e513658df9b96c8a30dfa822752035830d1e77fe643dc6ca41650b3120f440d3

Analysis

max time kernel
78s
max time network
92s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11/06/2024, 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MAGIX.Vegas.20.0.411/_Silent Install.cmd
Size

1KB
MD5

6e86df7036b91793912f8b47d5895e72
SHA1

77810cd5d504f24e039fcf9bba4d90d18a663e1a
SHA256

0480acbf7c5c93d251ac407ced3a453a6e58e0491a5da67077bc3c3787e5d2c6
SHA512

4d6661373b3d9d699cbba7337c3d9ba03b8759af1ceac85de01085c4e2e58eb8f1ec897125630a93c2c21532834f3b62b23a015b04ca83d2ceacc9cec9708ce1

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4624	MAGIX Vegas 20.0.411.tmp
3564	vegas200.exe

Loads dropped DLL 64 IoCs

pid	Process
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
1496	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
2824	MsiExec.exe
3680	MsiExec.exe
3680	MsiExec.exe
3680	MsiExec.exe
2572	MsiExec.exe
2572	MsiExec.exe
2572	MsiExec.exe
2076	MsiExec.exe
2076	MsiExec.exe
2076	MsiExec.exe
3368	MsiExec.exe
3368	MsiExec.exe
3368	MsiExec.exe
712	MsiExec.exe
712	MsiExec.exe
712	MsiExec.exe
1460	MsiExec.exe
1460	MsiExec.exe
1460	MsiExec.exe
1988	MsiExec.exe
1988	MsiExec.exe
1576	MsiExec.exe
1576	MsiExec.exe
1576	MsiExec.exe
3104	MsiExec.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E1-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E1-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1010333D-5114-41CE-807B-4483785EEF84}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA2-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6DF8F41-BAF4-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6DF8F41-BAF4-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0B-10E8-11D2-9B89-00104B8D13C2}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CBDF57B-9A33-4DD4-B33A-4BD31B5E1C13}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1919819-AA5F-3A56-A45E-E96DD1AEC641}\LocalServer32\ = "C:\\Program Files\\VEGAS\\VEGAS Pro 20.0\\vegas200.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{824AFE10-2098-4254-B2C3-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfresfilter_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E1-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\DLLDEV32i.dll	msiexec.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3564	vegas200.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\atracplug\atracplug_fra.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug3\mc_demux_mp4.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.EntityFrameworkCore.Design.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfhdcamsrplug\mp4encoder_dll.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\ffplugsk32.dll	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Compressor_Vocals.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Limiter\[Sys] Pop Maximizer +6dB (Transparent).efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfxavc\mc_bc_dec_avc.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Icons\_msi_keyfile_6cnk8veuvssmc4evm16ss316t	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\dbghelp.dll	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\toc.json	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Acoustic Guitar.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\de\AjaVideoProperties.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\fargo.pdd.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug\mc_enc_mp2v.002	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\so4compoundplug\SonyRawDev.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\tab_toc.htm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\System.Diagnostics.DiagnosticSource.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\[Sys] Male Rap vocal.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\19.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\he.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\hr.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug\mc_mux_mxf.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.pl-PL.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Release-x64.fio2007-config	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\[Sys] Fast modulation.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\41.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_V-Log.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\compoundplug\mc_mfimport.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\minus.gif	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mp3plug2\mp3plug2_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfxavc\SMDK-VC140-x64-4_21_0.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxhevcplug\SMDK-VC140-x64-4_21_0.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\_msi_keyfile_dw332cbm3b6ue5z2b4gwxp4ut	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Subtle movement for pad.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfp2\mxfp2.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\ScriptPortal.MediaSoftware.Archive.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\wavplug\wavplug_deu.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\wavplug\wavplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\_msi_keyfile_kcygdzpate9gwv8xkex9z9ciq	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Joystick Profiles\Eliminator Precision Pro Joystick.ini	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Interop.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfhdcamsrplug\mp4decoder_dll.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\ScriptPortal.MediaSoftware.TextGen.CoreGraphics.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\pt-BR\ScriptPortal.Vegas.Slideshow.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Megaphone.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm6K_to_REC.709.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_cutout.ofx.bundle\Contents\Resources\spica_cutout.pl-PL.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\2.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\36.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcaacplug\mcaacplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Win64\ofx360Stabilizer.ofx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.pl-PL.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\pt-BR\ScriptPortal.MediaSoftware.Archive.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\External Control Drivers\spconsoleopt.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Rough Vocals.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\30454.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\30465.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_D-Log.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Resources\MagixCVFx.es-ES.xml	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\8bda73cef6393916778c1ceb3ceb61ac\System.Data.OracleClient.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSI13EF.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5057.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1250-0\BdmuxServer.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\a74b72d41141812b82335be6b43653e0\Accessibility.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\be4-0\System.Web.ApplicationServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e4e3f4853c40b985b57dc12443d1058\System.Windows.Forms.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\894-0\Vegmuxrt.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSI1275.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI18FF.tmp	msiexec.exe
File created	C:\Windows\Fonts\magnolia_sky.otf	msiexec.exe
File created	C:\Windows\Fonts\mocking_bird.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#\da3b784b4517859cfc67b775643ac0a6\System.Web.ApplicationServices.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a08-0\System.Web.RegularExpressions.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d80-0\System.ServiceProcess.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e70-0\System.ServiceModel.Internals.dll	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxmc\68e3e508050426b6843248656521e64a\Vegmuxmc.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\574-0\System.Numerics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxtw\e0a8a727d4cb162c7516b3b323f9f0e2\Vegmuxtw.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSI1223.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF74768958281D9C74.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC23C6FA2974C3597.TMP	msiexec.exe
File created	C:\Windows\Fonts\Mustardo.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5098.tmp	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\0a857079b30735fa8e347e188eafb7d3\System.Deployment.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdh\e32d8fa2a75184a2d5ac3458fa2e1e89\Vegmuxdh.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\38c-0\Vegmuxfb.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfb\c8bc806c54b029fbeab9ad3d18fbc4d4\Vegmuxfb.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\Fonts\marguerite.otf	msiexec.exe
File created	C:\Windows\Fonts\work_in_progress.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12b0-0\System.Drawing.Design.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4ab6b86800d4391f78a1da9440138c33\System.Web.Services.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1208-0\Vegmuxdw.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdw\5d0f327942b48780d08fa802195f654f\Vegmuxdw.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSI1780.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1B04.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1172.tmp	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1040-0\BdmuxInterface.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ae0-0\System.EnterpriseServices.Wrapper.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\57c-0\System.Deployment.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfo\54d70009d8c550f62f9d6164c828d310\Vegmuxfo.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1068-0\System.Design.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\af3094d576bc64823a6bae121b92764a\System.Design.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\700-0\System.Runtime.Serialization.Formatters.Soap.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#\b6cc22a0294ba9df6eb9c94e885840f1\System.Drawing.Design.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\SystemTemp\~DF806E72AB9E501D2E.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1B25.tmp	msiexec.exe
File created	C:\Windows\Fonts\MarkMyWordsClean.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\77c-0\System.Transactions.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfa\e712e336b04c0a17d34e36a960d7c64d\Vegmuxfa.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\BdmuxInterface\f18602598146c7777ffb9be1fcf3af5a\BdmuxInterface.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ae0-0\System.EnterpriseServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\530-0\System.Windows.Forms.dll	mscorsvw.exe
File created	C:\Windows\SystemTemp\~DFBADB45BC3D4C9C85.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI141F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI14EC.tmp	msiexec.exe
File created	C:\Windows\Fonts\Julietta.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI465F.tmp	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cf1bb15a8adda62c0600239e31e87de1\System.Drawing.ni.dll.aux.tmp	mscorsvw.exe

