Malware Analysis Report

2025-08-05 20:07

Sample ID 240611-skcgha1hrn
Target MAGIX.Vegas.20.0.411.rar
SHA256 e513658df9b96c8a30dfa822752035830d1e77fe643dc6ca41650b3120f440d3
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

e513658df9b96c8a30dfa822752035830d1e77fe643dc6ca41650b3120f440d3

Threat Level: Shows suspicious behavior

The file MAGIX.Vegas.20.0.411.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Loads dropped DLL

Registers COM server for autorun

Executes dropped EXE

Enumerates connected drives

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Runs .reg file with regedit

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Opens file in notepad (likely ransom note)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 15:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240426-en

Max time kernel

146s

Max time network

157s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\EN.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\EN.reg"

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240419-en

Max time kernel

122s

Max time network

142s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\JA.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\JA.reg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240508-en

Max time kernel

137s

Max time network

156s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\KO.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\KO.reg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240508-en

Max time kernel

138s

Max time network

156s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\RU.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\RU.reg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240426-en

Max time kernel

145s

Max time network

153s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\SP.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\SP.reg"

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240426-en

Max time kernel

146s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{413A0975-168F-46C8-AE58-88E8D4D36AFD}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F24-196D-11D1-B99B-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65A0ED34-90A1-46F6-99B7-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224541-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA1-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\xpvinyl_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA1-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1919819-AA5F-3A56-A45E-E96DD1AEC641}\LocalServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\DLLDEV32i.dll C:\Windows\system32\msiexec.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_esp.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\ffmpeg.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\ProjectInterchange.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\RegModule_x64\mxmpeg2_x64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\opencv_core460.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\sfldsim.ldd.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_cutout.ofx.bundle\Contents\Resources\spica_cutout.fr-FR.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\System.Buffers.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Synth Bass Compression.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm6K_to_REC.709.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\contents2.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\CredentialManagement.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_48_nits_Shaper.RRT.Rec.709.spi3d C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.fr-FR.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Resources\TitlesAndText.fr-FR.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\VegasOfxRotation.pt-BR.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\AjaVideoProperties.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\colorgradingwindow.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\eFX_TubeStage.htm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\2fca99749fdb49aeb121a5b63ef568f7\plugin.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\_msi_keyfile_ixgm1x634e7u2mw2nsqodvrcc C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\DeEsser\Default.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Phaser\Default.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_1000_nits_Shaper_to_linear.spi1d C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\sfsbdmux.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Tube Console Master Bus.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Presets\PresetPackage.de-DE.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\TransitionWPFLibrary.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\[Sys] Female Up-Front.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] SlapBack.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\flacplug\flacplug_fra.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixAiFx.ofx.bundle\Contents\Resources\MagixAiFx.es-ES.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcmp4xavcs\mc_cpu\mc_enc_avc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.Web.WebView2.Wpf.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Presets\PresetPackage.pt-BR.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxhevcplug\SonyRawDev.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3plug.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\Default.efx C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\_msi_keyfile_dw332cbm3b6ue5z2b4gwxp4ut C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_esp.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\DetailedRenderLibrary.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces\luts\adx_adx10_to_cdd.spimtx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.Extensions.Logging.Abstractions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Resources\Stabilize.es-ES.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Aggressive Bassdrum.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\44.css C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Snare Cleanup.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\fr.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_48_nits_Shaper.RRT.sRGB__D60_sim._.spi3d C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.CognitiveServices.Speech.extension.kws.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\[Sys] Fast modulation.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixAiFx.ofx.bundle\Contents\Resources\MagixAiFx.de-DE.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.pl-PL.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\es\ScriptPortal.MediaSoftware.Archive.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\V-Log_to_REC.709.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\WebView2Loader.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Compressor_Acoustic_Guitar.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Resources\Filters.ko-KR.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx.chm C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1118-0\System.Security.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13c4-0\System.Numerics.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSI60F8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI61A5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\marguerite.otf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8898.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e585fd2.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\650-0\System.Data.SqlXml.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\950-0\System.Windows.Forms.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\Grand_Aventure_Shadow.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\hotel_de_paris_Xe.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\45c6202a7ea96c52643221352c836c4b\SMDiagnostics.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\a0cdcec9e91c643473569865e49a8857\Microsoft.VisualC.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1094-0\Vegmuxfa.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSI61F5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI690D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\Gloss_And_Bloom.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\work_in_progress.otf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI93C7.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdh\e32d8fa2a75184a2d5ac3458fa2e1e89\Vegmuxdh.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ec0-0\Accessibility.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSI65DE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6E56.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\LaGuapita.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\rose_of_baltimore.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\SilverCharmDuo.otf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI93FB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFC586C3A0CC4AB4CF.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6354.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6366.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\Wasted.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9f0-0\System.Runtime.Serialization.Formatters.Soap.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\994-0\System.Configuration.Install.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\10ec-0\Vegmuxfc.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Installer\e585fce.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI64ED.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI650D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\MarkMyWordsClean.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\7c4-0\BdmuxServer.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\6c4-0\mux.net.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\Fonts\beyond_the_mountains.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\mark_my_words.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\the_breakdown.otf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8887.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\c4b8b8fd8fb0bfdcc45bd23336395c65\System.Runtime.Remoting.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\6dbe1f10baaa1b605d747b4359036e1c\System.ServiceModel.Internals.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\{B7A01017-2E89-43C2-8B05-C03E0CD4C64D}\ProgramIcon.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI91E1.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI67C3.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6A87.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\bakery.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\mocking_bird.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\Thinking_of_Betty_Light.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.82d5542b#\9576fa690680ac6742feeedf37f7019d\System.Web.RegularExpressions.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4ab6b86800d4391f78a1da9440138c33\System.Web.Services.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Fonts\base05.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\3db036b964974b08b3fba860d798e263\System.DirectoryServices.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1190-0\System.ServiceProcess.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSIC55C.tmp C:\Windows\system32\msiexec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\701 = "0" C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\700 = "0" C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0 C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\Merit = "2097152" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}\Pins C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\FriendlyName = "VEGAS Track Compressor" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\ = "SfGeq Property Page3" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input\Direction = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{B97C0F22-196D-11D1-B99B-00A0C9053912}\ = "VEGAS Time Stretch" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Output C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\ = "Multi-Band Dynamics" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Output\IsRendered = "0" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\Pins\Output C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\ = "SfFlange Property Page" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CBDF57B-9A33-4DD4-B33A-4BD31B5E1C13} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000004-0F56-11D2-9887-00A0C969725B} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\Pins\Input\ConnectsToPin = "Output" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200\shell\Open C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\03F048F3672C0654F8D505532D221039\71010A7B98E22C34B8500CE3C04D6CD4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5FF5B4A1-858F-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\Pins\Output C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Input\Direction = "0" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000000-0F56-11D2-9887-00A0C969725B} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Output C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\Merit = "2097152" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedMany = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedZero = "0" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Input C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_sfa\ = "SFA File" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedMany = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\Pins\Output\Direction = "1" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000001-0F56-11D2-9887-00A0C969725B} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Input\ConnectsToPin = "Output" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Merit = "2097152" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Merit = "2097152" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\Pins\Input\Direction = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71010A7B98E22C34B8500CE3C04D6CD4\PackageCode = "2E406092BA5D40242925FA19B50D305D" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedMany = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000001-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Delay" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Input\Types C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\Pins C:\Windows\System32\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000000-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000 C:\Windows\System32\MsiExec.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3836 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp
PID 3836 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp
PID 3836 wrote to memory of 3044 N/A C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp
PID 3044 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\regedit.exe
PID 3044 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\regedit.exe
PID 3044 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\system32\msiexec.exe
PID 3044 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\system32\msiexec.exe
PID 3496 wrote to memory of 3492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3496 wrote to memory of 3492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3496 wrote to memory of 3492 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3496 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3496 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3496 wrote to memory of 2652 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3496 wrote to memory of 3036 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 3036 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 4904 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 4904 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 992 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 992 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 4364 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 4364 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 3956 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 3956 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2884 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2884 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2480 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2480 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 1656 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 1656 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 4984 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 4984 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2892 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2892 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2708 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 2708 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 3156 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3496 wrote to memory of 3156 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2652 wrote to memory of 3052 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
PID 2652 wrote to memory of 3052 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
PID 2652 wrote to memory of 2964 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
PID 2652 wrote to memory of 2964 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
PID 2652 wrote to memory of 2964 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
PID 2964 wrote to memory of 4980 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4980 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4980 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 1988 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 1988 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 1988 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4612 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4612 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4612 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 1732 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 1732 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 1732 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4876 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4876 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4876 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 2400 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 2400 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 2400 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4116 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4116 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4116 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2964 wrote to memory of 4332 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe

"C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe"

C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp

"C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp" /SL5="$80058,304104975,64512,C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe"

C:\Windows\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"

C:\Windows\system32\msiexec.exe

"msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi" /qn MX_DESKTOPSHORTCUT=0 TARGETDIR64="C:\Program Files\VEGAS\VEGAS Pro 20.0"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding FCD0142501B5309517ABF27882CDE757

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 54EEFC12066D2D1A1DC8F426A44AC7A7 E Global\MSI0000

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"

C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe

"C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 1085

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 204 -Pipe 210 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 22c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2ec -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2c4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 314 -Pipe 2d4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 338 -Pipe 334 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 328 -Pipe 340 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 348 -Pipe 314 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 360 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 34c -InterruptEvent 0 -NGENProcess 35c -Pipe 348 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 31c -Pipe 328 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 318 -Pipe 32c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 31c -Pipe 34c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 308 -Pipe 320 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 214 -Pipe 358 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 35c -Pipe 2e4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 338 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 30c -Pipe 308 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 344 -Pipe 31c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 354 -Pipe 310 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 214 -Pipe 2b0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 324 -Pipe 318 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 374 -Pipe 2f8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 380 -Pipe 3a8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 390 -Pipe 388 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 368 -Pipe 350 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 324 -Pipe 364 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 384 -Pipe 38c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 30c -Pipe 3a4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 394 -Pipe 378 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 374 -Pipe 3c0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 30c -Pipe 3b0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 324 -Pipe 380 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 33c -Pipe 2e8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 344 -Pipe 37c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 374 -Pipe 324 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 384 -Pipe 33c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 374 -Pipe 344 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 3ac -Pipe 2e0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 3b8 -Pipe 2f0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 214 -Pipe 35c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 390 -Pipe 354 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 368 -Pipe 36c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue

C:\Windows\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\ru.reg"

