044 wrote to memory of 4348	3044	MAGIX Vegas 20.0.411.tmp	79
PID 3044 wrote to memory of 4348	3044	MAGIX Vegas 20.0.411.tmp	79
PID 3496 wrote to memory of 3492	3496	msiexec.exe	82
PID 3496 wrote to memory of 3492	3496	msiexec.exe	82
PID 3496 wrote to memory of 3492	3496	msiexec.exe	82
PID 3496 wrote to memory of 2652	3496	msiexec.exe	84
PID 3496 wrote to memory of 2652	3496	msiexec.exe	84
PID 3496 wrote to memory of 2652	3496	msiexec.exe	84
PID 3496 wrote to memory of 3036	3496	msiexec.exe	85
PID 3496 wrote to memory of 3036	3496	msiexec.exe	85
PID 3496 wrote to memory of 4904	3496	msiexec.exe	86
PID 3496 wrote to memory of 4904	3496	msiexec.exe	86
PID 3496 wrote to memory of 992	3496	msiexec.exe	87
PID 3496 wrote to memory of 992	3496	msiexec.exe	87
PID 3496 wrote to memory of 4364	3496	msiexec.exe	88
PID 3496 wrote to memory of 4364	3496	msiexec.exe	88
PID 3496 wrote to memory of 3956	3496	msiexec.exe	89
PID 3496 wrote to memory of 3956	3496	msiexec.exe	89
PID 3496 wrote to memory of 2884	3496	msiexec.exe	90
PID 3496 wrote to memory of 2884	3496	msiexec.exe	90
PID 3496 wrote to memory of 2480	3496	msiexec.exe	91
PID 3496 wrote to memory of 2480	3496	msiexec.exe	91
PID 3496 wrote to memory of 1656	3496	msiexec.exe	92
PID 3496 wrote to memory of 1656	3496	msiexec.exe	92
PID 3496 wrote to memory of 4984	3496	msiexec.exe	93
PID 3496 wrote to memory of 4984	3496	msiexec.exe	93
PID 3496 wrote to memory of 2892	3496	msiexec.exe	94
PID 3496 wrote to memory of 2892	3496	msiexec.exe	94
PID 3496 wrote to memory of 2708	3496	msiexec.exe	95
PID 3496 wrote to memory of 2708	3496	msiexec.exe	95
PID 3496 wrote to memory of 3156	3496	msiexec.exe	96
PID 3496 wrote to memory of 3156	3496	msiexec.exe	96
PID 2652 wrote to memory of 3052	2652	MsiExec.exe	97
PID 2652 wrote to memory of 3052	2652	MsiExec.exe	97
PID 2652 wrote to memory of 2964	2652	MsiExec.exe	98
PID 2652 wrote to memory of 2964	2652	MsiExec.exe	98
PID 2652 wrote to memory of 2964	2652	MsiExec.exe	98
PID 2964 wrote to memory of 4980	2964	ngen.exe	100
PID 2964 wrote to memory of 4980	2964	ngen.exe	100
PID 2964 wrote to memory of 4980	2964	ngen.exe	100
PID 2964 wrote to memory of 1988	2964	ngen.exe	102
PID 2964 wrote to memory of 1988	2964	ngen.exe	102
PID 2964 wrote to memory of 1988	2964	ngen.exe	102
PID 2964 wrote to memory of 4612	2964	ngen.exe	103
PID 2964 wrote to memory of 4612	2964	ngen.exe	103
PID 2964 wrote to memory of 4612	2964	ngen.exe	103
PID 2964 wrote to memory of 1732	2964	ngen.exe	104
PID 2964 wrote to memory of 1732	2964	ngen.exe	104
PID 2964 wrote to memory of 1732	2964	ngen.exe	104
PID 2964 wrote to memory of 4876	2964	ngen.exe	105
PID 2964 wrote to memory of 4876	2964	ngen.exe	105
PID 2964 wrote to memory of 4876	2964	ngen.exe	105
PID 2964 wrote to memory of 2400	2964	ngen.exe	136
PID 2964 wrote to memory of 2400	2964	ngen.exe	136
PID 2964 wrote to memory of 2400	2964	ngen.exe	136
PID 2964 wrote to memory of 4116	2964	ngen.exe	138
PID 2964 wrote to memory of 4116	2964	ngen.exe	138
PID 2964 wrote to memory of 4116	2964	ngen.exe	138
PID 2964 wrote to memory of 4332	2964	ngen.exe	139

C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe
"C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp" /SL5="$80058,304104975,64512,C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Windows\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
    3⤵
    - Runs .reg file with regedit
    PID:1732
- - C:\Windows\system32\msiexec.exe
    "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi" /qn MX_DESKTOPSHORTCUT=0 TARGETDIR64="C:\Program Files\VEGAS\VEGAS Pro 20.0"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4348
- - C:\Windows\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\ru.reg"
    3⤵
    - Runs .reg file with regedit
    PID:248
- - C:\Windows\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
    3⤵
    - Runs .reg file with regedit
    PID:1080