Modifies data under HKEY_USERS 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application	vegas200.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro	vegas200.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\700 = "0"	vegas200.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software	vegas200.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\701 = "0"	vegas200.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_sfa\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\ = "Pitch Shift"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins\Output\AllowedMany = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\FriendlyName = "VEGAS Track Noise Gate"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sfa\ = "vegas200_sfa"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Output\ConnectsToPin = "Input"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\Pins\Input\IsRendered = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\ = "XpGeq Property Page"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{EE38CA88-D78E-4BFB-B05E-577892730C83}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Merit = "2097152"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedMany = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pca	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000006-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Reverb"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}\Pins\Input	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71010A7B98E22C34B8500CE3C04D6CD4\PackageCode = "2E406092BA5D40242925FA19B50D305D"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\Pins\Input\Direction = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2E-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedMany = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Output\IsRendered = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_vf\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\ = "MCHammer Property Page"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\ = "ExpressFX Equalization"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\ = "VEGAS Track EQ"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Output	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\ = "SfGdyn Property Page"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\ = "SfSmooth Property Page"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas200\shell\Open\command\ = "\"C:\\Program Files\\VEGAS\\VEGAS Pro 20.0\\vegas200.exe\" \"%1\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\CLSID = "{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B97C0F22-196D-11D1-B99B-00A0C9053912}\FriendlyName = "VEGAS Time Stretch"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Vibrato"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Output\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000008-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Dynamics"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Input	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\ = "Smooth/Enhance"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Chorus"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Output\Types	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\Merit = "2097152"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32	MsiExec.exe

Runs .reg file with regedit 3 IoCs

pid	Process
4148	regedit.exe
4428	regedit.exe
1552	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
2004	msiexec.exe
2004	msiexec.exe
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	764	msiexec.exe
Token: SeIncreaseQuotaPrivilege	764	msiexec.exe
Token: SeSecurityPrivilege	2004	msiexec.exe
Token: SeCreateTokenPrivilege	764	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	764	msiexec.exe
Token: SeLockMemoryPrivilege	764	msiexec.exe
Token: SeIncreaseQuotaPrivilege	764	msiexec.exe
Token: SeMachineAccountPrivilege	764	msiexec.exe
Token: SeTcbPrivilege	764	msiexec.exe
Token: SeSecurityPrivilege	764	msiexec.exe
Token: SeTakeOwnershipPrivilege	764	msiexec.exe
Token: SeLoadDriverPrivilege	764	msiexec.exe
Token: SeSystemProfilePrivilege	764	msiexec.exe
Token: SeSystemtimePrivilege	764	msiexec.exe
Token: SeProfSingleProcessPrivilege	764	msiexec.exe
Token: SeIncBasePriorityPrivilege	764	msiexec.exe
Token: SeCreatePagefilePrivilege	764	msiexec.exe
Token: SeCreatePermanentPrivilege	764	msiexec.exe
Token: SeBackupPrivilege	764	msiexec.exe
Token: SeRestorePrivilege	764	msiexec.exe
Token: SeShutdownPrivilege	764	msiexec.exe
Token: SeDebugPrivilege	764	msiexec.exe
Token: SeAuditPrivilege	764	msiexec.exe
Token: SeSystemEnvironmentPrivilege	764	msiexec.exe
Token: SeChangeNotifyPrivilege	764	msiexec.exe
Token: SeRemoteShutdownPrivilege	764	msiexec.exe
Token: SeUndockPrivilege	764	msiexec.exe
Token: SeSyncAgentPrivilege	764	msiexec.exe
Token: SeEnableDelegationPrivilege	764	msiexec.exe
Token: SeManageVolumePrivilege	764	msiexec.exe
Token: SeImpersonatePrivilege	764	msiexec.exe
Token: SeCreateGlobalPrivilege	764	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe
Token: SeRestorePrivilege	2004	msiexec.exe
Token: SeTakeOwnershipPrivilege	2004	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4624	MAGIX Vegas 20.0.411.tmp

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp
4624	MAGIX Vegas 20.0.411.tmp