C:\Windows\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
GB 95.101.143.202:443 tcp
US 52.182.143.211:443 browser.pipe.aria.microsoft.com tcp
BE 88.221.83.218:443 r.bing.com tcp
BE 88.221.83.218:443 r.bing.com tcp
BE 88.221.83.218:443 r.bing.com tcp
BE 88.221.83.218:443 r.bing.com tcp
BE 88.221.83.218:443 r.bing.com tcp
BE 88.221.83.218:443 r.bing.com tcp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp

Files

memory/3836-0-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3836-2-0x0000000000401000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp

MD5 3cf000f76aebe1287fbce80803691eef
SHA1 1abfd84af565006ab0eb5048c62827db64ba6d20
SHA256 2ec46149ff09b8028c0892b98c25eeb839052fae520b8692e1edbe3e1e90e555
SHA512 0aa4a80a550e1319ac49298fc9fe792b078d37d0099e2a4033d4022da44e49c4b641d07eb3cd8bfbfd9badbcf1975c3c494f790dd7151125f79a76b1ae62c6ef

memory/3044-11-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-17-0x0000000006A20000-0x0000000006A36000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\ISTask.dll

MD5 86a1311d51c00b278cb7f27796ea442e
SHA1 ac08ac9d08f8f5380e2a9a65f4117862aa861a19
SHA256 e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d
SHA512 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VclStylesInno.dll

MD5 b0ca93ceb050a2feff0b19e65072bbb5
SHA1 7ebbbbe2d2acd8fd516f824338d254a33b69f08d
SHA256 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246
SHA512 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

memory/3044-23-0x0000000006C50000-0x0000000006F6A000-memory.dmp

memory/3044-26-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-36-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-83-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-82-0x00000000071F0000-0x00000000071F1000-memory.dmp

memory/3044-75-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-60-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-84-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-81-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-80-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-79-0x00000000071E0000-0x00000000071E1000-memory.dmp

memory/3044-78-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-77-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-76-0x00000000071D0000-0x00000000071D1000-memory.dmp

memory/3044-73-0x00000000071C0000-0x00000000071C1000-memory.dmp

memory/3044-72-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-71-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-64-0x0000000007190000-0x0000000007191000-memory.dmp

memory/3044-63-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-59-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-58-0x0000000007170000-0x0000000007171000-memory.dmp

memory/3044-57-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-56-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-55-0x0000000007160000-0x0000000007161000-memory.dmp

memory/3044-54-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-53-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-52-0x0000000007150000-0x0000000007151000-memory.dmp

memory/3044-51-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-50-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-49-0x0000000007140000-0x0000000007141000-memory.dmp

memory/3044-48-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-47-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-43-0x0000000007120000-0x0000000007121000-memory.dmp

memory/3044-42-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-41-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-40-0x0000000007110000-0x0000000007111000-memory.dmp

memory/3044-37-0x0000000007100000-0x0000000007101000-memory.dmp

memory/3044-74-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-69-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-70-0x00000000071B0000-0x00000000071B1000-memory.dmp

memory/3044-68-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-34-0x00000000070F0000-0x00000000070F1000-memory.dmp

memory/3044-33-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-67-0x00000000071A0000-0x00000000071A1000-memory.dmp

memory/3044-66-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-65-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-62-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-61-0x0000000007180000-0x0000000007181000-memory.dmp

memory/3044-46-0x0000000007130000-0x0000000007131000-memory.dmp

memory/3044-45-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-44-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-39-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-38-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-35-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-32-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-31-0x00000000070E0000-0x00000000070E1000-memory.dmp

memory/3044-30-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-29-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-28-0x00000000070D0000-0x00000000070D1000-memory.dmp

memory/3044-27-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3044-25-0x00000000070C0000-0x00000000070C1000-memory.dmp

memory/3044-87-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-88-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-89-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-96-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-101-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-102-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-103-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3044-352-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\!!msiTarget64\Protein\is-9SO2J.tmp

MD5 0c1e88ce1761b3b91a12325c4b5cd7e1
SHA1 c1cde89c8c8624e3ee80eda4bddf914ed23a71a7
SHA256 164b291826b0f96044546db925332c677245ec1035b9f53808c2d1af5f999f62
SHA512 c5aa87f78f5981002aa16a100e3a8ca37837610eb476ae5e30b87a80c722c48a4140e246375fc5c74176cb96ad634675b2c051f88e7738b7914586525bd3869c

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-VFEC4.tmp

MD5 0f1fb541827cc6bcc3dbb777c00ca3ed
SHA1 18e68b072c1f24eadb0fe10353ca2725eb1e6869
SHA256 7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a
SHA512 d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-CNC9B.tmp

MD5 b28fb870f7ac1fc58835cd538f0b3827
SHA1 6535d439db0938e9ca0779e07c6751a111c00183
SHA256 a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef
SHA512 88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-ACFMK.tmp

MD5 d403b68f94df24047f1f5c06ceb438ff
SHA1 fd41dd09cab1c9b522826715876fc050d3b444ae
SHA256 48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421
SHA512 45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-4SE19.tmp

MD5 24bacd15fc74bb26c48bc6d5b8ce4c98
SHA1 d1f1366025fd2bf0dd5d0a0b3508bc352e77a940
SHA256 c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f
SHA512 fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\Language\is-II5TT.tmp

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\is-P95PL.tmp

MD5 d5c1877b824a8a99dd911891695e3352
SHA1 5942c1c6a6fec16014aa59c3620be1d344a2ea13
SHA256 0313f51c713f2fd18ff3c008e80cb36a55e30c9b8655c54b02c08be7da319c0c
SHA512 39c4d6ca223b39cc9a015005b2a042fa8dbcddf91ba31f435f597319640724754596c0eb0becb9ac51b2efbc0b7ff2be23e8b5ac123beeab77c6502d99175edb

memory/3044-2627-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\readme\is-9KCVF.tmp

MD5 ebaeda4e1c37e4064c13690311301566
SHA1 c2d298a754e2199b1a4ff8310bd6192478764b83
SHA256 cc1bd4c738f3bbe40164cee012cb5498cb5e6ed1ab66d1a782d5101e608ea9bf
SHA512 ffdaa0cb0250066a2a9fc46e7b3c11c635c2a14ee36f43f001e5dfcdeae4e2641dcfc8c2810bafa64d01e601e9f923e68f5d2e610a8aee65222f14dd2cddc660

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vegas_deu.chm

MD5 ad71246de2a860f980b7298519510c21
SHA1 420d54a1b88039d4f554f2e567b27c5377df53e6
SHA256 65cae474ca7fbd4cb3f49f6cc2a871fcd97be3f67c995af83be35ed5c60ef9ed
SHA512 1ec0e10c4113f859f628905838d6622cdd963973d208e85d5135dc35bb2b48274ad4129329fc4fdd56254f89ca4119e63c6be4c576838da12f3e8d0d479681b4

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_deu.chm

MD5 9d0f926ca5d507617b2c9980940a4ec1
SHA1 19d57c14156482f0b9d4b9ac6e756dc3a2260821
SHA256 59be8d099b496c1f8784ef6fdb05bae981ea12d93c1e92f48cf96afbd55c73e0
SHA512 848e460ff2d573e92355e41f2630dd25f6c910bef2b850f49097e7bd156500a4196f004f3f9961d281fe295903c24b5e58f6ee85d354aa93548263d1dc6ade2e

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_deu.chm

MD5 28189fe033f82b794cd4c787949b295b
SHA1 3bc70c77da4be191b1f9f29086d6bbeac93eaa27
SHA256 20700008e101f12f468052230f1cfc0f0312b61b81e9a2e309e8965f3b51117a
SHA512 4e0be27a4d152ada6a51521c975236f3108f23e5c2f5c40a248e71dab6cdd986fd4d6a354f07d721457634edc49427274b74141581cc72120244e201af96d77b

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64_deu.chm

MD5 7449d3c7a273366788882e044d736755
SHA1 46cd34f8abe3a12521b314fd8082bc01bff56bf6
SHA256 2c09932992c928c400ab8bbc96f9bc031558f4f8db0f01a69c6f0327a172cae7
SHA512 c3ce978606d6fe56b90767898b8a5af462ebd5cf1c63d73bbb5f4b0ade6f2e043c72a061eb4d16c722f5e2bb4688aa266e42c9b4b06b392fd3275edd40db99b5

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64_deu.chm

MD5 e4306c3bad1148bd3917fcda912254e7
SHA1 09be8be0f26da548b8528c6fe50933d504e5bec4
SHA256 7c9c1e154e6eca6d90f5809440fcb64e3c845257db806954ddcbaf1f247ac99a
SHA512 6d8dfa3d1533bdc78743c7072c40d201d0a9b5c9dd75fcca6d86ec90a7a91dafa2d2018a11c32c8780579c4d18f2ae9e7956a42cc6ca912916dd3115b4eff4b9

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64_deu.chm

MD5 05ec141b5d879f94a1fc4fb63dab7c90
SHA1 cd376464d523dbd969e1d459861de8b8b059d3ba
SHA256 686e522a6d0503cee89b31f28e6ce6d3b1af734b32f3be46d9b394535be1e9cc
SHA512 d3af9421171df4185ee5badc269d80943c1455b33d4223970128ae4841b51ce393084dadaede5f19b8aff89c91bd109e1e7a83b8dbed624970a1831b03b30355

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm

MD5 d96c5c1d2791f5b740b5b742239cc14d
SHA1 f0cd9075d983fe059c39a46ec7c8255a34acf362
SHA256 203d202642e917d6175c28e684d0df0bb6b94fd5644af99571f2becb19d19096
SHA512 6d4f9d312ebab1c19bf35725d8775e4545a1de81f57c979e635617854eb63116565c96c7fc7c8da25f3e393ddbb8aa30e89d31466be9c1a170ca0d8ab7c0e71c

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_deu.chm

MD5 bdead6dd7d517b6551d6949273fafb38
SHA1 d388b3f6440454c7ab39c9f0aefc4420005b035f
SHA256 bdf4dc7b2d3416f157a0ff16161e4db34e37b9bf9f3936eb442ca4ae9536d782
SHA512 a01b9fd3099eeac05dc36e0768bb9439736076448621d1117d74090321f01a78ea50e25e442b59185872b1f1a4bd1e39036fc1d70b10cc1685ab690dddf5ae9b

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sftrkfx1_x64_deu.chm

MD5 1f28955e3548fd0d125366ff897f4486
SHA1 2ce2e126216bab27a87f13ba0c3196dd3e69b40e
SHA256 2a2c5d5324f1838fd204206c513b72c36afaa3a7ac81bd1ef53cf6bde90227b7
SHA512 69129f9ae19b2a0c55aeb9871aea074f30dae0c1ac931484e7a9975345b1942720d30a33443ed82200a2e2721cd1da96a751d7f086e66b841be37741deb2153a