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding FCD0142501B5309517ABF27882CDE757
  2⤵
  - Loads dropped DLL
  PID:3492
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 54EEFC12066D2D1A1DC8F426A44AC7A7 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
    "C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 1085
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Modifies data under HKEY_USERS
    PID:3052
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"
    3⤵
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:2964
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 204 -Pipe 210 -Comment "NGen Worker Process"
      4⤵
      PID:4980
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 22c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1988
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2ec -Comment "NGen Worker Process"
      4⤵
      PID:4612
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2c4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1732
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 314 -Pipe 2d4 -Comment "NGen Worker Process"
      4⤵
      PID:4876
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 338 -Pipe 334 -Comment "NGen Worker Process"
      4⤵
      PID:976
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 328 -Pipe 340 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1616
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 348 -Pipe 314 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4376
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 360 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:5060
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 34c -InterruptEvent 0 -NGENProcess 35c -Pipe 348 -Comment "NGen Worker Process"
      4⤵
      PID:1168
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 31c -Pipe 328 -Comment "NGen Worker Process"
      4⤵
      PID:4864
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 318 -Pipe 32c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:712
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 31c -Pipe 34c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4004
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 308 -Pipe 320 -Comment "NGen Worker Process"
      4⤵
      PID:2876
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 214 -Pipe 358 -Comment "NGen Worker Process"
      4⤵
      PID:5028
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 35c -Pipe 2e4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1960
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 338 -Comment "NGen Worker Process"
      4⤵
      PID:1668
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 30c -Pipe 308 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2384
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 344 -Pipe 31c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3776
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 354 -Pipe 310 -Comment "NGen Worker Process"
      4⤵
      PID:4084
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 214 -Pipe 2b0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2544
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 324 -Pipe 318 -Comment "NGen Worker Process"
      4⤵
      PID:3908
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 374 -Pipe 2f8 -Comment "NGen Worker Process"
      4⤵
      PID:3080
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
      4⤵
      PID:2480
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 380 -Pipe 3a8 -Comment "NGen Worker Process"
      4⤵
      PID:2040
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 390 -Pipe 388 -Comment "NGen Worker Process"
      4⤵
      PID:2832
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 368 -Pipe 350 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4496
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 324 -Pipe 364 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2452
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 384 -Pipe 38c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:244
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 30c -Pipe 3a4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3864
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 394 -Pipe 378 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1960
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 374 -Pipe 3c0 -Comment "NGen Worker Process"
      4⤵
      PID:1672
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 30c -Pipe 3b0 -Comment "NGen Worker Process"
      4⤵
      PID:3088
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 324 -Pipe 380 -Comment "NGen Worker Process"
      4⤵
      PID:2344
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 33c -Pipe 2e8 -Comment "NGen Worker Process"
      4⤵
      PID:3528
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 344 -Pipe 37c -Comment "NGen Worker Process"
      4⤵
      PID:2400
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 374 -Pipe 324 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2320
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 384 -Pipe 33c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4116
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 374 -Pipe 344 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4332
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 3ac -Pipe 2e0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4244
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 3b8 -Pipe 2f0 -Comment "NGen Worker Process"
      4⤵
      PID:2040
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 214 -Pipe 35c -Comment "NGen Worker Process"
      4⤵
      PID:4088
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 390 -Pipe 354 -Comment "NGen Worker Process"
      4⤵
      PID:3568
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 368 -Pipe 36c -Comment "NGen Worker Process"
      4⤵
      PID:2452
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
    3⤵
    - Drops file in Windows directory
    PID:244
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"
  2⤵
  - Loads dropped DLL
  PID:3036
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  PID:4904
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:992
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:4364
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:3956
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2884
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2480
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1656
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:4984
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:2892
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
  2⤵
  - Registers COM server for autorun
  PID:2708
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:3156

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e585fd1.rbs

Filesize
15.6MB

MD5
30cdee7e0d192b663ace1f16d878c8ba

SHA1
1fdc68cbdbd3fa6522adee7f03eb72c1b1e3ecf0

SHA256
e89a271e42ba5e74cc31ffa0f7e2a43925892c6e5e33ef9e4f21ce7446f1585e

SHA512
2d95d7c62d7d3a351c534bdead58fe8dd061f98e569597d09039ad1074eafec3a15e47ffcbfbfb2e8f5bdc5e4916204e877e310644fedd07b29e6251d57728b3

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg

Filesize
15KB

MD5
eef1e709e225fdfd1a4c247ef0e0a684

SHA1
955e1ed9b66eba8d30d327b0453636f431069e43

SHA256
90e01328f9525a72b7638e228873c437cd8cbb3bd8d1e237218db9c9e362a33d

SHA512
cd8ec0b57e61a746436ea9827d0fbc25b1a4048162f4aeeab103b4746a95e1dea843564bbe257eeac18273172a04b0bcbf0f973047cee320dfd4ae9599b07ca8

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_en_US.cfg

Filesize
5KB

MD5
e2a69354fff2be1810bf0d2c5da73c40

SHA1
6eb935713030ee9068b89157caebc2e21a6b73d2

SHA256
0d4718fccee44b16a4d8bf3d369e7d4d99844df5904191829d56a304d2996ce6

SHA512
0bee0bc5079f7486e0e1cd0dd963404621a01bcfeb26b4d4004e64c615519b3df8125807e90c0da75af12bfba401b25c1279381dc7466f50620931db4ce120bb

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_es_ES.cfg

Filesize
14KB

MD5
9760865cc60798a9bfc1e27b8782c45a

SHA1
24d10d70ac93e687cffd563a06f27f68c7caea55

SHA256
7b06ea074897081ff1a51a29448e8463ceb943270478a14405aa88f7479c8bef

SHA512
f858d683e89f43ea0bd2858fd0f2ba06f27e77266dd5ddac08250b9904b988cbb7ef40bd6aa52c528bfb510505fa4bedecc4ee01f8ad72c90b16ebb0d7986731