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 4976	4044	cmd.exe	78
PID 4044 wrote to memory of 4976	4044	cmd.exe	78
PID 4044 wrote to memory of 4976	4044	cmd.exe	78
PID 4976 wrote to memory of 4624	4976	MAGIX Vegas 20.0.411.exe	79
PID 4976 wrote to memory of 4624	4976	MAGIX Vegas 20.0.411.exe	79
PID 4976 wrote to memory of 4624	4976	MAGIX Vegas 20.0.411.exe	79
PID 4624 wrote to memory of 1552	4624	MAGIX Vegas 20.0.411.tmp	80
PID 4624 wrote to memory of 1552	4624	MAGIX Vegas 20.0.411.tmp	80
PID 4624 wrote to memory of 764	4624	MAGIX Vegas 20.0.411.tmp	81
PID 4624 wrote to memory of 764	4624	MAGIX Vegas 20.0.411.tmp	81
PID 2004 wrote to memory of 1496	2004	msiexec.exe	84
PID 2004 wrote to memory of 1496	2004	msiexec.exe	84
PID 2004 wrote to memory of 1496	2004	msiexec.exe	84
PID 2004 wrote to memory of 2824	2004	msiexec.exe	86
PID 2004 wrote to memory of 2824	2004	msiexec.exe	86
PID 2004 wrote to memory of 2824	2004	msiexec.exe	86
PID 2004 wrote to memory of 3680	2004	msiexec.exe	88
PID 2004 wrote to memory of 3680	2004	msiexec.exe	88
PID 2004 wrote to memory of 2572	2004	msiexec.exe	89
PID 2004 wrote to memory of 2572	2004	msiexec.exe	89
PID 2004 wrote to memory of 2076	2004	msiexec.exe	90
PID 2004 wrote to memory of 2076	2004	msiexec.exe	90
PID 2004 wrote to memory of 3368	2004	msiexec.exe	91
PID 2004 wrote to memory of 3368	2004	msiexec.exe	91
PID 2004 wrote to memory of 712	2004	msiexec.exe	92
PID 2004 wrote to memory of 712	2004	msiexec.exe	92
PID 2004 wrote to memory of 1460	2004	msiexec.exe	93
PID 2004 wrote to memory of 1460	2004	msiexec.exe	93
PID 2004 wrote to memory of 1988	2004	msiexec.exe	94
PID 2004 wrote to memory of 1988	2004	msiexec.exe	94
PID 2004 wrote to memory of 1576	2004	msiexec.exe	95
PID 2004 wrote to memory of 1576	2004	msiexec.exe	95
PID 2004 wrote to memory of 3104	2004	msiexec.exe	96
PID 2004 wrote to memory of 3104	2004	msiexec.exe	96
PID 2004 wrote to memory of 872	2004	msiexec.exe	97
PID 2004 wrote to memory of 872	2004	msiexec.exe	97
PID 2004 wrote to memory of 1236	2004	msiexec.exe	98
PID 2004 wrote to memory of 1236	2004	msiexec.exe	98
PID 2004 wrote to memory of 1468	2004	msiexec.exe	99
PID 2004 wrote to memory of 1468	2004	msiexec.exe	99
PID 2824 wrote to memory of 3564	2824	MsiExec.exe	100
PID 2824 wrote to memory of 3564	2824	MsiExec.exe	100
PID 2824 wrote to memory of 2752	2824	MsiExec.exe	101
PID 2824 wrote to memory of 2752	2824	MsiExec.exe	101
PID 2824 wrote to memory of 2752	2824	MsiExec.exe	101
PID 2752 wrote to memory of 2556	2752	ngen.exe	103
PID 2752 wrote to memory of 2556	2752	ngen.exe	103
PID 2752 wrote to memory of 2556	2752	ngen.exe	103
PID 2752 wrote to memory of 4688	2752	ngen.exe	104
PID 2752 wrote to memory of 4688	2752	ngen.exe	104
PID 2752 wrote to memory of 4688	2752	ngen.exe	104
PID 2752 wrote to memory of 4160	2752	ngen.exe	105
PID 2752 wrote to memory of 4160	2752	ngen.exe	105
PID 2752 wrote to memory of 4160	2752	ngen.exe	105
PID 2752 wrote to memory of 1552	2752	ngen.exe	106
PID 2752 wrote to memory of 1552	2752	ngen.exe	106
PID 2752 wrote to memory of 1552	2752	ngen.exe	106
PID 2752 wrote to memory of 2392	2752	ngen.exe	107
PID 2752 wrote to memory of 2392	2752	ngen.exe	107
PID 2752 wrote to memory of 2392	2752	ngen.exe	107
PID 2752 wrote to memory of 4616	2752	ngen.exe	138
PID 2752 wrote to memory of 4616	2752	ngen.exe	138
PID 2752 wrote to memory of 4616	2752	ngen.exe	138
PID 2752 wrote to memory of 4140	2752	ngen.exe	140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\_Silent Install.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe
  "MAGIX Vegas 20.0.411.exe" /VERYSILENT /TASKS=RUS,desktopicon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp" /SL5="$600D2,304104975,64512,C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe" /VERYSILENT /TASKS=RUS,desktopicon
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4624
  - - C:\Windows\regedit.exe
      "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
      4⤵
      Runs .reg file with regedit
      PID:1552
  - - C:\Windows\system32\msiexec.exe
      "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi" /qn MX_DESKTOPSHORTCUT=1 TARGETDIR64="C:\Program Files\VEGAS\VEGAS Pro 20.0"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:764
  - - C:\Windows\regedit.exe
      "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\ru.reg"
      4⤵
      Runs .reg file with regedit
      PID:4148
  - - C:\Windows\regedit.exe
      "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
      4⤵
      Runs .reg file with regedit
      PID:4428

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 09217AE15A4887D98006CFE6186AF926
  2⤵
  - Loads dropped DLL
  PID:1496
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 8591B5B963510DD569D43FF256787072 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
    "C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 1085
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Modifies data under HKEY_USERS
    PID:3564
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"
    3⤵
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 20c -Pipe 1b4 -Comment "NGen Worker Process"
      4⤵
      PID:2556
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2e8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4688
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4160
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 300 -Pipe 2ec -Comment "NGen Worker Process"
      4⤵
      PID:1552
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 310 -Pipe 314 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2392
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 318 -Comment "NGen Worker Process"
      4⤵
      PID:1140
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 300 -Comment "NGen Worker Process"
      4⤵
      PID:4140
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 31c -Pipe 338 -Comment "NGen Worker Process"
      4⤵
      PID:1188
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 340 -Pipe 22c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1396
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 310 -Pipe 2c4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1916
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 334 -Pipe 2e0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2784
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 328 -Comment "NGen Worker Process"
      4⤵
      PID:4920
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 324 -Pipe 30c -Comment "NGen Worker Process"
      4⤵
      PID:400
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 330 -Pipe 31c -Comment "NGen Worker Process"
      4⤵
      PID:4472
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 340 -Pipe 334 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3384
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 310 -Pipe 340 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2568
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 0 -NGENProcess 354 -Pipe 34c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4200
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 354 -Pipe 364 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1328
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 304 -Pipe 36c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:5056
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 388 -Pipe 370 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1404
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 388 -Pipe 384 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1792
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 348 -Pipe 33c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3376
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 378 -Pipe 398 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4784
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 39c -Pipe 3a8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3044
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 378 -Pipe 350 -Comment "NGen Worker Process"
      4⤵
      PID:4556
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3b8 -Pipe 3b4 -Comment "NGen Worker Process"
      4⤵
      PID:4652
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 3c8 -Pipe 394 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3456
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 390 -Pipe 3dc -Comment "NGen Worker Process"
      4⤵
      PID:4788
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 3c8 -Pipe 3b0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3696
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 390 -Comment "NGen Worker Process"
      4⤵
      PID:1200
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3e8 -Pipe 3d0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3584
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3fc -Pipe 3e0 -Comment "NGen Worker Process"
      4⤵
      PID:3108
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3ac -Comment "NGen Worker Process"
      4⤵
      PID:4200
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3fc -InterruptEvent 0 -NGENProcess 3bc -Pipe 3f0 -Comment "NGen Worker Process"
      4⤵
      PID:3060
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3cc -Comment "NGen Worker Process"
      4⤵
      PID:1864
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 3c8 -Pipe 3ec -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4616
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 39c -Comment "NGen Worker Process"
      4⤵
      PID:2444
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3bc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4140
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 368 -Pipe 380 -Comment "NGen Worker Process"
      4⤵
      PID:2540
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 374 -Pipe 368 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2380
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 330 -Pipe 2e4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:908
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 360 -Pipe 2c4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2724
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 32c -Pipe 344 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3476
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 3f4 -Pipe 360 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2196
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
    3⤵
    - Drops file in Windows directory
    PID:4084
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"
  2⤵
  - Loads dropped DLL
  PID:3680
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2572
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2076
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:3368
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:712
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1460
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1988
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1576
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:3104
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:872
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:1236
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
  2⤵
  - Registers COM server for autorun
  PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e580f9e.rbs