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx1_x64_deu.chm

MD5 ced225cf1ddc86d43d722fe3f43395cf
SHA1 af1c71b436d2f555092b8e95b48fe9d280f77b77
SHA256 7172285a843dfea02861a0ceb37df09420fe63c7cd57d7b4c78a510dc5e781e1
SHA512 0598400db2feb94fd4aa97d336eb7aeb1c2fd868c4a0b53d943ae84d122138a676da5a2bc9693c90ffdaa9dee5802a26474eedc18db3ffec1ccc5769bf6d0cf3

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm

MD5 05fba5470961d350729077f24f2e226c
SHA1 8199bf209bf6923d4185fb960ef8624b3d8a22a6
SHA256 8706882eb4f2d42a63da17daddea5a5a7186ee4b4292f4489624ca30d61d8662
SHA512 d7b7dc117922df0447577cba07d762fdd88a1b6f6cdac93169304e7724399ef5afcb49d2e888bc0b073099fb672397ba4a28162871e501b8290aa11e57fa01bf

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx3_x64_deu.chm

MD5 38d74b2342a9750ddc419162a3b4bf8a
SHA1 b59125ad03290f87e8e1dc8fdbcd02ca3cc15a09
SHA256 55c48b9e003aa26c618db119af868bdfd958a5f55553d06d3f19ed5483622059
SHA512 9c98b02b2088a9ee15b891db56e2cf43ed6e12ac9464ae16528195e36c14b516c9c2ff8637f5e3f3feac400783625d2e88e8e0dcf41f49ff08514771efc10382

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64_deu.chm

MD5 b6c8248c7ead44d8f29f9e45654266c7
SHA1 0451c6a06b6fe85067775e1f17f8f1e03a2de79e
SHA256 7fca06a0d9f9b38e5dfc1536f7e9be5ab60573857d90d51cb817b0fd3bdfdb57
SHA512 ef19e040ec8b9ae3cc4944122492b75cdcff41a801fdb988cedda3ef8b20a57a3e99ef83c042dd51bea5b3249125978d549476493a0a6ddc613f66ff9f5c91da

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx_deu.chm

MD5 02a37529c636b810f022d92ea9280403
SHA1 02a1ce65fed7436bd7b28edb4ea55425107c5d12
SHA256 52846b9e45a1bf9b1d301ae04c6c9fcec31ca6f90c73af10138087efc49b387e
SHA512 2e0e46120b972aa1927ad58fa79e4f3c2cd170781c671fdd7e3e81020395359c1b1c78442dd0dce655fd0eba40b9cc394ae91338189d81effe9f7b9c3e2f22b8

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\xpvinyl_x64_deu.chm

MD5 9ff814b3438a27e4b9922cd6a456c841
SHA1 9093622fa91ab1329a7e97485356e1462a7f1021
SHA256 d1c5d986e115c180373673668f2cf341070d0e7b9c02549c439370fd8436952c
SHA512 ca383b963455572ce920266591c71a6eb0baae3fd301a8b7877767baf890bad9c15b09e692cd0a06e9edb6ac62ea580d02549c38b09a8455ccc70d2cf6dac421

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi

MD5 3984e2c94a919c262e1b6809ce845138
SHA1 c6a38b5350db206a1da37ff194e5d103865d5b8a
SHA256 a3c36305c3af58816ace57688a84bc3ee8096e4e78ead8b428335023e0df3c3c
SHA512 47dfe2808fa1715d30c4444a40c2f4eb9cb37f97043238af92389aadcfeda44730785d0f88fd60acb836785542a12e29b7289ae986df08ea951457ffa46369bd

C:\Windows\Installer\MSI607A.tmp

MD5 cac46674c136dcfa1007c4474f74709c
SHA1 0e57991728954ece3258ac10c68722ab277291a8
SHA256 e6c3090f601c83088bc7c481e8384b487f2e0a9a5fa0ceadac890224401416f9
SHA512 ea54e2190e3c6019bf832aec09508520c54c3b5ca146dc7925c0a412cfcc291d328005e1922ac8f5f686a82061b48d81ab56174cc3fae3ef5813724a601068ed

C:\Windows\Installer\MSI61A5.tmp

MD5 205796434c869552ef4dd52df0137a71
SHA1 3f38351609a85a4409be780b7186eb207082f703
SHA256 3853de73a45b0f653d93de3c9884bf244fba54fdb715d54db5fb04f9ffecbf0f
SHA512 5eb324d9996841476ea1826cb09fc232562056a7345bbcb8937a1674a549a64d0616dac19d5e2293f473a7d2dcf19ff96c80bd8628aecf6ec9a1d9a810927133

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3_10.udat

MD5 e34227582523dd5d6450d2a48e742d79
SHA1 0e7ad3795405d5eb2122fde5f0fc66ce74e1c855
SHA256 883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932
SHA512 cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.chm

MD5 2f72e2d18df0d6863de2b728aa943baa
SHA1 7fea25a58c85f4d67ba473eb0c565d532054d82b
SHA256 067c563c9557e097490bb3c5980a95115d9f6f6064086e2472fde89ad45f157a
SHA512 96cae7073c666beef8d03a920d2454e1925b655ed53e44939de4862fdce01c2f0ec935b2ed6c54dbb53029d836fa581e0fa100b4356dd233431b2a9b1b737751

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.dll

MD5 36fc6c3385657831860504e811f71b53
SHA1 4022a504ff83a298c5ee8a3d18e56ebf992bd48a
SHA256 3fd04618f5ea9f59b6aaf1447602f0672b2ab76b10e2a9e613408b41931968a0
SHA512 673b228ceb40f311c7f0e63dae9c149a5c7434215ea5aa6ec0bf61304b2ca62f5d36422723b1ae5a3c8def0608db2b0edc9d233f47394863239d3f3c95b8d147

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plugrw.dll

MD5 9a4bf31ef98aedbc301820fcb0f1a608
SHA1 8e3e4608f75be5f1cac1ffd0e3955e8f957b2533
SHA256 5053d52ea00511502ba832ba3b9b63f2b79dbc3fdbf0f9d0c2f7f741733992ec
SHA512 280504089de783df7d8661e55e043353d714af799afb1f750047e5fb85c4dbfb3c201f4eb18787ba38f404e4f623fba0cd9e7091800424ec8ce47b3d04cb9313

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\lrepacks.dll

MD5 4f1a14e49b00be544481d943b0bcaa38
SHA1 a9649dc849df5b6713373606b3112ef729daad6c
SHA256 35ffd0cf34d46680fbe425df26df450f82cbf61784a05f4c3394981abd3cd6d0
SHA512 63ef42cf81060aadc6d04e3d4e6dbb810ab53780238f2592eb1b050acf81b0efe12dfe9cfdb46c747f6b3e20a751b0d6e1124e138396ce72a6a888e61610f885

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3studioplug\ac3studioencoder.dll

MD5 839e72f3aee74b047362ec6ba5fe3567
SHA1 57781a9d357928ac0675fe628669f4deca6b6947
SHA256 3834071314deb9b95f13e6ad606c2606d6cd123cf7ccbc536a09e46652484c7a
SHA512 6de454e366e7b8861adaeb104281c44a62489d3032af9f1128fe40bc3ccf53cc1f42352e1d86de090e5ecd7da3b1866b0b1c456438caa56f7eb8065c6b5baeda

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.zip

MD5 76cdb2bad9582d23c1f6f4d868218d6c
SHA1 b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA256 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA512 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_SetupRes.mxres

MD5 35b41455060bf1766890ad4d31a49835
SHA1 813ed4d2949c616a0d649dc35295cfa0018caba5
SHA256 bf3377ed0f7eca679631cfc3abd9a8509a27be0e2f5d039cf484a13237e2070e
SHA512 4285f09fb7eec72efcbd290d18495b436b0435dc7a83f4dff90a09c7dcf964350a14b9d6ba77855be8eca1982dc78d7fa642fa65e6981e484903c05ced5f2f03

C:\Windows\Installer\MSI65DE.tmp

MD5 33b1ab9ee145562cbb7ca93fc5f464c2
SHA1 1431d7c0dda4728211e74581952574ed3b30ef28
SHA256 919d4075d01032a88b5dbd46e0c1ed2c1c6fe695404668e72656fda1ad80b22e
SHA512 11662b918d88a77c1e7ed666ac4c161ae3f5c9cde9b378e3d29f66d95f34df92d3fc8e2f6f3e8774a98eabc612dc61188705f6c38e65beb015f40a958a4d832a

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_SetupInfo.ini

MD5 d01419d02c71e590338368fdb1ded4b0
SHA1 533f5c9147b51a2a74342dfea2f952bde0c0559f
SHA256 fc12395775b26f77a44ecc5fac596eff8ff32a1fcbfe225fd2b1544ad8165347
SHA512 b6fd693805019553ac8c1a6d4537a5378a16814ff09ab3fff4d5a748bb9a8c022a7c001fec56b1ec37a2e6e9ee93b36c0cea348334b5af84cdea885b31440397

C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup.exe

MD5 04fb89ed372c0ae2c7fc694f8e78674d
SHA1 04eb033741e32ed3c73237fc4ebbe3fa40e8d1f8
SHA256 cfc902083b8d343a34d99059064dcf9e67add5295257662351adf8d4118ebe83
SHA512 569dbc07a6cc6ee398f2791ce8c739935e9e2b7ead5d1119c5b0ba052f9275c04fc68c07c610cf6fa817151a6a5a526227af142c8e65baaeb051e907734c75f8

C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\36.css

MD5 afa7ee18ebf29250e6c1d58d117b0a8f
SHA1 82848e876d0559e24d95cdc27f4d81a20f96acd1
SHA256 ba77806fa2c2ffe1f2c896b4340eb169fe0cd0f7ad0706e1b4d6cfe8dfbc03f6
SHA512 054d13d69d68f8c3af0b9eed577d325877bc987699b29f622534f216a07c66f081edf16e6aa2c01635a0b9236191033abc7a904633fa918eefde87cb6baa61af

C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_rec2020.spi1d

MD5 67f295e9f8be3d15aa161031f3761b7c
SHA1 89fc2e9845ed297e16c05823b655520755a234fc
SHA256 4aa8c8265b737c5dd8604408899ff7ee9f70780f8b0d49ead183b48699a19b5d
SHA512 2dd2f2da4559a9f3e4f6363f5b96d3d94655026985f051889bb05fd6628d0051dc06632fff322e9057db9e2c71281d29ba1ee5a2ccab46813db26c558a7db3c6