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg

Filesize
14KB

MD5
900e140eb7091c26d4b1b555c6e362b5

SHA1
5214bc2833bdf53fe2a103c49773cef292e5ae48

SHA256
bb1c2ff46403c7d4c82304fa827e5fc401a98fac0d33d865974b676876597c57

SHA512
8dc147f20c48dff28553bfed6e08fc0ed2ad10579239a6fb0639c61d4014b03e33c152a13b229dd9c53284a59bdb87403ab5ad32d4d151a71e80e186c9fe220b

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_pt_BR.cfg

Filesize
14KB

MD5
22a39896ae01ede8b6ab0e5d7190fd69

SHA1
d684a31d2d6f306bcc98c46c62771e0ea923322b

SHA256
1b0e7702d21614267fd3b754ff88ac9e28ab2f39c2a7a1acb8dcab8383b05f4d

SHA512
394d1d67faaa37b0d4c84fb405bb92d4ef483cc06e5cd40e41ff87cb917896f9b0397af2aa8ac89752c85d07761ba4f1f3f3848e898a621beeeab8555230d228

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\36.css

Filesize
55B

MD5
afa7ee18ebf29250e6c1d58d117b0a8f

SHA1
82848e876d0559e24d95cdc27f4d81a20f96acd1

SHA256
ba77806fa2c2ffe1f2c896b4340eb169fe0cd0f7ad0706e1b4d6cfe8dfbc03f6

SHA512
054d13d69d68f8c3af0b9eed577d325877bc987699b29f622534f216a07c66f081edf16e6aa2c01635a0b9236191033abc7a904633fa918eefde87cb6baa61af

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_rec2020.spi1d

Filesize
76KB

MD5
67f295e9f8be3d15aa161031f3761b7c

SHA1
89fc2e9845ed297e16c05823b655520755a234fc

SHA256
4aa8c8265b737c5dd8604408899ff7ee9f70780f8b0d49ead183b48699a19b5d

SHA512
2dd2f2da4559a9f3e4f6363f5b96d3d94655026985f051889bb05fd6628d0051dc06632fff322e9057db9e2c71281d29ba1ee5a2ccab46813db26c558a7db3c6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS Pro 20 -- ShuttlePRO.pref

Filesize
11KB

MD5
252498dbc17973a2bcfd3f79aaf58bf7

SHA1
8fb11e85d99e4e853beed0298ca5515ba4b14b60

SHA256
6f2c945852e035c98d2aa9c8fda43b7074a17f0de994dbcd99f3bea24aa86949

SHA512
4b0b50d9130895226a78d88efa04a47b06583976028c9ff71b0743fdb84ddb971f77fc0e0816fb485b240cabddbee3a0e83d44043040f12f6e3e7922b799de3f

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

Filesize
1KB

MD5
f4cc542f9b6ebaa24890661a9dc37c6a

SHA1
f21def37e5f7b4d117716c6c489874d4705d375c

SHA256
aae114be68cd90398ad3b45f328ef7ed8ad5a309c096ad70e9eda1c75ab28f31

SHA512
1ccff8ef3c23513556d36f25035b648e1bc700238e1687d7131b3374b4a8355bde0cf351131695c8bebd5387ea9eb5a9490ac4b8d7a890c70a8dbd9e3ae48a75

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

Filesize
1KB

MD5
faa1fd9d5a3c6342d723bb0484de65ed

SHA1
74ad3d54cfaf2fed73d801c0dda028305b553d63

SHA256
12bd0459ff92ba7c94fdc73c003e5eee5f87d55df4769ff2d94ba887a41690a9

SHA512
590d8932df2e7005855c560a53e2f481ff0ad446550f19a477792c2631a9e1b2c656147341ae56c36ef66f9bd4276e2089870e6ea6ba263d9bc6c732258c28ba

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\HTML_ASSETS\release-banner.jpg

Filesize
3KB

MD5
6d5dc46f9bb6ca3b4991954c6ef4117c

SHA1
20a06a4ac4b1732ec0e676c507fc4a2860bea698

SHA256
2519a81c7d217824efe2c734c940d6a29e752df20e134b64b777a1506f306d79

SHA512
2abfb6431f3d42a785baff5dcf60b9798f0d9627ae47788cc31970a5c6c046412e47bd332d7b42b6e6bc5074eb22e17938a68921c1beb48a10c0d1365e01368d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe

Filesize
41.7MB

MD5
3093432fefad3a1be4d0a0c48ef02ea0

SHA1
e36afc3c8482a79a4d42b7cb57e788e0887ced4f

SHA256
fadcb8266b1802690cd34126996fcd0afd8ed7748d7b45f01e12cfd0ca71e6b9

SHA512
5e83261a19ac1a9e84db4bf5de84e55c1c8d8a8ec6a05687e0797f36473359b9a919de3e2cfb6c68631f998fbcf2d2469097aecf01f8361c5d3579b81834189b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e449ec26b66a84509feaa31a51163e22

SHA1
bceed7fc36e9c3ac6d279deafb5b1a13e2b35ceb

SHA256
3415d8e367d784ca181abd89e32007db2f9957e9444f4e7f01b08dc78f6a0d05

SHA512
812919810c71299f9696eb7b555cc417db4988f89a6d083f878764e013585a9dd48deb22f02294d9f53d46748bea4e54296b9caaec2879ff8e3b7512a675098f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\!!msiTarget64\Protein\is-9SO2J.tmp

Filesize
400B

MD5
0c1e88ce1761b3b91a12325c4b5cd7e1

SHA1
c1cde89c8c8624e3ee80eda4bddf914ed23a71a7

SHA256
164b291826b0f96044546db925332c677245ec1035b9f53808c2d1af5f999f62

SHA512
c5aa87f78f5981002aa16a100e3a8ca37837610eb476ae5e30b87a80c722c48a4140e246375fc5c74176cb96ad634675b2c051f88e7738b7914586525bd3869c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3_10.udat