Filesize
15.6MB

MD5
a2ed9b79b71d4c0a8cb805dbc6aed228

SHA1
4577c24be5b4ffbb5ec4ec3279f50cfff1402ef2

SHA256
eab453992cbb219443d9a81cdcd4de6ab8369f21fbd0add9dc31dbf0862aeb97

SHA512
d41e810985b331e09954ec6a8b8794b6a9359afc50168310621c042e41484e7eaa491465dd8ce0c7c06a7782e85ff7bc49791549ec531544106955951070210f

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3_10.udat

Filesize
604KB

MD5
e34227582523dd5d6450d2a48e742d79

SHA1
0e7ad3795405d5eb2122fde5f0fc66ce74e1c855

SHA256
883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932

SHA512
cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg

Filesize
15KB

MD5
eef1e709e225fdfd1a4c247ef0e0a684

SHA1
955e1ed9b66eba8d30d327b0453636f431069e43

SHA256
90e01328f9525a72b7638e228873c437cd8cbb3bd8d1e237218db9c9e362a33d

SHA512
cd8ec0b57e61a746436ea9827d0fbc25b1a4048162f4aeeab103b4746a95e1dea843564bbe257eeac18273172a04b0bcbf0f973047cee320dfd4ae9599b07ca8

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_en_US.cfg

Filesize
15KB

MD5
1700b4b9e4cad89420c63e5d987726ab

SHA1
5db4aa25d0f0c3f8813d77391c5556e9a2a415fc

SHA256
2e19767c12bb501fbf1cfdf49ceb7ab25ab5cbeb5a38642f98d486e726e9c2ec

SHA512
8305ab3e0b074412afca99747e543504417b2cca209aaca45a87a52e3f5b6d7d170cf05db913259a7437f356a47c87c17f8132d514473d99932b58d6480567a1

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_es_ES.cfg

Filesize
14KB

MD5
9760865cc60798a9bfc1e27b8782c45a

SHA1
24d10d70ac93e687cffd563a06f27f68c7caea55

SHA256
7b06ea074897081ff1a51a29448e8463ceb943270478a14405aa88f7479c8bef

SHA512
f858d683e89f43ea0bd2858fd0f2ba06f27e77266dd5ddac08250b9904b988cbb7ef40bd6aa52c528bfb510505fa4bedecc4ee01f8ad72c90b16ebb0d7986731

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg

Filesize
14KB

MD5
900e140eb7091c26d4b1b555c6e362b5

SHA1
5214bc2833bdf53fe2a103c49773cef292e5ae48

SHA256
bb1c2ff46403c7d4c82304fa827e5fc401a98fac0d33d865974b676876597c57

SHA512
8dc147f20c48dff28553bfed6e08fc0ed2ad10579239a6fb0639c61d4014b03e33c152a13b229dd9c53284a59bdb87403ab5ad32d4d151a71e80e186c9fe220b

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_pt_BR.cfg

Filesize
14KB

MD5
22a39896ae01ede8b6ab0e5d7190fd69

SHA1
d684a31d2d6f306bcc98c46c62771e0ea923322b

SHA256
1b0e7702d21614267fd3b754ff88ac9e28ab2f39c2a7a1acb8dcab8383b05f4d

SHA512
394d1d67faaa37b0d4c84fb405bb92d4ef483cc06e5cd40e41ff87cb917896f9b0397af2aa8ac89752c85d07761ba4f1f3f3848e898a621beeeab8555230d228

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\36.css

Filesize
55B

MD5
afa7ee18ebf29250e6c1d58d117b0a8f

SHA1
82848e876d0559e24d95cdc27f4d81a20f96acd1

SHA256
ba77806fa2c2ffe1f2c896b4340eb169fe0cd0f7ad0706e1b4d6cfe8dfbc03f6

SHA512
054d13d69d68f8c3af0b9eed577d325877bc987699b29f622534f216a07c66f081edf16e6aa2c01635a0b9236191033abc7a904633fa918eefde87cb6baa61af

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_rec2020.spi1d

Filesize
76KB

MD5
67f295e9f8be3d15aa161031f3761b7c

SHA1
89fc2e9845ed297e16c05823b655520755a234fc

SHA256
4aa8c8265b737c5dd8604408899ff7ee9f70780f8b0d49ead183b48699a19b5d

SHA512
2dd2f2da4559a9f3e4f6363f5b96d3d94655026985f051889bb05fd6628d0051dc06632fff322e9057db9e2c71281d29ba1ee5a2ccab46813db26c558a7db3c6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS Pro 20 -- ShuttlePRO.pref

Filesize
11KB

MD5
252498dbc17973a2bcfd3f79aaf58bf7

SHA1
8fb11e85d99e4e853beed0298ca5515ba4b14b60

SHA256
6f2c945852e035c98d2aa9c8fda43b7074a17f0de994dbcd99f3bea24aa86949

SHA512
4b0b50d9130895226a78d88efa04a47b06583976028c9ff71b0743fdb84ddb971f77fc0e0816fb485b240cabddbee3a0e83d44043040f12f6e3e7922b799de3f

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

Filesize
1KB

MD5
23cb523b29b01b264127f906933c1514

SHA1
eb619c3cd448af1a182eb8cdb3e5127e0a527ef7

SHA256
1dfa17bcf3fb7a22e3dc58f11b08bc69c78cb8ab4466c6822ae3b03391f9fae0

SHA512
3cafe70c26d8331d7ee93aad436a1885cf71100ece7b1b452d289e1d583e00451a26d3b04303483615bcf6a43172d7596099b9ebf18a3a1223901304f8d627be

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

Filesize
2KB

MD5
c6558a2f2a726a99417ade99e900f958

SHA1
7847dcfdc349fffbfcf0dcd59b5998b235bae57a

SHA256
73a04a2dd7254acc7e8a2539f7f02970fef2778a5526094faa02f9d385cc8d08

SHA512
4e069170aca2a0ee9bdd3417b8c7f0635fe0a93235ea646a392c692b3dba678ca38e608f0726f082d5c251c377cd152b7977ce2516a6c30d6f78ed9e02023d77

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\HTML_ASSETS\release-banner.jpg

Filesize
3KB

MD5
6d5dc46f9bb6ca3b4991954c6ef4117c

SHA1
20a06a4ac4b1732ec0e676c507fc4a2860bea698

SHA256
2519a81c7d217824efe2c734c940d6a29e752df20e134b64b777a1506f306d79

SHA512
2abfb6431f3d42a785baff5dcf60b9798f0d9627ae47788cc31970a5c6c046412e47bd332d7b42b6e6bc5074eb22e17938a68921c1beb48a10c0d1365e01368d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe

Filesize
41.7MB

MD5
3093432fefad3a1be4d0a0c48ef02ea0

SHA1
e36afc3c8482a79a4d42b7cb57e788e0887ced4f

SHA256
fadcb8266b1802690cd34126996fcd0afd8ed7748d7b45f01e12cfd0ca71e6b9

SHA512
5e83261a19ac1a9e84db4bf5de84e55c1c8d8a8ec6a05687e0797f36473359b9a919de3e2cfb6c68631f998fbcf2d2469097aecf01f8361c5d3579b81834189b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\!!msiTarget64\Protein\is-MCJFU.tmp