C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\HTML_ASSETS\release-banner.jpg

MD5 6d5dc46f9bb6ca3b4991954c6ef4117c
SHA1 20a06a4ac4b1732ec0e676c507fc4a2860bea698
SHA256 2519a81c7d217824efe2c734c940d6a29e752df20e134b64b777a1506f306d79
SHA512 2abfb6431f3d42a785baff5dcf60b9798f0d9627ae47788cc31970a5c6c046412e47bd332d7b42b6e6bc5074eb22e17938a68921c1beb48a10c0d1365e01368d

C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS Pro 20 -- ShuttlePRO.pref

MD5 252498dbc17973a2bcfd3f79aaf58bf7
SHA1 8fb11e85d99e4e853beed0298ca5515ba4b14b60
SHA256 6f2c945852e035c98d2aa9c8fda43b7074a17f0de994dbcd99f3bea24aa86949
SHA512 4b0b50d9130895226a78d88efa04a47b06583976028c9ff71b0743fdb84ddb971f77fc0e0816fb485b240cabddbee3a0e83d44043040f12f6e3e7922b799de3f

C:\Windows\Fonts\mark_my_words.otf

MD5 7c63423376c2f45b7d76537c933a95cc
SHA1 58561511026f8761d1a90a6bee79d4a152b420f0
SHA256 57c478c62fb66a6dcc1281e1f92f741fedeb2e60ad42b4a06825336f1f3506eb
SHA512 e15d075df3574bd7fc9191506cb113ed17767d1a50cc918ea1d7c75b22c5165a7b5ad33ddb453c5c7d4efa6ad182f90f2a1a1857c614acbbada34202e6c79a81

C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe

MD5 3093432fefad3a1be4d0a0c48ef02ea0
SHA1 e36afc3c8482a79a4d42b7cb57e788e0887ced4f
SHA256 fadcb8266b1802690cd34126996fcd0afd8ed7748d7b45f01e12cfd0ca71e6b9
SHA512 5e83261a19ac1a9e84db4bf5de84e55c1c8d8a8ec6a05687e0797f36473359b9a919de3e2cfb6c68631f998fbcf2d2469097aecf01f8361c5d3579b81834189b

C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

MD5 f4cc542f9b6ebaa24890661a9dc37c6a
SHA1 f21def37e5f7b4d117716c6c489874d4705d375c
SHA256 aae114be68cd90398ad3b45f328ef7ed8ad5a309c096ad70e9eda1c75ab28f31
SHA512 1ccff8ef3c23513556d36f25035b648e1bc700238e1687d7131b3374b4a8355bde0cf351131695c8bebd5387ea9eb5a9490ac4b8d7a890c70a8dbd9e3ae48a75

C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

MD5 faa1fd9d5a3c6342d723bb0484de65ed
SHA1 74ad3d54cfaf2fed73d801c0dda028305b553d63
SHA256 12bd0459ff92ba7c94fdc73c003e5eee5f87d55df4769ff2d94ba887a41690a9
SHA512 590d8932df2e7005855c560a53e2f481ff0ad446550f19a477792c2631a9e1b2c656147341ae56c36ef66f9bd4276e2089870e6ea6ba263d9bc6c732258c28ba

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_en_US.cfg

MD5 e2a69354fff2be1810bf0d2c5da73c40
SHA1 6eb935713030ee9068b89157caebc2e21a6b73d2
SHA256 0d4718fccee44b16a4d8bf3d369e7d4d99844df5904191829d56a304d2996ce6
SHA512 0bee0bc5079f7486e0e1cd0dd963404621a01bcfeb26b4d4004e64c615519b3df8125807e90c0da75af12bfba401b25c1279381dc7466f50620931db4ce120bb

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg

MD5 eef1e709e225fdfd1a4c247ef0e0a684
SHA1 955e1ed9b66eba8d30d327b0453636f431069e43
SHA256 90e01328f9525a72b7638e228873c437cd8cbb3bd8d1e237218db9c9e362a33d
SHA512 cd8ec0b57e61a746436ea9827d0fbc25b1a4048162f4aeeab103b4746a95e1dea843564bbe257eeac18273172a04b0bcbf0f973047cee320dfd4ae9599b07ca8

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_es_ES.cfg

MD5 9760865cc60798a9bfc1e27b8782c45a
SHA1 24d10d70ac93e687cffd563a06f27f68c7caea55
SHA256 7b06ea074897081ff1a51a29448e8463ceb943270478a14405aa88f7479c8bef
SHA512 f858d683e89f43ea0bd2858fd0f2ba06f27e77266dd5ddac08250b9904b988cbb7ef40bd6aa52c528bfb510505fa4bedecc4ee01f8ad72c90b16ebb0d7986731

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg

MD5 900e140eb7091c26d4b1b555c6e362b5
SHA1 5214bc2833bdf53fe2a103c49773cef292e5ae48
SHA256 bb1c2ff46403c7d4c82304fa827e5fc401a98fac0d33d865974b676876597c57
SHA512 8dc147f20c48dff28553bfed6e08fc0ed2ad10579239a6fb0639c61d4014b03e33c152a13b229dd9c53284a59bdb87403ab5ad32d4d151a71e80e186c9fe220b

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_pt_BR.cfg

MD5 22a39896ae01ede8b6ab0e5d7190fd69
SHA1 d684a31d2d6f306bcc98c46c62771e0ea923322b
SHA256 1b0e7702d21614267fd3b754ff88ac9e28ab2f39c2a7a1acb8dcab8383b05f4d
SHA512 394d1d67faaa37b0d4c84fb405bb92d4ef483cc06e5cd40e41ff87cb917896f9b0397af2aa8ac89752c85d07761ba4f1f3f3848e898a621beeeab8555230d228

memory/4980-6299-0x00000000037D0000-0x00000000037D8000-memory.dmp

memory/4980-6300-0x00000000037E0000-0x00000000037E8000-memory.dmp

memory/4980-6301-0x00000000037F0000-0x0000000003815000-memory.dmp

memory/4980-6302-0x00000000058B0000-0x0000000005906000-memory.dmp

memory/4980-6303-0x0000000003830000-0x0000000003840000-memory.dmp

memory/4980-6304-0x0000000005EC0000-0x0000000006466000-memory.dmp

memory/4980-6305-0x0000000005970000-0x00000000059B8000-memory.dmp

memory/4980-6309-0x0000000005A90000-0x0000000005ADF000-memory.dmp

memory/4980-6308-0x0000000005A20000-0x0000000005A3C000-memory.dmp

memory/4980-6307-0x0000000005A00000-0x0000000005A12000-memory.dmp

memory/4980-6306-0x00000000059D0000-0x00000000059D8000-memory.dmp

memory/4980-6312-0x0000000005AE0000-0x0000000005AEA000-memory.dmp

memory/4980-6311-0x0000000005C40000-0x0000000005CBA000-memory.dmp

memory/4980-6310-0x0000000005B50000-0x0000000005BBC000-memory.dmp

memory/4980-6313-0x0000000006470000-0x00000000067C7000-memory.dmp

memory/4980-6315-0x0000000005B30000-0x0000000005B38000-memory.dmp

memory/4980-6316-0x00000000067D0000-0x000000000681C000-memory.dmp

memory/4980-6319-0x0000000006890000-0x00000000068CC000-memory.dmp

memory/4980-6318-0x0000000005EA0000-0x0000000005EBE000-memory.dmp

memory/4980-6321-0x0000000006A30000-0x0000000006AE2000-memory.dmp

memory/4980-6320-0x0000000006920000-0x0000000006970000-memory.dmp

memory/4980-6317-0x0000000006820000-0x0000000006842000-memory.dmp

memory/4980-6322-0x0000000006AF0000-0x0000000006B56000-memory.dmp

memory/4980-6324-0x00000000069A0000-0x00000000069C2000-memory.dmp

memory/4980-6326-0x00000000069D0000-0x00000000069EC000-memory.dmp

memory/4980-6325-0x0000000006C00000-0x0000000006C92000-memory.dmp

memory/4980-6323-0x0000000007090000-0x00000000075BC000-memory.dmp

memory/4980-6328-0x0000000006B80000-0x0000000006B92000-memory.dmp

memory/4980-6327-0x0000000007A90000-0x0000000007F5C000-memory.dmp

memory/4980-6331-0x0000000006CE0000-0x0000000006D02000-memory.dmp

memory/4980-6330-0x0000000006CA0000-0x0000000006CD2000-memory.dmp

memory/4980-6329-0x0000000006BA0000-0x0000000006BC0000-memory.dmp

memory/4980-6332-0x0000000006DE0000-0x0000000006EAE000-memory.dmp

memory/4980-6334-0x0000000006BE0000-0x0000000006BFA000-memory.dmp

memory/4980-6335-0x00000000075C0000-0x00000000076E2000-memory.dmp

memory/4980-6333-0x0000000006D60000-0x0000000006DA4000-memory.dmp

memory/4980-6336-0x0000000006FB0000-0x000000000702D000-memory.dmp

memory/4980-6337-0x0000000006D50000-0x0000000006D5A000-memory.dmp

memory/4980-6338-0x0000000007030000-0x0000000007050000-memory.dmp

memory/4980-6339-0x0000000007880000-0x0000000007A08000-memory.dmp

memory/4980-6340-0x00000000077F0000-0x000000000780A000-memory.dmp

memory/4980-6342-0x0000000007810000-0x0000000007822000-memory.dmp

memory/4980-6341-0x0000000007A10000-0x0000000007A4C000-memory.dmp

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 d8c39457548529bfa9b8b7f232d6d267
SHA1 a60495b5dd8066216d7b7b462a92b9a375c889ac
SHA256 256a8424f028f7c86942eedade2c7f393f0b90ef2c5f871e6022a885f1450915
SHA512 237da79911e82eb8f207d8cd5a00d2fd8def367c34b19972827f00bf6f0b17045ea0babe50ea90b27f1d5856644676bf3080a5590d0045a8046a08623396ec36

memory/4876-6374-0x0000000006E10000-0x0000000007167000-memory.dmp

memory/976-6404-0x0000000005EA0000-0x00000000061F7000-memory.dmp

memory/976-6406-0x00000000074A0000-0x00000000074EC000-memory.dmp

memory/1168-6452-0x00000000063C0000-0x00000000063E1000-memory.dmp

memory/1668-6560-0x0000000007E10000-0x0000000007E8D000-memory.dmp

memory/2876-6561-0x0000000008440000-0x0000000008461000-memory.dmp

memory/3908-6640-0x0000000005C70000-0x0000000005CED000-memory.dmp

C:\Config.Msi\e585fd1.rbs

MD5 30cdee7e0d192b663ace1f16d878c8ba
SHA1 1fdc68cbdbd3fa6522adee7f03eb72c1b1e3ecf0
SHA256 e89a271e42ba5e74cc31ffa0f7e2a43925892c6e5e33ef9e4f21ce7446f1585e
SHA512 2d95d7c62d7d3a351c534bdead58fe8dd061f98e569597d09039ad1074eafec3a15e47ffcbfbfb2e8f5bdc5e4916204e877e310644fedd07b29e6251d57728b3

memory/3044-7050-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e449ec26b66a84509feaa31a51163e22
SHA1 bceed7fc36e9c3ac6d279deafb5b1a13e2b35ceb
SHA256 3415d8e367d784ca181abd89e32007db2f9957e9444f4e7f01b08dc78f6a0d05
SHA512 812919810c71299f9696eb7b555cc417db4988f89a6d083f878764e013585a9dd48deb22f02294d9f53d46748bea4e54296b9caaec2879ff8e3b7512a675098f