Filesize
604KB

MD5
e34227582523dd5d6450d2a48e742d79

SHA1
0e7ad3795405d5eb2122fde5f0fc66ce74e1c855

SHA256
883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932

SHA512
cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.chm

Filesize
47KB

MD5
2f72e2d18df0d6863de2b728aa943baa

SHA1
7fea25a58c85f4d67ba473eb0c565d532054d82b

SHA256
067c563c9557e097490bb3c5980a95115d9f6f6064086e2472fde89ad45f157a

SHA512
96cae7073c666beef8d03a920d2454e1925b655ed53e44939de4862fdce01c2f0ec935b2ed6c54dbb53029d836fa581e0fa100b4356dd233431b2a9b1b737751

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.dll

Filesize
5.8MB

MD5
36fc6c3385657831860504e811f71b53

SHA1
4022a504ff83a298c5ee8a3d18e56ebf992bd48a

SHA256
3fd04618f5ea9f59b6aaf1447602f0672b2ab76b10e2a9e613408b41931968a0

SHA512
673b228ceb40f311c7f0e63dae9c149a5c7434215ea5aa6ec0bf61304b2ca62f5d36422723b1ae5a3c8def0608db2b0edc9d233f47394863239d3f3c95b8d147

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plugrw.dll

Filesize
2.3MB

MD5
9a4bf31ef98aedbc301820fcb0f1a608

SHA1
8e3e4608f75be5f1cac1ffd0e3955e8f957b2533

SHA256
5053d52ea00511502ba832ba3b9b63f2b79dbc3fdbf0f9d0c2f7f741733992ec

SHA512
280504089de783df7d8661e55e043353d714af799afb1f750047e5fb85c4dbfb3c201f4eb18787ba38f404e4f623fba0cd9e7091800424ec8ce47b3d04cb9313

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\lrepacks.dll

Filesize
1KB

MD5
4f1a14e49b00be544481d943b0bcaa38

SHA1
a9649dc849df5b6713373606b3112ef729daad6c

SHA256
35ffd0cf34d46680fbe425df26df450f82cbf61784a05f4c3394981abd3cd6d0

SHA512
63ef42cf81060aadc6d04e3d4e6dbb810ab53780238f2592eb1b050acf81b0efe12dfe9cfdb46c747f6b3e20a751b0d6e1124e138396ce72a6a888e61610f885

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3studioplug\ac3studioencoder.dll

Filesize
86KB

MD5
839e72f3aee74b047362ec6ba5fe3567

SHA1
57781a9d357928ac0675fe628669f4deca6b6947

SHA256
3834071314deb9b95f13e6ad606c2606d6cd123cf7ccbc536a09e46652484c7a

SHA512
6de454e366e7b8861adaeb104281c44a62489d3032af9f1128fe40bc3ccf53cc1f42352e1d86de090e5ecd7da3b1866b0b1c456438caa56f7eb8065c6b5baeda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-4SE19.tmp

Filesize
16KB

MD5
24bacd15fc74bb26c48bc6d5b8ce4c98

SHA1
d1f1366025fd2bf0dd5d0a0b3508bc352e77a940

SHA256
c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f

SHA512
fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-ACFMK.tmp

Filesize
16KB

MD5
d403b68f94df24047f1f5c06ceb438ff

SHA1
fd41dd09cab1c9b522826715876fc050d3b444ae

SHA256
48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421

SHA512
45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-CNC9B.tmp

Filesize
16KB

MD5
b28fb870f7ac1fc58835cd538f0b3827

SHA1
6535d439db0938e9ca0779e07c6751a111c00183

SHA256
a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef

SHA512
88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-VFEC4.tmp

Filesize
43KB

MD5
0f1fb541827cc6bcc3dbb777c00ca3ed

SHA1
18e68b072c1f24eadb0fe10353ca2725eb1e6869

SHA256
7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a

SHA512
d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\Language\is-II5TT.tmp

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\is-P95PL.tmp

Filesize
123KB

MD5
d5c1877b824a8a99dd911891695e3352

SHA1
5942c1c6a6fec16014aa59c3620be1d344a2ea13

SHA256
0313f51c713f2fd18ff3c008e80cb36a55e30c9b8655c54b02c08be7da319c0c

SHA512
39c4d6ca223b39cc9a015005b2a042fa8dbcddf91ba31f435f597319640724754596c0eb0becb9ac51b2efbc0b7ff2be23e8b5ac123beeab77c6502d99175edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_deu.chm

Filesize
434KB

MD5
28189fe033f82b794cd4c787949b295b

SHA1
3bc70c77da4be191b1f9f29086d6bbeac93eaa27

SHA256
20700008e101f12f468052230f1cfc0f0312b61b81e9a2e309e8965f3b51117a

SHA512
4e0be27a4d152ada6a51521c975236f3108f23e5c2f5c40a248e71dab6cdd986fd4d6a354f07d721457634edc49427274b74141581cc72120244e201af96d77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_deu.chm

Filesize
42KB

MD5
9d0f926ca5d507617b2c9980940a4ec1

SHA1
19d57c14156482f0b9d4b9ac6e756dc3a2260821

SHA256
59be8d099b496c1f8784ef6fdb05bae981ea12d93c1e92f48cf96afbd55c73e0

SHA512
848e460ff2d573e92355e41f2630dd25f6c910bef2b850f49097e7bd156500a4196f004f3f9961d281fe295903c24b5e58f6ee85d354aa93548263d1dc6ade2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64_deu.chm