Filesize
400B

MD5
0c1e88ce1761b3b91a12325c4b5cd7e1

SHA1
c1cde89c8c8624e3ee80eda4bddf914ed23a71a7

SHA256
164b291826b0f96044546db925332c677245ec1035b9f53808c2d1af5f999f62

SHA512
c5aa87f78f5981002aa16a100e3a8ca37837610eb476ae5e30b87a80c722c48a4140e246375fc5c74176cb96ad634675b2c051f88e7738b7914586525bd3869c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.chm

Filesize
47KB

MD5
2f72e2d18df0d6863de2b728aa943baa

SHA1
7fea25a58c85f4d67ba473eb0c565d532054d82b

SHA256
067c563c9557e097490bb3c5980a95115d9f6f6064086e2472fde89ad45f157a

SHA512
96cae7073c666beef8d03a920d2454e1925b655ed53e44939de4862fdce01c2f0ec935b2ed6c54dbb53029d836fa581e0fa100b4356dd233431b2a9b1b737751

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.dll

Filesize
5.8MB

MD5
36fc6c3385657831860504e811f71b53

SHA1
4022a504ff83a298c5ee8a3d18e56ebf992bd48a

SHA256
3fd04618f5ea9f59b6aaf1447602f0672b2ab76b10e2a9e613408b41931968a0

SHA512
673b228ceb40f311c7f0e63dae9c149a5c7434215ea5aa6ec0bf61304b2ca62f5d36422723b1ae5a3c8def0608db2b0edc9d233f47394863239d3f3c95b8d147

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plugrw.dll

Filesize
2.3MB

MD5
9a4bf31ef98aedbc301820fcb0f1a608

SHA1
8e3e4608f75be5f1cac1ffd0e3955e8f957b2533

SHA256
5053d52ea00511502ba832ba3b9b63f2b79dbc3fdbf0f9d0c2f7f741733992ec

SHA512
280504089de783df7d8661e55e043353d714af799afb1f750047e5fb85c4dbfb3c201f4eb18787ba38f404e4f623fba0cd9e7091800424ec8ce47b3d04cb9313

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\lrepacks.dll

Filesize
1KB

MD5
4f1a14e49b00be544481d943b0bcaa38

SHA1
a9649dc849df5b6713373606b3112ef729daad6c

SHA256
35ffd0cf34d46680fbe425df26df450f82cbf61784a05f4c3394981abd3cd6d0

SHA512
63ef42cf81060aadc6d04e3d4e6dbb810ab53780238f2592eb1b050acf81b0efe12dfe9cfdb46c747f6b3e20a751b0d6e1124e138396ce72a6a888e61610f885

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3studioplug\ac3studioencoder.dll

Filesize
86KB

MD5
839e72f3aee74b047362ec6ba5fe3567

SHA1
57781a9d357928ac0675fe628669f4deca6b6947

SHA256
3834071314deb9b95f13e6ad606c2606d6cd123cf7ccbc536a09e46652484c7a

SHA512
6de454e366e7b8861adaeb104281c44a62489d3032af9f1128fe40bc3ccf53cc1f42352e1d86de090e5ecd7da3b1866b0b1c456438caa56f7eb8065c6b5baeda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-BA6V2.tmp

Filesize
43KB

MD5
0f1fb541827cc6bcc3dbb777c00ca3ed

SHA1
18e68b072c1f24eadb0fe10353ca2725eb1e6869

SHA256
7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a

SHA512
d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-BJJQA.tmp

Filesize
16KB

MD5
b28fb870f7ac1fc58835cd538f0b3827

SHA1
6535d439db0938e9ca0779e07c6751a111c00183

SHA256
a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef

SHA512
88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-K7MQF.tmp

Filesize
16KB

MD5
24bacd15fc74bb26c48bc6d5b8ce4c98

SHA1
d1f1366025fd2bf0dd5d0a0b3508bc352e77a940

SHA256
c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f

SHA512
fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-Q3S6Q.tmp

Filesize
16KB

MD5
d403b68f94df24047f1f5c06ceb438ff

SHA1
fd41dd09cab1c9b522826715876fc050d3b444ae

SHA256
48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421

SHA512
45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\Language\is-QSQGQ.tmp

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\is-6HIK2.tmp

Filesize
123KB

MD5
d5c1877b824a8a99dd911891695e3352

SHA1
5942c1c6a6fec16014aa59c3620be1d344a2ea13

SHA256
0313f51c713f2fd18ff3c008e80cb36a55e30c9b8655c54b02c08be7da319c0c

SHA512
39c4d6ca223b39cc9a015005b2a042fa8dbcddf91ba31f435f597319640724754596c0eb0becb9ac51b2efbc0b7ff2be23e8b5ac123beeab77c6502d99175edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_deu.chm

Filesize
434KB

MD5
28189fe033f82b794cd4c787949b295b

SHA1
3bc70c77da4be191b1f9f29086d6bbeac93eaa27

SHA256
20700008e101f12f468052230f1cfc0f0312b61b81e9a2e309e8965f3b51117a

SHA512
4e0be27a4d152ada6a51521c975236f3108f23e5c2f5c40a248e71dab6cdd986fd4d6a354f07d721457634edc49427274b74141581cc72120244e201af96d77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_deu.chm

Filesize
42KB

MD5
9d0f926ca5d507617b2c9980940a4ec1

SHA1
19d57c14156482f0b9d4b9ac6e756dc3a2260821

SHA256
59be8d099b496c1f8784ef6fdb05bae981ea12d93c1e92f48cf96afbd55c73e0

SHA512
848e460ff2d573e92355e41f2630dd25f6c910bef2b850f49097e7bd156500a4196f004f3f9961d281fe295903c24b5e58f6ee85d354aa93548263d1dc6ade2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64_deu.chm

Filesize
183KB

MD5
7449d3c7a273366788882e044d736755

SHA1
46cd34f8abe3a12521b314fd8082bc01bff56bf6

SHA256
2c09932992c928c400ab8bbc96f9bc031558f4f8db0f01a69c6f0327a172cae7

SHA512
c3ce978606d6fe56b90767898b8a5af462ebd5cf1c63d73bbb5f4b0ade6f2e043c72a061eb4d16c722f5e2bb4688aa266e42c9b4b06b392fd3275edd40db99b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64_deu.chm

Filesize
238KB

MD5
e4306c3bad1148bd3917fcda912254e7

SHA1
09be8be0f26da548b8528c6fe50933d504e5bec4

SHA256
7c9c1e154e6eca6d90f5809440fcb64e3c845257db806954ddcbaf1f247ac99a

SHA512
6d8dfa3d1533bdc78743c7072c40d201d0a9b5c9dd75fcca6d86ec90a7a91dafa2d2018a11c32c8780579c4d18f2ae9e7956a42cc6ca912916dd3115b4eff4b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm