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240426-en

Max time kernel

78s

Max time network

92s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\_Silent Install.cmd"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E1-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E1-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1010333D-5114-41CE-807B-4483785EEF84}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA2-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6DF8F41-BAF4-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6DF8F41-BAF4-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0B-10E8-11D2-9B89-00104B8D13C2}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CBDF57B-9A33-4DD4-B33A-4BD31B5E1C13}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1919819-AA5F-3A56-A45E-E96DD1AEC641}\LocalServer32\ = "C:\\Program Files\\VEGAS\\VEGAS Pro 20.0\\vegas200.exe" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{824AFE10-2098-4254-B2C3-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfresfilter_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E1-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\DLLDEV32i.dll C:\Windows\system32\msiexec.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\atracplug\atracplug_fra.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug3\mc_demux_mp4.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.EntityFrameworkCore.Design.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfhdcamsrplug\mp4encoder_dll.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\ffplugsk32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Compressor_Vocals.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Limiter\[Sys] Pop Maximizer +6dB (Transparent).efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfxavc\mc_bc_dec_avc.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Icons\_msi_keyfile_6cnk8veuvssmc4evm16ss316t C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\dbghelp.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\toc.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Acoustic Guitar.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\de\AjaVideoProperties.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\fargo.pdd.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug\mc_enc_mp2v.002 C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\so4compoundplug\SonyRawDev.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\tab_toc.htm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\System.Diagnostics.DiagnosticSource.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\[Sys] Male Rap vocal.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\19.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\he.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\hr.pak C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug\mc_mux_mxf.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.pl-PL.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Release-x64.fio2007-config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\[Sys] Fast modulation.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\41.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_V-Log.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\compoundplug\mc_mfimport.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\minus.gif C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mp3plug2\mp3plug2_esp.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfxavc\SMDK-VC140-x64-4_21_0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxhevcplug\SMDK-VC140-x64-4_21_0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\_msi_keyfile_dw332cbm3b6ue5z2b4gwxp4ut C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_esp.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Subtle movement for pad.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfp2\mxfp2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\ScriptPortal.MediaSoftware.Archive.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\wavplug\wavplug_deu.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\wavplug\wavplug.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\_msi_keyfile_kcygdzpate9gwv8xkex9z9ciq C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Joystick Profiles\Eliminator Precision Pro Joystick.ini C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Interop.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfhdcamsrplug\mp4decoder_dll.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\ScriptPortal.MediaSoftware.TextGen.CoreGraphics.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\pt-BR\ScriptPortal.Vegas.Slideshow.Resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Megaphone.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm6K_to_REC.709.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_cutout.ofx.bundle\Contents\Resources\spica_cutout.pl-PL.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\2.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\36.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcaacplug\mcaacplug.chm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Win64\ofx360Stabilizer.ofx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.pl-PL.xml C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\pt-BR\ScriptPortal.MediaSoftware.Archive.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\External Control Drivers\spconsoleopt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Rough Vocals.efx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\30454.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\30465.png C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_D-Log.cube C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Resources\MagixCVFx.es-ES.xml C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\8bda73cef6393916778c1ceb3ceb61ac\System.Data.OracleClient.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSI13EF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5057.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1250-0\BdmuxServer.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\a74b72d41141812b82335be6b43653e0\Accessibility.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\be4-0\System.Web.ApplicationServices.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e4e3f4853c40b985b57dc12443d1058\System.Windows.Forms.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\894-0\Vegmuxrt.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSI1275.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI18FF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\magnolia_sky.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\mocking_bird.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#\da3b784b4517859cfc67b775643ac0a6\System.Web.ApplicationServices.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a08-0\System.Web.RegularExpressions.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d80-0\System.ServiceProcess.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e70-0\System.ServiceModel.Internals.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxmc\68e3e508050426b6843248656521e64a\Vegmuxmc.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\574-0\System.Numerics.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxtw\e0a8a727d4cb162c7516b3b323f9f0e2\Vegmuxtw.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSI1223.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF74768958281D9C74.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DFC23C6FA2974C3597.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\Mustardo.otf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5098.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Microsoft.NET\ngenserviceclientlock.dat C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\0a857079b30735fa8e347e188eafb7d3\System.Deployment.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdh\e32d8fa2a75184a2d5ac3458fa2e1e89\Vegmuxdh.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\38c-0\Vegmuxfb.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfb\c8bc806c54b029fbeab9ad3d18fbc4d4\Vegmuxfb.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\Fonts\marguerite.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\work_in_progress.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12b0-0\System.Drawing.Design.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4ab6b86800d4391f78a1da9440138c33\System.Web.Services.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1208-0\Vegmuxdw.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdw\5d0f327942b48780d08fa802195f654f\Vegmuxdw.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File opened for modification C:\Windows\Installer\MSI1780.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1B04.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1172.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1040-0\BdmuxInterface.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ae0-0\System.EnterpriseServices.Wrapper.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\57c-0\System.Deployment.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfo\54d70009d8c550f62f9d6164c828d310\Vegmuxfo.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1068-0\System.Design.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\af3094d576bc64823a6bae121b92764a\System.Design.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\700-0\System.Runtime.Serialization.Formatters.Soap.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#\b6cc22a0294ba9df6eb9c94e885840f1\System.Drawing.Design.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\SystemTemp\~DF806E72AB9E501D2E.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1B25.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\MarkMyWordsClean.otf C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\77c-0\System.Transactions.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfa\e712e336b04c0a17d34e36a960d7c64d\Vegmuxfa.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\BdmuxInterface\f18602598146c7777ffb9be1fcf3af5a\BdmuxInterface.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ae0-0\System.EnterpriseServices.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\530-0\System.Windows.Forms.dll C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A
File created C:\Windows\SystemTemp\~DFBADB45BC3D4C9C85.TMP C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI141F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI14EC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Fonts\Julietta.otf C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI465F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cf1bb15a8adda62c0600239e31e87de1\System.Drawing.ni.dll.aux.tmp C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\700 = "0" C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0 C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\701 = "0" C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_sfa\CLSID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\ = "Pitch Shift" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins\Output\AllowedMany = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\FriendlyName = "VEGAS Track Noise Gate" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.sfa\ = "vegas200_sfa" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Output\ConnectsToPin = "Input" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\Pins\Input\IsRendered = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\ = "XpGeq Property Page" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{EE38CA88-D78E-4BFB-B05E-577892730C83} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Merit = "2097152" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedMany = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pca C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000006-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Reverb" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}\Pins\Input C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71010A7B98E22C34B8500CE3C04D6CD4\PackageCode = "2E406092BA5D40242925FA19B50D305D" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{260DF3E1-AC77-11D2-9E93-00C04F68BE44} C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\Pins\Input\Direction = "0" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2E-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedMany = "0" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Output\IsRendered = "0" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_vf\CLSID C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\ = "MCHammer Property Page" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\ = "ExpressFX Equalization" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\ = "VEGAS Track EQ" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA} C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Output C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\ = "SfGdyn Property Page" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\ = "SfSmooth Property Page" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200\shell\Open\command\ = "\"C:\\Program Files\\VEGAS\\VEGAS Pro 20.0\\vegas200.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\CLSID = "{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}" C:\Windows\System32\MsiExec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B97C0F22-196D-11D1-B99B-00A0C9053912}\FriendlyName = "VEGAS Time Stretch" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71} C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Vibrato" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Output\Types C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000008-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Dynamics" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Input C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\ = "Smooth/Enhance" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Chorus" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedZero = "0" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Output\Types C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\Merit = "2097152" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} C:\Windows\System32\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32 C:\Windows\System32\MsiExec.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4044 wrote to memory of 4976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe
PID 4044 wrote to memory of 4976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe
PID 4044 wrote to memory of 4976 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe
PID 4976 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp
PID 4976 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp
PID 4976 wrote to memory of 4624 N/A C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp
PID 4624 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\regedit.exe
PID 4624 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\regedit.exe
PID 4624 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\system32\msiexec.exe
PID 4624 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp C:\Windows\system32\msiexec.exe
PID 2004 wrote to memory of 1496 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2004 wrote to memory of 1496 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2004 wrote to memory of 1496 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2004 wrote to memory of 2824 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2004 wrote to memory of 2824 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2004 wrote to memory of 2824 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2004 wrote to memory of 3680 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 3680 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 2572 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 2572 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 2076 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 2076 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 3368 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 3368 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 712 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 712 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1460 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1988 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1988 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1576 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1576 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 3104 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 3104 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 872 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 872 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1236 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1236 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1468 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2004 wrote to memory of 1468 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2824 wrote to memory of 3564 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
PID 2824 wrote to memory of 3564 N/A C:\Windows\syswow64\MsiExec.exe C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
PID 2824 wrote to memory of 2752 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
PID 2824 wrote to memory of 2752 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
PID 2824 wrote to memory of 2752 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
PID 2752 wrote to memory of 2556 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 2556 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 2556 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4688 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4688 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4688 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4160 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4160 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4160 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 1552 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 1552 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 1552 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 2392 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 2392 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 2392 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4616 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4616 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4616 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PID 2752 wrote to memory of 4140 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\_Silent Install.cmd"

C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe

"MAGIX Vegas 20.0.411.exe" /VERYSILENT /TASKS=RUS,desktopicon

C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp

"C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp" /SL5="$600D2,304104975,64512,C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe" /VERYSILENT /TASKS=RUS,desktopicon

C:\Windows\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"

C:\Windows\system32\msiexec.exe

"msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi" /qn MX_DESKTOPSHORTCUT=1 TARGETDIR64="C:\Program Files\VEGAS\VEGAS Pro 20.0"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 09217AE15A4887D98006CFE6186AF926