Filesize
183KB

MD5
7449d3c7a273366788882e044d736755

SHA1
46cd34f8abe3a12521b314fd8082bc01bff56bf6

SHA256
2c09932992c928c400ab8bbc96f9bc031558f4f8db0f01a69c6f0327a172cae7

SHA512
c3ce978606d6fe56b90767898b8a5af462ebd5cf1c63d73bbb5f4b0ade6f2e043c72a061eb4d16c722f5e2bb4688aa266e42c9b4b06b392fd3275edd40db99b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64_deu.chm

Filesize
238KB

MD5
e4306c3bad1148bd3917fcda912254e7

SHA1
09be8be0f26da548b8528c6fe50933d504e5bec4

SHA256
7c9c1e154e6eca6d90f5809440fcb64e3c845257db806954ddcbaf1f247ac99a

SHA512
6d8dfa3d1533bdc78743c7072c40d201d0a9b5c9dd75fcca6d86ec90a7a91dafa2d2018a11c32c8780579c4d18f2ae9e7956a42cc6ca912916dd3115b4eff4b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm

Filesize
240KB

MD5
d96c5c1d2791f5b740b5b742239cc14d

SHA1
f0cd9075d983fe059c39a46ec7c8255a34acf362

SHA256
203d202642e917d6175c28e684d0df0bb6b94fd5644af99571f2becb19d19096

SHA512
6d4f9d312ebab1c19bf35725d8775e4545a1de81f57c979e635617854eb63116565c96c7fc7c8da25f3e393ddbb8aa30e89d31466be9c1a170ca0d8ab7c0e71c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64_deu.chm

Filesize
254KB

MD5
05ec141b5d879f94a1fc4fb63dab7c90

SHA1
cd376464d523dbd969e1d459861de8b8b059d3ba

SHA256
686e522a6d0503cee89b31f28e6ce6d3b1af734b32f3be46d9b394535be1e9cc

SHA512
d3af9421171df4185ee5badc269d80943c1455b33d4223970128ae4841b51ce393084dadaede5f19b8aff89c91bd109e1e7a83b8dbed624970a1831b03b30355

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_deu.chm

Filesize
184KB

MD5
bdead6dd7d517b6551d6949273fafb38

SHA1
d388b3f6440454c7ab39c9f0aefc4420005b035f

SHA256
bdf4dc7b2d3416f157a0ff16161e4db34e37b9bf9f3936eb442ca4ae9536d782

SHA512
a01b9fd3099eeac05dc36e0768bb9439736076448621d1117d74090321f01a78ea50e25e442b59185872b1f1a4bd1e39036fc1d70b10cc1685ab690dddf5ae9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sftrkfx1_x64_deu.chm

Filesize
46KB

MD5
1f28955e3548fd0d125366ff897f4486

SHA1
2ce2e126216bab27a87f13ba0c3196dd3e69b40e

SHA256
2a2c5d5324f1838fd204206c513b72c36afaa3a7ac81bd1ef53cf6bde90227b7

SHA512
69129f9ae19b2a0c55aeb9871aea074f30dae0c1ac931484e7a9975345b1942720d30a33443ed82200a2e2721cd1da96a751d7f086e66b841be37741deb2153a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx1_x64_deu.chm

Filesize
221KB

MD5
ced225cf1ddc86d43d722fe3f43395cf

SHA1
af1c71b436d2f555092b8e95b48fe9d280f77b77

SHA256
7172285a843dfea02861a0ceb37df09420fe63c7cd57d7b4c78a510dc5e781e1

SHA512
0598400db2feb94fd4aa97d336eb7aeb1c2fd868c4a0b53d943ae84d122138a676da5a2bc9693c90ffdaa9dee5802a26474eedc18db3ffec1ccc5769bf6d0cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64_deu.chm

Filesize
191KB

MD5
b6c8248c7ead44d8f29f9e45654266c7

SHA1
0451c6a06b6fe85067775e1f17f8f1e03a2de79e

SHA256
7fca06a0d9f9b38e5dfc1536f7e9be5ab60573857d90d51cb817b0fd3bdfdb57

SHA512
ef19e040ec8b9ae3cc4944122492b75cdcff41a801fdb988cedda3ef8b20a57a3e99ef83c042dd51bea5b3249125978d549476493a0a6ddc613f66ff9f5c91da

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx3_x64_deu.chm

Filesize
195KB

MD5
38d74b2342a9750ddc419162a3b4bf8a

SHA1
b59125ad03290f87e8e1dc8fdbcd02ca3cc15a09

SHA256
55c48b9e003aa26c618db119af868bdfd958a5f55553d06d3f19ed5483622059

SHA512
9c98b02b2088a9ee15b891db56e2cf43ed6e12ac9464ae16528195e36c14b516c9c2ff8637f5e3f3feac400783625d2e88e8e0dcf41f49ff08514771efc10382

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm

Filesize
367KB

MD5
05fba5470961d350729077f24f2e226c

SHA1
8199bf209bf6923d4185fb960ef8624b3d8a22a6

SHA256
8706882eb4f2d42a63da17daddea5a5a7186ee4b4292f4489624ca30d61d8662

SHA512
d7b7dc117922df0447577cba07d762fdd88a1b6f6cdac93169304e7724399ef5afcb49d2e888bc0b073099fb672397ba4a28162871e501b8290aa11e57fa01bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vegas_deu.chm