Filesize
240KB

MD5
d96c5c1d2791f5b740b5b742239cc14d

SHA1
f0cd9075d983fe059c39a46ec7c8255a34acf362

SHA256
203d202642e917d6175c28e684d0df0bb6b94fd5644af99571f2becb19d19096

SHA512
6d4f9d312ebab1c19bf35725d8775e4545a1de81f57c979e635617854eb63116565c96c7fc7c8da25f3e393ddbb8aa30e89d31466be9c1a170ca0d8ab7c0e71c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64_deu.chm

Filesize
254KB

MD5
05ec141b5d879f94a1fc4fb63dab7c90

SHA1
cd376464d523dbd969e1d459861de8b8b059d3ba

SHA256
686e522a6d0503cee89b31f28e6ce6d3b1af734b32f3be46d9b394535be1e9cc

SHA512
d3af9421171df4185ee5badc269d80943c1455b33d4223970128ae4841b51ce393084dadaede5f19b8aff89c91bd109e1e7a83b8dbed624970a1831b03b30355

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_deu.chm

Filesize
184KB

MD5
bdead6dd7d517b6551d6949273fafb38

SHA1
d388b3f6440454c7ab39c9f0aefc4420005b035f

SHA256
bdf4dc7b2d3416f157a0ff16161e4db34e37b9bf9f3936eb442ca4ae9536d782

SHA512
a01b9fd3099eeac05dc36e0768bb9439736076448621d1117d74090321f01a78ea50e25e442b59185872b1f1a4bd1e39036fc1d70b10cc1685ab690dddf5ae9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sftrkfx1_x64_deu.chm

Filesize
46KB

MD5
1f28955e3548fd0d125366ff897f4486

SHA1
2ce2e126216bab27a87f13ba0c3196dd3e69b40e

SHA256
2a2c5d5324f1838fd204206c513b72c36afaa3a7ac81bd1ef53cf6bde90227b7

SHA512
69129f9ae19b2a0c55aeb9871aea074f30dae0c1ac931484e7a9975345b1942720d30a33443ed82200a2e2721cd1da96a751d7f086e66b841be37741deb2153a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx1_x64_deu.chm

Filesize
221KB

MD5
ced225cf1ddc86d43d722fe3f43395cf

SHA1
af1c71b436d2f555092b8e95b48fe9d280f77b77

SHA256
7172285a843dfea02861a0ceb37df09420fe63c7cd57d7b4c78a510dc5e781e1

SHA512
0598400db2feb94fd4aa97d336eb7aeb1c2fd868c4a0b53d943ae84d122138a676da5a2bc9693c90ffdaa9dee5802a26474eedc18db3ffec1ccc5769bf6d0cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64_deu.chm

Filesize
191KB

MD5
b6c8248c7ead44d8f29f9e45654266c7

SHA1
0451c6a06b6fe85067775e1f17f8f1e03a2de79e

SHA256
7fca06a0d9f9b38e5dfc1536f7e9be5ab60573857d90d51cb817b0fd3bdfdb57

SHA512
ef19e040ec8b9ae3cc4944122492b75cdcff41a801fdb988cedda3ef8b20a57a3e99ef83c042dd51bea5b3249125978d549476493a0a6ddc613f66ff9f5c91da

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx3_x64_deu.chm

Filesize
195KB

MD5
38d74b2342a9750ddc419162a3b4bf8a

SHA1
b59125ad03290f87e8e1dc8fdbcd02ca3cc15a09

SHA256
55c48b9e003aa26c618db119af868bdfd958a5f55553d06d3f19ed5483622059

SHA512
9c98b02b2088a9ee15b891db56e2cf43ed6e12ac9464ae16528195e36c14b516c9c2ff8637f5e3f3feac400783625d2e88e8e0dcf41f49ff08514771efc10382

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm

Filesize
367KB

MD5
05fba5470961d350729077f24f2e226c

SHA1
8199bf209bf6923d4185fb960ef8624b3d8a22a6

SHA256
8706882eb4f2d42a63da17daddea5a5a7186ee4b4292f4489624ca30d61d8662

SHA512
d7b7dc117922df0447577cba07d762fdd88a1b6f6cdac93169304e7724399ef5afcb49d2e888bc0b073099fb672397ba4a28162871e501b8290aa11e57fa01bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vegas_deu.chm

Filesize
10.5MB

MD5
ad71246de2a860f980b7298519510c21

SHA1
420d54a1b88039d4f554f2e567b27c5377df53e6

SHA256
65cae474ca7fbd4cb3f49f6cc2a871fcd97be3f67c995af83be35ed5c60ef9ed

SHA512
1ec0e10c4113f859f628905838d6622cdd963973d208e85d5135dc35bb2b48274ad4129329fc4fdd56254f89ca4119e63c6be4c576838da12f3e8d0d479681b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx_deu.chm

Filesize
4.3MB

MD5
02a37529c636b810f022d92ea9280403

SHA1
02a1ce65fed7436bd7b28edb4ea55425107c5d12

SHA256
52846b9e45a1bf9b1d301ae04c6c9fcec31ca6f90c73af10138087efc49b387e

SHA512
2e0e46120b972aa1927ad58fa79e4f3c2cd170781c671fdd7e3e81020395359c1b1c78442dd0dce655fd0eba40b9cc394ae91338189d81effe9f7b9c3e2f22b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\xpvinyl_x64_deu.chm

Filesize
45KB

MD5
9ff814b3438a27e4b9922cd6a456c841

SHA1
9093622fa91ab1329a7e97485356e1462a7f1021

SHA256
d1c5d986e115c180373673668f2cf341070d0e7b9c02549c439370fd8436952c

SHA512
ca383b963455572ce920266591c71a6eb0baae3fd301a8b7877767baf890bad9c15b09e692cd0a06e9edb6ac62ea580d02549c38b09a8455ccc70d2cf6dac421

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_SetupInfo.ini

Filesize
2KB

MD5
d01419d02c71e590338368fdb1ded4b0

SHA1
533f5c9147b51a2a74342dfea2f952bde0c0559f

SHA256
fc12395775b26f77a44ecc5fac596eff8ff32a1fcbfe225fd2b1544ad8165347

SHA512
b6fd693805019553ac8c1a6d4537a5378a16814ff09ab3fff4d5a748bb9a8c022a7c001fec56b1ec37a2e6e9ee93b36c0cea348334b5af84cdea885b31440397

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_SetupRes.mxres

Filesize
2.3MB

MD5
35b41455060bf1766890ad4d31a49835

SHA1
813ed4d2949c616a0d649dc35295cfa0018caba5

SHA256
bf3377ed0f7eca679631cfc3abd9a8509a27be0e2f5d039cf484a13237e2070e

SHA512
4285f09fb7eec72efcbd290d18495b436b0435dc7a83f4dff90a09c7dcf964350a14b9d6ba77855be8eca1982dc78d7fa642fa65e6981e484903c05ced5f2f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup.exe