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8591B5B963510DD569D43FF256787072 E Global\MSI0000

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"

C:\Windows\System32\MsiExec.exe

"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"

C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe

"C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 1085

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 20c -Pipe 1b4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2e8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 300 -Pipe 2ec -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 310 -Pipe 314 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 318 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 300 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 31c -Pipe 338 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 340 -Pipe 22c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 310 -Pipe 2c4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 334 -Pipe 2e0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 328 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 324 -Pipe 30c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 330 -Pipe 31c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 340 -Pipe 334 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 310 -Pipe 340 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 0 -NGENProcess 354 -Pipe 34c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 354 -Pipe 364 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 304 -Pipe 36c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 388 -Pipe 370 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 388 -Pipe 384 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 348 -Pipe 33c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 378 -Pipe 398 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 39c -Pipe 3a8 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 378 -Pipe 350 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3b8 -Pipe 3b4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 3c8 -Pipe 394 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 390 -Pipe 3dc -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 3c8 -Pipe 3b0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 390 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3e8 -Pipe 3d0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3fc -Pipe 3e0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3ac -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3fc -InterruptEvent 0 -NGENProcess 3bc -Pipe 3f0 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3cc -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 3c8 -Pipe 3ec -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 39c -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3bc -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 368 -Pipe 380 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 374 -Pipe 368 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 330 -Pipe 2e4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 360 -Pipe 2c4 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 32c -Pipe 344 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 3f4 -Pipe 360 -Comment "NGen Worker Process"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue

C:\Windows\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\ru.reg"

C:\Windows\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4976-0-0x0000000000400000-0x0000000000417000-memory.dmp

memory/4976-2-0x0000000000401000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp

MD5 3cf000f76aebe1287fbce80803691eef
SHA1 1abfd84af565006ab0eb5048c62827db64ba6d20
SHA256 2ec46149ff09b8028c0892b98c25eeb839052fae520b8692e1edbe3e1e90e555
SHA512 0aa4a80a550e1319ac49298fc9fe792b078d37d0099e2a4033d4022da44e49c4b641d07eb3cd8bfbfd9badbcf1975c3c494f790dd7151125f79a76b1ae62c6ef

memory/4624-11-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4624-17-0x0000000006A30000-0x0000000006A46000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\ISTask.dll

MD5 86a1311d51c00b278cb7f27796ea442e
SHA1 ac08ac9d08f8f5380e2a9a65f4117862aa861a19
SHA256 e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d
SHA512 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VclStylesInno.dll

MD5 b0ca93ceb050a2feff0b19e65072bbb5
SHA1 7ebbbbe2d2acd8fd516f824338d254a33b69f08d
SHA256 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246
SHA512 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

memory/4624-23-0x0000000006C50000-0x0000000006F6A000-memory.dmp

memory/4624-28-0x00000000070D0000-0x00000000070D1000-memory.dmp

memory/4624-32-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-34-0x00000000070F0000-0x00000000070F1000-memory.dmp

memory/4624-33-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-31-0x00000000070E0000-0x00000000070E1000-memory.dmp

memory/4624-30-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-29-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-27-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-26-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-25-0x00000000070C0000-0x00000000070C1000-memory.dmp

memory/4624-36-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-45-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-48-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-84-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-83-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-82-0x00000000071F0000-0x00000000071F1000-memory.dmp

memory/4624-81-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-80-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-79-0x00000000071E0000-0x00000000071E1000-memory.dmp

memory/4624-78-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-77-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-76-0x00000000071D0000-0x00000000071D1000-memory.dmp

memory/4624-75-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-74-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-73-0x00000000071C0000-0x00000000071C1000-memory.dmp

memory/4624-72-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-71-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-70-0x00000000071B0000-0x00000000071B1000-memory.dmp

memory/4624-69-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-68-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-67-0x00000000071A0000-0x00000000071A1000-memory.dmp

memory/4624-66-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-65-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-64-0x0000000007190000-0x0000000007191000-memory.dmp

memory/4624-63-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-62-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-61-0x0000000007180000-0x0000000007181000-memory.dmp

memory/4624-60-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-59-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-58-0x0000000007170000-0x0000000007171000-memory.dmp

memory/4624-57-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-56-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-53-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-52-0x0000000007150000-0x0000000007151000-memory.dmp

memory/4624-51-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-50-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-49-0x0000000007140000-0x0000000007141000-memory.dmp

memory/4624-47-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-46-0x0000000007130000-0x0000000007131000-memory.dmp

memory/4624-55-0x0000000007160000-0x0000000007161000-memory.dmp

memory/4624-54-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-43-0x0000000007120000-0x0000000007121000-memory.dmp

memory/4624-42-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-41-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-40-0x0000000007110000-0x0000000007111000-memory.dmp

memory/4624-39-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-38-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-37-0x0000000007100000-0x0000000007101000-memory.dmp

memory/4624-44-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-35-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/4624-87-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4624-88-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4624-89-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\!!msiTarget64\Protein\is-MCJFU.tmp

MD5 0c1e88ce1761b3b91a12325c4b5cd7e1
SHA1 c1cde89c8c8624e3ee80eda4bddf914ed23a71a7
SHA256 164b291826b0f96044546db925332c677245ec1035b9f53808c2d1af5f999f62
SHA512 c5aa87f78f5981002aa16a100e3a8ca37837610eb476ae5e30b87a80c722c48a4140e246375fc5c74176cb96ad634675b2c051f88e7738b7914586525bd3869c

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-BJJQA.tmp

MD5 b28fb870f7ac1fc58835cd538f0b3827
SHA1 6535d439db0938e9ca0779e07c6751a111c00183
SHA256 a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef
SHA512 88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-BA6V2.tmp

MD5 0f1fb541827cc6bcc3dbb777c00ca3ed
SHA1 18e68b072c1f24eadb0fe10353ca2725eb1e6869
SHA256 7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a
SHA512 d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-Q3S6Q.tmp

MD5 d403b68f94df24047f1f5c06ceb438ff
SHA1 fd41dd09cab1c9b522826715876fc050d3b444ae
SHA256 48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421
SHA512 45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-K7MQF.tmp

MD5 24bacd15fc74bb26c48bc6d5b8ce4c98
SHA1 d1f1366025fd2bf0dd5d0a0b3508bc352e77a940
SHA256 c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f
SHA512 fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\Language\is-QSQGQ.tmp

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\is-6HIK2.tmp

MD5 d5c1877b824a8a99dd911891695e3352
SHA1 5942c1c6a6fec16014aa59c3620be1d344a2ea13
SHA256 0313f51c713f2fd18ff3c008e80cb36a55e30c9b8655c54b02c08be7da319c0c
SHA512 39c4d6ca223b39cc9a015005b2a042fa8dbcddf91ba31f435f597319640724754596c0eb0becb9ac51b2efbc0b7ff2be23e8b5ac123beeab77c6502d99175edb

memory/4624-2366-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4624-2365-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4624-2540-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4624-2569-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/4624-2626-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\readme\is-ULESP.tmp

MD5 ebaeda4e1c37e4064c13690311301566
SHA1 c2d298a754e2199b1a4ff8310bd6192478764b83
SHA256 cc1bd4c738f3bbe40164cee012cb5498cb5e6ed1ab66d1a782d5101e608ea9bf
SHA512 ffdaa0cb0250066a2a9fc46e7b3c11c635c2a14ee36f43f001e5dfcdeae4e2641dcfc8c2810bafa64d01e601e9f923e68f5d2e610a8aee65222f14dd2cddc660

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vegas_deu.chm

MD5 ad71246de2a860f980b7298519510c21
SHA1 420d54a1b88039d4f554f2e567b27c5377df53e6
SHA256 65cae474ca7fbd4cb3f49f6cc2a871fcd97be3f67c995af83be35ed5c60ef9ed
SHA512 1ec0e10c4113f859f628905838d6622cdd963973d208e85d5135dc35bb2b48274ad4129329fc4fdd56254f89ca4119e63c6be4c576838da12f3e8d0d479681b4

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_deu.chm

MD5 9d0f926ca5d507617b2c9980940a4ec1
SHA1 19d57c14156482f0b9d4b9ac6e756dc3a2260821
SHA256 59be8d099b496c1f8784ef6fdb05bae981ea12d93c1e92f48cf96afbd55c73e0
SHA512 848e460ff2d573e92355e41f2630dd25f6c910bef2b850f49097e7bd156500a4196f004f3f9961d281fe295903c24b5e58f6ee85d354aa93548263d1dc6ade2e

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_deu.chm

MD5 28189fe033f82b794cd4c787949b295b
SHA1 3bc70c77da4be191b1f9f29086d6bbeac93eaa27
SHA256 20700008e101f12f468052230f1cfc0f0312b61b81e9a2e309e8965f3b51117a
SHA512 4e0be27a4d152ada6a51521c975236f3108f23e5c2f5c40a248e71dab6cdd986fd4d6a354f07d721457634edc49427274b74141581cc72120244e201af96d77b

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm

MD5 d96c5c1d2791f5b740b5b742239cc14d
SHA1 f0cd9075d983fe059c39a46ec7c8255a34acf362
SHA256 203d202642e917d6175c28e684d0df0bb6b94fd5644af99571f2becb19d19096
SHA512 6d4f9d312ebab1c19bf35725d8775e4545a1de81f57c979e635617854eb63116565c96c7fc7c8da25f3e393ddbb8aa30e89d31466be9c1a170ca0d8ab7c0e71c

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64_deu.chm

MD5 e4306c3bad1148bd3917fcda912254e7
SHA1 09be8be0f26da548b8528c6fe50933d504e5bec4
SHA256 7c9c1e154e6eca6d90f5809440fcb64e3c845257db806954ddcbaf1f247ac99a
SHA512 6d8dfa3d1533bdc78743c7072c40d201d0a9b5c9dd75fcca6d86ec90a7a91dafa2d2018a11c32c8780579c4d18f2ae9e7956a42cc6ca912916dd3115b4eff4b9

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64_deu.chm

MD5 7449d3c7a273366788882e044d736755
SHA1 46cd34f8abe3a12521b314fd8082bc01bff56bf6
SHA256 2c09932992c928c400ab8bbc96f9bc031558f4f8db0f01a69c6f0327a172cae7
SHA512 c3ce978606d6fe56b90767898b8a5af462ebd5cf1c63d73bbb5f4b0ade6f2e043c72a061eb4d16c722f5e2bb4688aa266e42c9b4b06b392fd3275edd40db99b5