Filesize
10.5MB

MD5
ad71246de2a860f980b7298519510c21

SHA1
420d54a1b88039d4f554f2e567b27c5377df53e6

SHA256
65cae474ca7fbd4cb3f49f6cc2a871fcd97be3f67c995af83be35ed5c60ef9ed

SHA512
1ec0e10c4113f859f628905838d6622cdd963973d208e85d5135dc35bb2b48274ad4129329fc4fdd56254f89ca4119e63c6be4c576838da12f3e8d0d479681b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx_deu.chm

Filesize
4.3MB

MD5
02a37529c636b810f022d92ea9280403

SHA1
02a1ce65fed7436bd7b28edb4ea55425107c5d12

SHA256
52846b9e45a1bf9b1d301ae04c6c9fcec31ca6f90c73af10138087efc49b387e

SHA512
2e0e46120b972aa1927ad58fa79e4f3c2cd170781c671fdd7e3e81020395359c1b1c78442dd0dce655fd0eba40b9cc394ae91338189d81effe9f7b9c3e2f22b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\xpvinyl_x64_deu.chm

Filesize
45KB

MD5
9ff814b3438a27e4b9922cd6a456c841

SHA1
9093622fa91ab1329a7e97485356e1462a7f1021

SHA256
d1c5d986e115c180373673668f2cf341070d0e7b9c02549c439370fd8436952c

SHA512
ca383b963455572ce920266591c71a6eb0baae3fd301a8b7877767baf890bad9c15b09e692cd0a06e9edb6ac62ea580d02549c38b09a8455ccc70d2cf6dac421

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_SetupInfo.ini

Filesize
2KB

MD5
d01419d02c71e590338368fdb1ded4b0

SHA1
533f5c9147b51a2a74342dfea2f952bde0c0559f

SHA256
fc12395775b26f77a44ecc5fac596eff8ff32a1fcbfe225fd2b1544ad8165347

SHA512
b6fd693805019553ac8c1a6d4537a5378a16814ff09ab3fff4d5a748bb9a8c022a7c001fec56b1ec37a2e6e9ee93b36c0cea348334b5af84cdea885b31440397

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_SetupRes.mxres

Filesize
2.3MB

MD5
35b41455060bf1766890ad4d31a49835

SHA1
813ed4d2949c616a0d649dc35295cfa0018caba5

SHA256
bf3377ed0f7eca679631cfc3abd9a8509a27be0e2f5d039cf484a13237e2070e

SHA512
4285f09fb7eec72efcbd290d18495b436b0435dc7a83f4dff90a09c7dcf964350a14b9d6ba77855be8eca1982dc78d7fa642fa65e6981e484903c05ced5f2f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup.exe

Filesize
4.6MB

MD5
04fb89ed372c0ae2c7fc694f8e78674d

SHA1
04eb033741e32ed3c73237fc4ebbe3fa40e8d1f8

SHA256
cfc902083b8d343a34d99059064dcf9e67add5295257662351adf8d4118ebe83

SHA512
569dbc07a6cc6ee398f2791ce8c739935e9e2b7ead5d1119c5b0ba052f9275c04fc68c07c610cf6fa817151a6a5a526227af142c8e65baaeb051e907734c75f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi

Filesize
2.8MB

MD5
3984e2c94a919c262e1b6809ce845138

SHA1
c6a38b5350db206a1da37ff194e5d103865d5b8a

SHA256
a3c36305c3af58816ace57688a84bc3ee8096e4e78ead8b428335023e0df3c3c

SHA512
47dfe2808fa1715d30c4444a40c2f4eb9cb37f97043238af92389aadcfeda44730785d0f88fd60acb836785542a12e29b7289ae986df08ea951457ffa46369bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\readme\is-9KCVF.tmp

Filesize
42KB

MD5
ebaeda4e1c37e4064c13690311301566

SHA1
c2d298a754e2199b1a4ff8310bd6192478764b83

SHA256
cc1bd4c738f3bbe40164cee012cb5498cb5e6ed1ab66d1a782d5101e608ea9bf

SHA512
ffdaa0cb0250066a2a9fc46e7b3c11c635c2a14ee36f43f001e5dfcdeae4e2641dcfc8c2810bafa64d01e601e9f923e68f5d2e610a8aee65222f14dd2cddc660

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp

Filesize
911KB

MD5
3cf000f76aebe1287fbce80803691eef

SHA1
1abfd84af565006ab0eb5048c62827db64ba6d20

SHA256
2ec46149ff09b8028c0892b98c25eeb839052fae520b8692e1edbe3e1e90e555

SHA512
0aa4a80a550e1319ac49298fc9fe792b078d37d0099e2a4033d4022da44e49c4b641d07eb3cd8bfbfd9badbcf1975c3c494f790dd7151125f79a76b1ae62c6ef

Download Submit
C:\Windows\Fonts\mark_my_words.otf

Filesize
104KB

MD5
7c63423376c2f45b7d76537c933a95cc

SHA1
58561511026f8761d1a90a6bee79d4a152b420f0

SHA256
57c478c62fb66a6dcc1281e1f92f741fedeb2e60ad42b4a06825336f1f3506eb

SHA512
e15d075df3574bd7fc9191506cb113ed17767d1a50cc918ea1d7c75b22c5165a7b5ad33ddb453c5c7d4efa6ad182f90f2a1a1857c614acbbada34202e6c79a81