Filesize
4.6MB

MD5
04fb89ed372c0ae2c7fc694f8e78674d

SHA1
04eb033741e32ed3c73237fc4ebbe3fa40e8d1f8

SHA256
cfc902083b8d343a34d99059064dcf9e67add5295257662351adf8d4118ebe83

SHA512
569dbc07a6cc6ee398f2791ce8c739935e9e2b7ead5d1119c5b0ba052f9275c04fc68c07c610cf6fa817151a6a5a526227af142c8e65baaeb051e907734c75f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi

Filesize
2.8MB

MD5
3984e2c94a919c262e1b6809ce845138

SHA1
c6a38b5350db206a1da37ff194e5d103865d5b8a

SHA256
a3c36305c3af58816ace57688a84bc3ee8096e4e78ead8b428335023e0df3c3c

SHA512
47dfe2808fa1715d30c4444a40c2f4eb9cb37f97043238af92389aadcfeda44730785d0f88fd60acb836785542a12e29b7289ae986df08ea951457ffa46369bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\readme\is-ULESP.tmp

Filesize
42KB

MD5
ebaeda4e1c37e4064c13690311301566

SHA1
c2d298a754e2199b1a4ff8310bd6192478764b83

SHA256
cc1bd4c738f3bbe40164cee012cb5498cb5e6ed1ab66d1a782d5101e608ea9bf

SHA512
ffdaa0cb0250066a2a9fc46e7b3c11c635c2a14ee36f43f001e5dfcdeae4e2641dcfc8c2810bafa64d01e601e9f923e68f5d2e610a8aee65222f14dd2cddc660

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp

Filesize
911KB

MD5
3cf000f76aebe1287fbce80803691eef

SHA1
1abfd84af565006ab0eb5048c62827db64ba6d20

SHA256
2ec46149ff09b8028c0892b98c25eeb839052fae520b8692e1edbe3e1e90e555

SHA512
0aa4a80a550e1319ac49298fc9fe792b078d37d0099e2a4033d4022da44e49c4b641d07eb3cd8bfbfd9badbcf1975c3c494f790dd7151125f79a76b1ae62c6ef

Download Submit
C:\Windows\Fonts\mark_my_words.otf

Filesize
104KB

MD5
7c63423376c2f45b7d76537c933a95cc

SHA1
58561511026f8761d1a90a6bee79d4a152b420f0

SHA256
57c478c62fb66a6dcc1281e1f92f741fedeb2e60ad42b4a06825336f1f3506eb

SHA512
e15d075df3574bd7fc9191506cb113ed17767d1a50cc918ea1d7c75b22c5165a7b5ad33ddb453c5c7d4efa6ad182f90f2a1a1857c614acbbada34202e6c79a81

Download Submit
C:\Windows\Installer\MSI1085.tmp

Filesize
1.7MB

MD5
cac46674c136dcfa1007c4474f74709c

SHA1
0e57991728954ece3258ac10c68722ab277291a8

SHA256
e6c3090f601c83088bc7c481e8384b487f2e0a9a5fa0ceadac890224401416f9

SHA512
ea54e2190e3c6019bf832aec09508520c54c3b5ca146dc7925c0a412cfcc291d328005e1922ac8f5f686a82061b48d81ab56174cc3fae3ef5813724a601068ed

Download Submit
C:\Windows\Installer\MSI1172.tmp

Filesize
191KB

MD5
205796434c869552ef4dd52df0137a71

SHA1
3f38351609a85a4409be780b7186eb207082f703

SHA256
3853de73a45b0f653d93de3c9884bf244fba54fdb715d54db5fb04f9ffecbf0f

SHA512
5eb324d9996841476ea1826cb09fc232562056a7345bbcb8937a1674a549a64d0616dac19d5e2293f473a7d2dcf19ff96c80bd8628aecf6ec9a1d9a810927133

Download Submit
C:\Windows\Installer\MSI154D.tmp

Filesize
119KB

MD5
33b1ab9ee145562cbb7ca93fc5f464c2

SHA1
1431d7c0dda4728211e74581952574ed3b30ef28

SHA256
919d4075d01032a88b5dbd46e0c1ed2c1c6fe695404668e72656fda1ad80b22e

SHA512
11662b918d88a77c1e7ed666ac4c161ae3f5c9cde9b378e3d29f66d95f34df92d3fc8e2f6f3e8774a98eabc612dc61188705f6c38e65beb015f40a958a4d832a

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

Filesize
146KB

MD5
a683ced06002f839eee1c1a5fc38acb3

SHA1
3f57f12b4528a365f374be4e1656d225a26836e3

SHA256
3234194f7c31820554ae45802efcb44554b550ce4e69e5d879c7894ce68ee943

SHA512
2f15c00f522fba846ef4639e8c7e5a5bc7d202f7bcc1b85f67ec40ae89f6e052d5f55cc00871cf60968fcbc6c3262cf49b61683681a62cfe8608a51f78709360

Download Submit
memory/1140-6403-0x0000000007230000-0x000000000727C000-memory.dmp