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64_deu.chm

MD5 05ec141b5d879f94a1fc4fb63dab7c90
SHA1 cd376464d523dbd969e1d459861de8b8b059d3ba
SHA256 686e522a6d0503cee89b31f28e6ce6d3b1af734b32f3be46d9b394535be1e9cc
SHA512 d3af9421171df4185ee5badc269d80943c1455b33d4223970128ae4841b51ce393084dadaede5f19b8aff89c91bd109e1e7a83b8dbed624970a1831b03b30355

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sftrkfx1_x64_deu.chm

MD5 1f28955e3548fd0d125366ff897f4486
SHA1 2ce2e126216bab27a87f13ba0c3196dd3e69b40e
SHA256 2a2c5d5324f1838fd204206c513b72c36afaa3a7ac81bd1ef53cf6bde90227b7
SHA512 69129f9ae19b2a0c55aeb9871aea074f30dae0c1ac931484e7a9975345b1942720d30a33443ed82200a2e2721cd1da96a751d7f086e66b841be37741deb2153a

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_deu.chm

MD5 bdead6dd7d517b6551d6949273fafb38
SHA1 d388b3f6440454c7ab39c9f0aefc4420005b035f
SHA256 bdf4dc7b2d3416f157a0ff16161e4db34e37b9bf9f3936eb442ca4ae9536d782
SHA512 a01b9fd3099eeac05dc36e0768bb9439736076448621d1117d74090321f01a78ea50e25e442b59185872b1f1a4bd1e39036fc1d70b10cc1685ab690dddf5ae9b

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64_deu.chm

MD5 b6c8248c7ead44d8f29f9e45654266c7
SHA1 0451c6a06b6fe85067775e1f17f8f1e03a2de79e
SHA256 7fca06a0d9f9b38e5dfc1536f7e9be5ab60573857d90d51cb817b0fd3bdfdb57
SHA512 ef19e040ec8b9ae3cc4944122492b75cdcff41a801fdb988cedda3ef8b20a57a3e99ef83c042dd51bea5b3249125978d549476493a0a6ddc613f66ff9f5c91da

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx1_x64_deu.chm

MD5 ced225cf1ddc86d43d722fe3f43395cf
SHA1 af1c71b436d2f555092b8e95b48fe9d280f77b77
SHA256 7172285a843dfea02861a0ceb37df09420fe63c7cd57d7b4c78a510dc5e781e1
SHA512 0598400db2feb94fd4aa97d336eb7aeb1c2fd868c4a0b53d943ae84d122138a676da5a2bc9693c90ffdaa9dee5802a26474eedc18db3ffec1ccc5769bf6d0cf3

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx3_x64_deu.chm

MD5 38d74b2342a9750ddc419162a3b4bf8a
SHA1 b59125ad03290f87e8e1dc8fdbcd02ca3cc15a09
SHA256 55c48b9e003aa26c618db119af868bdfd958a5f55553d06d3f19ed5483622059
SHA512 9c98b02b2088a9ee15b891db56e2cf43ed6e12ac9464ae16528195e36c14b516c9c2ff8637f5e3f3feac400783625d2e88e8e0dcf41f49ff08514771efc10382

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm

MD5 05fba5470961d350729077f24f2e226c
SHA1 8199bf209bf6923d4185fb960ef8624b3d8a22a6
SHA256 8706882eb4f2d42a63da17daddea5a5a7186ee4b4292f4489624ca30d61d8662
SHA512 d7b7dc117922df0447577cba07d762fdd88a1b6f6cdac93169304e7724399ef5afcb49d2e888bc0b073099fb672397ba4a28162871e501b8290aa11e57fa01bf

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx_deu.chm

MD5 02a37529c636b810f022d92ea9280403
SHA1 02a1ce65fed7436bd7b28edb4ea55425107c5d12
SHA256 52846b9e45a1bf9b1d301ae04c6c9fcec31ca6f90c73af10138087efc49b387e
SHA512 2e0e46120b972aa1927ad58fa79e4f3c2cd170781c671fdd7e3e81020395359c1b1c78442dd0dce655fd0eba40b9cc394ae91338189d81effe9f7b9c3e2f22b8

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\xpvinyl_x64_deu.chm

MD5 9ff814b3438a27e4b9922cd6a456c841
SHA1 9093622fa91ab1329a7e97485356e1462a7f1021
SHA256 d1c5d986e115c180373673668f2cf341070d0e7b9c02549c439370fd8436952c
SHA512 ca383b963455572ce920266591c71a6eb0baae3fd301a8b7877767baf890bad9c15b09e692cd0a06e9edb6ac62ea580d02549c38b09a8455ccc70d2cf6dac421

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi

MD5 3984e2c94a919c262e1b6809ce845138
SHA1 c6a38b5350db206a1da37ff194e5d103865d5b8a
SHA256 a3c36305c3af58816ace57688a84bc3ee8096e4e78ead8b428335023e0df3c3c
SHA512 47dfe2808fa1715d30c4444a40c2f4eb9cb37f97043238af92389aadcfeda44730785d0f88fd60acb836785542a12e29b7289ae986df08ea951457ffa46369bd

C:\Windows\Installer\MSI1085.tmp

MD5 cac46674c136dcfa1007c4474f74709c
SHA1 0e57991728954ece3258ac10c68722ab277291a8
SHA256 e6c3090f601c83088bc7c481e8384b487f2e0a9a5fa0ceadac890224401416f9
SHA512 ea54e2190e3c6019bf832aec09508520c54c3b5ca146dc7925c0a412cfcc291d328005e1922ac8f5f686a82061b48d81ab56174cc3fae3ef5813724a601068ed

C:\Windows\Installer\MSI1172.tmp

MD5 205796434c869552ef4dd52df0137a71
SHA1 3f38351609a85a4409be780b7186eb207082f703
SHA256 3853de73a45b0f653d93de3c9884bf244fba54fdb715d54db5fb04f9ffecbf0f
SHA512 5eb324d9996841476ea1826cb09fc232562056a7345bbcb8937a1674a549a64d0616dac19d5e2293f473a7d2dcf19ff96c80bd8628aecf6ec9a1d9a810927133

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.dll

MD5 36fc6c3385657831860504e811f71b53
SHA1 4022a504ff83a298c5ee8a3d18e56ebf992bd48a
SHA256 3fd04618f5ea9f59b6aaf1447602f0672b2ab76b10e2a9e613408b41931968a0
SHA512 673b228ceb40f311c7f0e63dae9c149a5c7434215ea5aa6ec0bf61304b2ca62f5d36422723b1ae5a3c8def0608db2b0edc9d233f47394863239d3f3c95b8d147

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.chm

MD5 2f72e2d18df0d6863de2b728aa943baa
SHA1 7fea25a58c85f4d67ba473eb0c565d532054d82b
SHA256 067c563c9557e097490bb3c5980a95115d9f6f6064086e2472fde89ad45f157a
SHA512 96cae7073c666beef8d03a920d2454e1925b655ed53e44939de4862fdce01c2f0ec935b2ed6c54dbb53029d836fa581e0fa100b4356dd233431b2a9b1b737751

C:\Windows\Installer\MSI154D.tmp

MD5 33b1ab9ee145562cbb7ca93fc5f464c2
SHA1 1431d7c0dda4728211e74581952574ed3b30ef28
SHA256 919d4075d01032a88b5dbd46e0c1ed2c1c6fe695404668e72656fda1ad80b22e
SHA512 11662b918d88a77c1e7ed666ac4c161ae3f5c9cde9b378e3d29f66d95f34df92d3fc8e2f6f3e8774a98eabc612dc61188705f6c38e65beb015f40a958a4d832a

C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3_10.udat

MD5 e34227582523dd5d6450d2a48e742d79
SHA1 0e7ad3795405d5eb2122fde5f0fc66ce74e1c855
SHA256 883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932
SHA512 cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\36.css

MD5 afa7ee18ebf29250e6c1d58d117b0a8f
SHA1 82848e876d0559e24d95cdc27f4d81a20f96acd1
SHA256 ba77806fa2c2ffe1f2c896b4340eb169fe0cd0f7ad0706e1b4d6cfe8dfbc03f6
SHA512 054d13d69d68f8c3af0b9eed577d325877bc987699b29f622534f216a07c66f081edf16e6aa2c01635a0b9236191033abc7a904633fa918eefde87cb6baa61af

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plugrw.dll

MD5 9a4bf31ef98aedbc301820fcb0f1a608
SHA1 8e3e4608f75be5f1cac1ffd0e3955e8f957b2533
SHA256 5053d52ea00511502ba832ba3b9b63f2b79dbc3fdbf0f9d0c2f7f741733992ec
SHA512 280504089de783df7d8661e55e043353d714af799afb1f750047e5fb85c4dbfb3c201f4eb18787ba38f404e4f623fba0cd9e7091800424ec8ce47b3d04cb9313

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\lrepacks.dll

MD5 4f1a14e49b00be544481d943b0bcaa38
SHA1 a9649dc849df5b6713373606b3112ef729daad6c
SHA256 35ffd0cf34d46680fbe425df26df450f82cbf61784a05f4c3394981abd3cd6d0
SHA512 63ef42cf81060aadc6d04e3d4e6dbb810ab53780238f2592eb1b050acf81b0efe12dfe9cfdb46c747f6b3e20a751b0d6e1124e138396ce72a6a888e61610f885

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3studioplug\ac3studioencoder.dll

MD5 839e72f3aee74b047362ec6ba5fe3567
SHA1 57781a9d357928ac0675fe628669f4deca6b6947
SHA256 3834071314deb9b95f13e6ad606c2606d6cd123cf7ccbc536a09e46652484c7a
SHA512 6de454e366e7b8861adaeb104281c44a62489d3032af9f1128fe40bc3ccf53cc1f42352e1d86de090e5ecd7da3b1866b0b1c456438caa56f7eb8065c6b5baeda

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.zip

MD5 76cdb2bad9582d23c1f6f4d868218d6c
SHA1 b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA256 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA512 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_SetupRes.mxres

MD5 35b41455060bf1766890ad4d31a49835
SHA1 813ed4d2949c616a0d649dc35295cfa0018caba5
SHA256 bf3377ed0f7eca679631cfc3abd9a8509a27be0e2f5d039cf484a13237e2070e
SHA512 4285f09fb7eec72efcbd290d18495b436b0435dc7a83f4dff90a09c7dcf964350a14b9d6ba77855be8eca1982dc78d7fa642fa65e6981e484903c05ced5f2f03