Download Submit
C:\Windows\Installer\MSI607A.tmp

Filesize
1.7MB

MD5
cac46674c136dcfa1007c4474f74709c

SHA1
0e57991728954ece3258ac10c68722ab277291a8

SHA256
e6c3090f601c83088bc7c481e8384b487f2e0a9a5fa0ceadac890224401416f9

SHA512
ea54e2190e3c6019bf832aec09508520c54c3b5ca146dc7925c0a412cfcc291d328005e1922ac8f5f686a82061b48d81ab56174cc3fae3ef5813724a601068ed

Download Submit
C:\Windows\Installer\MSI61A5.tmp

Filesize
191KB

MD5
205796434c869552ef4dd52df0137a71

SHA1
3f38351609a85a4409be780b7186eb207082f703

SHA256
3853de73a45b0f653d93de3c9884bf244fba54fdb715d54db5fb04f9ffecbf0f

SHA512
5eb324d9996841476ea1826cb09fc232562056a7345bbcb8937a1674a549a64d0616dac19d5e2293f473a7d2dcf19ff96c80bd8628aecf6ec9a1d9a810927133

Download Submit
C:\Windows\Installer\MSI65DE.tmp

Filesize
119KB

MD5
33b1ab9ee145562cbb7ca93fc5f464c2

SHA1
1431d7c0dda4728211e74581952574ed3b30ef28

SHA256
919d4075d01032a88b5dbd46e0c1ed2c1c6fe695404668e72656fda1ad80b22e

SHA512
11662b918d88a77c1e7ed666ac4c161ae3f5c9cde9b378e3d29f66d95f34df92d3fc8e2f6f3e8774a98eabc612dc61188705f6c38e65beb015f40a958a4d832a

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

Filesize
146KB

MD5
d8c39457548529bfa9b8b7f232d6d267

SHA1
a60495b5dd8066216d7b7b462a92b9a375c889ac

SHA256
256a8424f028f7c86942eedade2c7f393f0b90ef2c5f871e6022a885f1450915

SHA512
237da79911e82eb8f207d8cd5a00d2fd8def367c34b19972827f00bf6f0b17045ea0babe50ea90b27f1d5856644676bf3080a5590d0045a8046a08623396ec36

Download Submit
memory/976-6406-0x00000000074A0000-0x00000000074EC000-memory.dmp

Filesize
304KB

Download
memory/976-6404-0x0000000005EA0000-0x00000000061F7000-memory.dmp

Filesize
3.3MB

Download
memory/1168-6452-0x00000000063C0000-0x00000000063E1000-memory.dmp

Filesize
132KB

Download
memory/1668-6560-0x0000000007E10000-0x0000000007E8D000-memory.dmp

Filesize
500KB

Download
memory/2876-6561-0x0000000008440000-0x0000000008461000-memory.dmp

Filesize
132KB

Download
memory/3044-69-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-78-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-30-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-29-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-28-0x00000000070D0000-0x00000000070D1000-memory.dmp

Filesize
4KB

Download
memory/3044-27-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-25-0x00000000070C0000-0x00000000070C1000-memory.dmp

Filesize
4KB

Download
memory/3044-87-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-88-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-89-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-96-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-101-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-102-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-103-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-352-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-32-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-35-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-38-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-39-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-44-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-45-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-46-0x0000000007130000-0x0000000007131000-memory.dmp

Filesize
4KB

Download
memory/3044-2627-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-61-0x0000000007180000-0x0000000007181000-memory.dmp

Filesize
4KB

Download
memory/3044-62-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-65-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-66-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-67-0x00000000071A0000-0x00000000071A1000-memory.dmp

Filesize
4KB

Download
memory/3044-33-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-34-0x00000000070F0000-0x00000000070F1000-memory.dmp

Filesize
4KB

Download
memory/3044-68-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-70-0x00000000071B0000-0x00000000071B1000-memory.dmp

Filesize
4KB

Download
memory/3044-7050-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-74-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-37-0x0000000007100000-0x0000000007101000-memory.dmp

Filesize
4KB

Download
memory/3044-40-0x0000000007110000-0x0000000007111000-memory.dmp

Filesize
4KB

Download
memory/3044-41-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-42-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-43-0x0000000007120000-0x0000000007121000-memory.dmp

Filesize
4KB

Download
memory/3044-47-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-48-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-49-0x0000000007140000-0x0000000007141000-memory.dmp

Filesize
4KB

Download
memory/3044-50-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-51-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-52-0x0000000007150000-0x0000000007151000-memory.dmp

Filesize
4KB

Download
memory/3044-53-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-54-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-55-0x0000000007160000-0x0000000007161000-memory.dmp

Filesize
4KB

Download
memory/3044-56-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-57-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-58-0x0000000007170000-0x0000000007171000-memory.dmp

Filesize
4KB

Download
memory/3044-59-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-63-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-64-0x0000000007190000-0x0000000007191000-memory.dmp

Filesize
4KB

Download
memory/3044-71-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-72-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-73-0x00000000071C0000-0x00000000071C1000-memory.dmp

Filesize
4KB

Download
memory/3044-76-0x00000000071D0000-0x00000000071D1000-memory.dmp

Filesize
4KB

Download
memory/3044-77-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-31-0x00000000070E0000-0x00000000070E1000-memory.dmp

Filesize
4KB

Download
memory/3044-79-0x00000000071E0000-0x00000000071E1000-memory.dmp

Filesize
4KB

Download
memory/3044-80-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-81-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-84-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-60-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-75-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-11-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/3044-17-0x0000000006A20000-0x0000000006A36000-memory.dmp

Filesize
88KB

Download
memory/3044-23-0x0000000006C50000-0x0000000006F6A000-memory.dmp

Filesize
3.1MB

Download
memory/3044-26-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-36-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-83-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/3044-82-0x00000000071F0000-0x00000000071F1000-memory.dmp