Filesize
304KB

Download
memory/1140-6402-0x0000000005C60000-0x0000000005FB7000-memory.dmp

Filesize
3.3MB

Download
memory/1916-6449-0x0000000006DD0000-0x0000000006DF1000-memory.dmp

Filesize
132KB

Download
memory/2392-6371-0x0000000006040000-0x0000000006397000-memory.dmp

Filesize
3.3MB

Download
memory/2556-6301-0x0000000005F20000-0x0000000005F68000-memory.dmp

Filesize
288KB

Download
memory/2556-6322-0x0000000006F60000-0x0000000006F7C000-memory.dmp

Filesize
112KB

Download
memory/2556-6296-0x0000000003C80000-0x0000000003C88000-memory.dmp

Filesize
32KB

Download
memory/2556-6297-0x0000000003C90000-0x0000000003CB5000-memory.dmp

Filesize
148KB

Download
memory/2556-6298-0x0000000005E70000-0x0000000005EC6000-memory.dmp

Filesize
344KB

Download
memory/2556-6320-0x0000000006F30000-0x0000000006F52000-memory.dmp

Filesize
136KB

Download
memory/2556-6325-0x0000000007120000-0x0000000007140000-memory.dmp

Filesize
128KB

Download
memory/2556-6327-0x0000000007260000-0x0000000007282000-memory.dmp

Filesize
136KB

Download
memory/2556-6329-0x00000000072E0000-0x0000000007324000-memory.dmp

Filesize
272KB

Download
memory/2556-6332-0x0000000007570000-0x00000000075ED000-memory.dmp

Filesize
500KB

Download
memory/2556-6333-0x00000000072B0000-0x00000000072BA000-memory.dmp

Filesize
40KB

Download
memory/2556-6334-0x0000000007330000-0x0000000007350000-memory.dmp

Filesize
128KB

Download
memory/2556-6337-0x0000000007CF0000-0x0000000007D2C000-memory.dmp

Filesize
240KB

Download
memory/2556-6338-0x0000000007630000-0x0000000007642000-memory.dmp

Filesize
72KB

Download
memory/2556-6336-0x0000000007610000-0x000000000762A000-memory.dmp

Filesize
104KB

Download
memory/2556-6335-0x0000000007E40000-0x0000000007FC8000-memory.dmp

Filesize
1.5MB

Download
memory/2556-6331-0x0000000007B80000-0x0000000007CA2000-memory.dmp

Filesize
1.1MB

Download
memory/2556-6330-0x0000000007290000-0x00000000072AA000-memory.dmp

Filesize
104KB

Download
memory/2556-6328-0x0000000007360000-0x000000000742E000-memory.dmp

Filesize
824KB

Download
memory/2556-6326-0x0000000007180000-0x00000000071B2000-memory.dmp

Filesize
200KB

Download
memory/2556-6324-0x0000000006FD0000-0x0000000006FE2000-memory.dmp

Filesize
72KB

Download
memory/2556-6323-0x0000000008050000-0x000000000851C000-memory.dmp

Filesize
4.8MB

Download
memory/2556-6321-0x00000000071C0000-0x0000000007252000-memory.dmp

Filesize
584KB

Download
memory/2556-6295-0x0000000003C70000-0x0000000003C78000-memory.dmp

Filesize
32KB

Download
memory/2556-6319-0x0000000007650000-0x0000000007B7C000-memory.dmp

Filesize
5.2MB

Download
memory/2556-6313-0x0000000006DC0000-0x0000000006DE2000-memory.dmp

Filesize
136KB

Download
memory/2556-6318-0x00000000070B0000-0x0000000007116000-memory.dmp

Filesize
408KB

Download
memory/2556-6317-0x0000000006FF0000-0x00000000070A2000-memory.dmp

Filesize
712KB

Download
memory/2556-6316-0x0000000006EE0000-0x0000000006F30000-memory.dmp

Filesize
320KB

Download
memory/2556-6315-0x0000000006E50000-0x0000000006E8C000-memory.dmp

Filesize
240KB

Download
memory/2556-6314-0x0000000006DF0000-0x0000000006E0E000-memory.dmp

Filesize
120KB

Download
memory/2556-6312-0x0000000006420000-0x000000000646C000-memory.dmp

Filesize
304KB

Download
memory/2556-6311-0x00000000060D0000-0x00000000060D8000-memory.dmp

Filesize
32KB

Download
memory/2556-6302-0x0000000005F70000-0x0000000005F78000-memory.dmp

Filesize
32KB

Download
memory/2556-6303-0x0000000005FA0000-0x0000000005FB2000-memory.dmp

Filesize
72KB

Download
memory/2556-6309-0x0000000006A30000-0x0000000006D87000-memory.dmp

Filesize
3.3MB

Download
memory/2556-6304-0x0000000005FC0000-0x0000000005FDC000-memory.dmp

Filesize
112KB

Download
memory/2556-6306-0x00000000060F0000-0x000000000615C000-memory.dmp

Filesize
432KB

Download
memory/2556-6307-0x00000000061E0000-0x000000000625A000-memory.dmp

Filesize
488KB

Download
memory/2556-6308-0x0000000006080000-0x000000000608A000-memory.dmp

Filesize
40KB

Download
memory/2556-6305-0x0000000006030000-0x000000000607F000-memory.dmp

Filesize
316KB

Download
memory/2556-6300-0x0000000006480000-0x0000000006A26000-memory.dmp

Filesize
5.6MB

Download
memory/2556-6299-0x0000000003CD0000-0x0000000003CE0000-memory.dmp

Filesize
64KB

Download
memory/3376-6635-0x0000000002E80000-0x0000000002EFD000-memory.dmp

Filesize
500KB

Download
memory/4200-6557-0x0000000007250000-0x00000000072CD000-memory.dmp

Filesize
500KB

Download
memory/4472-6558-0x0000000008800000-0x0000000008821000-memory.dmp

Filesize
132KB

Download
memory/4624-59-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-60-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-77-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-78-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-79-0x00000000071E0000-0x00000000071E1000-memory.dmp

Filesize
4KB

Download
memory/4624-80-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-81-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-82-0x00000000071F0000-0x00000000071F1000-memory.dmp

Filesize
4KB

Download
memory/4624-83-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-84-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-48-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-45-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-36-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-25-0x00000000070C0000-0x00000000070C1000-memory.dmp

Filesize
4KB

Download
memory/4624-26-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-27-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-29-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-30-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-31-0x00000000070E0000-0x00000000070E1000-memory.dmp

Filesize
4KB

Download
memory/4624-33-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-34-0x00000000070F0000-0x00000000070F1000-memory.dmp

Filesize
4KB

Download
memory/4624-75-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-74-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-73-0x00000000071C0000-0x00000000071C1000-memory.dmp

Filesize
4KB

Download
memory/4624-72-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-71-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-70-0x00000000071B0000-0x00000000071B1000-memory.dmp

Filesize
4KB

Download
memory/4624-7048-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-69-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-68-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-67-0x00000000071A0000-0x00000000071A1000-memory.dmp

Filesize
4KB

Download
memory/4624-66-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-65-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-64-0x0000000007190000-0x0000000007191000-memory.dmp

Filesize
4KB

Download
memory/4624-63-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-62-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-61-0x0000000007180000-0x0000000007181000-memory.dmp

Filesize
4KB

Download
memory/4624-76-0x00000000071D0000-0x00000000071D1000-memory.dmp

Filesize
4KB

Download
memory/4624-42-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-58-0x0000000007170000-0x0000000007171000-memory.dmp

Filesize
4KB

Download
memory/4624-57-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-56-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-53-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-52-0x0000000007150000-0x0000000007151000-memory.dmp

Filesize
4KB

Download
memory/4624-51-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-2626-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-2569-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-2540-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-2365-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-2366-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-50-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-49-0x0000000007140000-0x0000000007141000-memory.dmp

Filesize
4KB

Download
memory/4624-47-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-46-0x0000000007130000-0x0000000007131000-memory.dmp

Filesize
4KB

Download
memory/4624-55-0x0000000007160000-0x0000000007161000-memory.dmp

Filesize
4KB

Download
memory/4624-54-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-43-0x0000000007120000-0x0000000007121000-memory.dmp

Filesize
4KB

Download
memory/4624-89-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-88-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-87-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-35-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-44-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-37-0x0000000007100000-0x0000000007101000-memory.dmp

Filesize
4KB

Download
memory/4624-38-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-32-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-28-0x00000000070D0000-0x00000000070D1000-memory.dmp

Filesize
4KB

Download
memory/4624-23-0x0000000006C50000-0x0000000006F6A000-memory.dmp

Filesize
3.1MB

Download
memory/4624-17-0x0000000006A30000-0x0000000006A46000-memory.dmp

Filesize
88KB

Download
memory/4624-11-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4624-39-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4624-40-0x0000000007110000-0x0000000007111000-memory.dmp

Filesize
4KB

Download
memory/4624-41-0x0000000006F70000-0x00000000070B0000-memory.dmp

Filesize
1.2MB

Download
memory/4976-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/4976-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download