Filesize
4KB

Download
memory/3836-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/3836-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3908-6640-0x0000000005C70000-0x0000000005CED000-memory.dmp

Filesize
500KB

Download
memory/4876-6374-0x0000000006E10000-0x0000000007167000-memory.dmp

Filesize
3.3MB

Download
memory/4980-6331-0x0000000006CE0000-0x0000000006D02000-memory.dmp

Filesize
136KB

Download
memory/4980-6334-0x0000000006BE0000-0x0000000006BFA000-memory.dmp

Filesize
104KB

Download
memory/4980-6310-0x0000000005B50000-0x0000000005BBC000-memory.dmp

Filesize
432KB

Download
memory/4980-6313-0x0000000006470000-0x00000000067C7000-memory.dmp

Filesize
3.3MB

Download
memory/4980-6315-0x0000000005B30000-0x0000000005B38000-memory.dmp

Filesize
32KB

Download
memory/4980-6316-0x00000000067D0000-0x000000000681C000-memory.dmp

Filesize
304KB

Download
memory/4980-6319-0x0000000006890000-0x00000000068CC000-memory.dmp

Filesize
240KB

Download
memory/4980-6318-0x0000000005EA0000-0x0000000005EBE000-memory.dmp

Filesize
120KB

Download
memory/4980-6321-0x0000000006A30000-0x0000000006AE2000-memory.dmp

Filesize
712KB

Download
memory/4980-6320-0x0000000006920000-0x0000000006970000-memory.dmp

Filesize
320KB

Download
memory/4980-6317-0x0000000006820000-0x0000000006842000-memory.dmp

Filesize
136KB

Download
memory/4980-6322-0x0000000006AF0000-0x0000000006B56000-memory.dmp

Filesize
408KB

Download
memory/4980-6324-0x00000000069A0000-0x00000000069C2000-memory.dmp

Filesize
136KB

Download
memory/4980-6326-0x00000000069D0000-0x00000000069EC000-memory.dmp

Filesize
112KB

Download
memory/4980-6325-0x0000000006C00000-0x0000000006C92000-memory.dmp

Filesize
584KB

Download
memory/4980-6323-0x0000000007090000-0x00000000075BC000-memory.dmp

Filesize
5.2MB

Download
memory/4980-6328-0x0000000006B80000-0x0000000006B92000-memory.dmp

Filesize
72KB

Download
memory/4980-6332-0x0000000006DE0000-0x0000000006EAE000-memory.dmp

Filesize
824KB

Download
memory/4980-6309-0x0000000005A90000-0x0000000005ADF000-memory.dmp

Filesize
316KB

Download
memory/4980-6330-0x0000000006CA0000-0x0000000006CD2000-memory.dmp

Filesize
200KB

Download
memory/4980-6311-0x0000000005C40000-0x0000000005CBA000-memory.dmp

Filesize
488KB

Download
memory/4980-6329-0x0000000006BA0000-0x0000000006BC0000-memory.dmp

Filesize
128KB

Download
memory/4980-6327-0x0000000007A90000-0x0000000007F5C000-memory.dmp

Filesize
4.8MB

Download
memory/4980-6335-0x00000000075C0000-0x00000000076E2000-memory.dmp

Filesize
1.1MB

Download
memory/4980-6333-0x0000000006D60000-0x0000000006DA4000-memory.dmp

Filesize
272KB

Download
memory/4980-6336-0x0000000006FB0000-0x000000000702D000-memory.dmp

Filesize
500KB

Download
memory/4980-6337-0x0000000006D50000-0x0000000006D5A000-memory.dmp

Filesize
40KB

Download
memory/4980-6338-0x0000000007030000-0x0000000007050000-memory.dmp

Filesize
128KB

Download
memory/4980-6339-0x0000000007880000-0x0000000007A08000-memory.dmp

Filesize
1.5MB

Download
memory/4980-6340-0x00000000077F0000-0x000000000780A000-memory.dmp

Filesize
104KB

Download
memory/4980-6342-0x0000000007810000-0x0000000007822000-memory.dmp

Filesize
72KB

Download
memory/4980-6341-0x0000000007A10000-0x0000000007A4C000-memory.dmp

Filesize
240KB

Download
memory/4980-6305-0x0000000005970000-0x00000000059B8000-memory.dmp

Filesize
288KB

Download
memory/4980-6312-0x0000000005AE0000-0x0000000005AEA000-memory.dmp

Filesize
40KB

Download
memory/4980-6304-0x0000000005EC0000-0x0000000006466000-memory.dmp

Filesize
5.6MB

Download
memory/4980-6303-0x0000000003830000-0x0000000003840000-memory.dmp

Filesize
64KB

Download
memory/4980-6302-0x00000000058B0000-0x0000000005906000-memory.dmp

Filesize
344KB

Download
memory/4980-6301-0x00000000037F0000-0x0000000003815000-memory.dmp

Filesize
148KB

Download
memory/4980-6300-0x00000000037E0000-0x00000000037E8000-memory.dmp

Filesize
32KB

Download
memory/4980-6306-0x00000000059D0000-0x00000000059D8000-memory.dmp

Filesize
32KB

Download
memory/4980-6299-0x00000000037D0000-0x00000000037D8000-memory.dmp

Filesize
32KB

Download
memory/4980-6307-0x0000000005A00000-0x0000000005A12000-memory.dmp

Filesize
72KB

Download
memory/4980-6308-0x0000000005A20000-0x0000000005A3C000-memory.dmp

Filesize
112KB

Download