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_SetupInfo.ini

MD5 d01419d02c71e590338368fdb1ded4b0
SHA1 533f5c9147b51a2a74342dfea2f952bde0c0559f
SHA256 fc12395775b26f77a44ecc5fac596eff8ff32a1fcbfe225fd2b1544ad8165347
SHA512 b6fd693805019553ac8c1a6d4537a5378a16814ff09ab3fff4d5a748bb9a8c022a7c001fec56b1ec37a2e6e9ee93b36c0cea348334b5af84cdea885b31440397

C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup.exe

MD5 04fb89ed372c0ae2c7fc694f8e78674d
SHA1 04eb033741e32ed3c73237fc4ebbe3fa40e8d1f8
SHA256 cfc902083b8d343a34d99059064dcf9e67add5295257662351adf8d4118ebe83
SHA512 569dbc07a6cc6ee398f2791ce8c739935e9e2b7ead5d1119c5b0ba052f9275c04fc68c07c610cf6fa817151a6a5a526227af142c8e65baaeb051e907734c75f8

C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_rec2020.spi1d

MD5 67f295e9f8be3d15aa161031f3761b7c
SHA1 89fc2e9845ed297e16c05823b655520755a234fc
SHA256 4aa8c8265b737c5dd8604408899ff7ee9f70780f8b0d49ead183b48699a19b5d
SHA512 2dd2f2da4559a9f3e4f6363f5b96d3d94655026985f051889bb05fd6628d0051dc06632fff322e9057db9e2c71281d29ba1ee5a2ccab46813db26c558a7db3c6

C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\HTML_ASSETS\release-banner.jpg

MD5 6d5dc46f9bb6ca3b4991954c6ef4117c
SHA1 20a06a4ac4b1732ec0e676c507fc4a2860bea698
SHA256 2519a81c7d217824efe2c734c940d6a29e752df20e134b64b777a1506f306d79
SHA512 2abfb6431f3d42a785baff5dcf60b9798f0d9627ae47788cc31970a5c6c046412e47bd332d7b42b6e6bc5074eb22e17938a68921c1beb48a10c0d1365e01368d

C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS Pro 20 -- ShuttlePRO.pref

MD5 252498dbc17973a2bcfd3f79aaf58bf7
SHA1 8fb11e85d99e4e853beed0298ca5515ba4b14b60
SHA256 6f2c945852e035c98d2aa9c8fda43b7074a17f0de994dbcd99f3bea24aa86949
SHA512 4b0b50d9130895226a78d88efa04a47b06583976028c9ff71b0743fdb84ddb971f77fc0e0816fb485b240cabddbee3a0e83d44043040f12f6e3e7922b799de3f

C:\Windows\Fonts\mark_my_words.otf

MD5 7c63423376c2f45b7d76537c933a95cc
SHA1 58561511026f8761d1a90a6bee79d4a152b420f0
SHA256 57c478c62fb66a6dcc1281e1f92f741fedeb2e60ad42b4a06825336f1f3506eb
SHA512 e15d075df3574bd7fc9191506cb113ed17767d1a50cc918ea1d7c75b22c5165a7b5ad33ddb453c5c7d4efa6ad182f90f2a1a1857c614acbbada34202e6c79a81

C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe

MD5 3093432fefad3a1be4d0a0c48ef02ea0
SHA1 e36afc3c8482a79a4d42b7cb57e788e0887ced4f
SHA256 fadcb8266b1802690cd34126996fcd0afd8ed7748d7b45f01e12cfd0ca71e6b9
SHA512 5e83261a19ac1a9e84db4bf5de84e55c1c8d8a8ec6a05687e0797f36473359b9a919de3e2cfb6c68631f998fbcf2d2469097aecf01f8361c5d3579b81834189b

C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

MD5 c6558a2f2a726a99417ade99e900f958
SHA1 7847dcfdc349fffbfcf0dcd59b5998b235bae57a
SHA256 73a04a2dd7254acc7e8a2539f7f02970fef2778a5526094faa02f9d385cc8d08
SHA512 4e069170aca2a0ee9bdd3417b8c7f0635fe0a93235ea646a392c692b3dba678ca38e608f0726f082d5c251c377cd152b7977ce2516a6c30d6f78ed9e02023d77

C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

MD5 23cb523b29b01b264127f906933c1514
SHA1 eb619c3cd448af1a182eb8cdb3e5127e0a527ef7
SHA256 1dfa17bcf3fb7a22e3dc58f11b08bc69c78cb8ab4466c6822ae3b03391f9fae0
SHA512 3cafe70c26d8331d7ee93aad436a1885cf71100ece7b1b452d289e1d583e00451a26d3b04303483615bcf6a43172d7596099b9ebf18a3a1223901304f8d627be

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_en_US.cfg

MD5 1700b4b9e4cad89420c63e5d987726ab
SHA1 5db4aa25d0f0c3f8813d77391c5556e9a2a415fc
SHA256 2e19767c12bb501fbf1cfdf49ceb7ab25ab5cbeb5a38642f98d486e726e9c2ec
SHA512 8305ab3e0b074412afca99747e543504417b2cca209aaca45a87a52e3f5b6d7d170cf05db913259a7437f356a47c87c17f8132d514473d99932b58d6480567a1

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg

MD5 eef1e709e225fdfd1a4c247ef0e0a684
SHA1 955e1ed9b66eba8d30d327b0453636f431069e43
SHA256 90e01328f9525a72b7638e228873c437cd8cbb3bd8d1e237218db9c9e362a33d
SHA512 cd8ec0b57e61a746436ea9827d0fbc25b1a4048162f4aeeab103b4746a95e1dea843564bbe257eeac18273172a04b0bcbf0f973047cee320dfd4ae9599b07ca8

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_es_ES.cfg

MD5 9760865cc60798a9bfc1e27b8782c45a
SHA1 24d10d70ac93e687cffd563a06f27f68c7caea55
SHA256 7b06ea074897081ff1a51a29448e8463ceb943270478a14405aa88f7479c8bef
SHA512 f858d683e89f43ea0bd2858fd0f2ba06f27e77266dd5ddac08250b9904b988cbb7ef40bd6aa52c528bfb510505fa4bedecc4ee01f8ad72c90b16ebb0d7986731

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg

MD5 900e140eb7091c26d4b1b555c6e362b5
SHA1 5214bc2833bdf53fe2a103c49773cef292e5ae48
SHA256 bb1c2ff46403c7d4c82304fa827e5fc401a98fac0d33d865974b676876597c57
SHA512 8dc147f20c48dff28553bfed6e08fc0ed2ad10579239a6fb0639c61d4014b03e33c152a13b229dd9c53284a59bdb87403ab5ad32d4d151a71e80e186c9fe220b

C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_pt_BR.cfg

MD5 22a39896ae01ede8b6ab0e5d7190fd69
SHA1 d684a31d2d6f306bcc98c46c62771e0ea923322b
SHA256 1b0e7702d21614267fd3b754ff88ac9e28ab2f39c2a7a1acb8dcab8383b05f4d
SHA512 394d1d67faaa37b0d4c84fb405bb92d4ef483cc06e5cd40e41ff87cb917896f9b0397af2aa8ac89752c85d07761ba4f1f3f3848e898a621beeeab8555230d228

memory/2556-6295-0x0000000003C70000-0x0000000003C78000-memory.dmp

memory/2556-6296-0x0000000003C80000-0x0000000003C88000-memory.dmp

memory/2556-6297-0x0000000003C90000-0x0000000003CB5000-memory.dmp

memory/2556-6298-0x0000000005E70000-0x0000000005EC6000-memory.dmp

memory/2556-6299-0x0000000003CD0000-0x0000000003CE0000-memory.dmp

memory/2556-6300-0x0000000006480000-0x0000000006A26000-memory.dmp

memory/2556-6301-0x0000000005F20000-0x0000000005F68000-memory.dmp

memory/2556-6305-0x0000000006030000-0x000000000607F000-memory.dmp

memory/2556-6308-0x0000000006080000-0x000000000608A000-memory.dmp

memory/2556-6307-0x00000000061E0000-0x000000000625A000-memory.dmp

memory/2556-6306-0x00000000060F0000-0x000000000615C000-memory.dmp

memory/2556-6304-0x0000000005FC0000-0x0000000005FDC000-memory.dmp

memory/2556-6309-0x0000000006A30000-0x0000000006D87000-memory.dmp

memory/2556-6303-0x0000000005FA0000-0x0000000005FB2000-memory.dmp

memory/2556-6302-0x0000000005F70000-0x0000000005F78000-memory.dmp

memory/2556-6311-0x00000000060D0000-0x00000000060D8000-memory.dmp

memory/2556-6312-0x0000000006420000-0x000000000646C000-memory.dmp

memory/2556-6314-0x0000000006DF0000-0x0000000006E0E000-memory.dmp

memory/2556-6315-0x0000000006E50000-0x0000000006E8C000-memory.dmp

memory/2556-6316-0x0000000006EE0000-0x0000000006F30000-memory.dmp

memory/2556-6317-0x0000000006FF0000-0x00000000070A2000-memory.dmp

memory/2556-6318-0x00000000070B0000-0x0000000007116000-memory.dmp

memory/2556-6313-0x0000000006DC0000-0x0000000006DE2000-memory.dmp

memory/2556-6319-0x0000000007650000-0x0000000007B7C000-memory.dmp

memory/2556-6322-0x0000000006F60000-0x0000000006F7C000-memory.dmp

memory/2556-6321-0x00000000071C0000-0x0000000007252000-memory.dmp

memory/2556-6323-0x0000000008050000-0x000000000851C000-memory.dmp

memory/2556-6324-0x0000000006FD0000-0x0000000006FE2000-memory.dmp

memory/2556-6326-0x0000000007180000-0x00000000071B2000-memory.dmp

memory/2556-6328-0x0000000007360000-0x000000000742E000-memory.dmp

memory/2556-6330-0x0000000007290000-0x00000000072AA000-memory.dmp

memory/2556-6331-0x0000000007B80000-0x0000000007CA2000-memory.dmp

memory/2556-6335-0x0000000007E40000-0x0000000007FC8000-memory.dmp

memory/2556-6336-0x0000000007610000-0x000000000762A000-memory.dmp

memory/2556-6338-0x0000000007630000-0x0000000007642000-memory.dmp

memory/2556-6337-0x0000000007CF0000-0x0000000007D2C000-memory.dmp

memory/2556-6334-0x0000000007330000-0x0000000007350000-memory.dmp

memory/2556-6333-0x00000000072B0000-0x00000000072BA000-memory.dmp

memory/2556-6332-0x0000000007570000-0x00000000075ED000-memory.dmp

memory/2556-6329-0x00000000072E0000-0x0000000007324000-memory.dmp

memory/2556-6327-0x0000000007260000-0x0000000007282000-memory.dmp

memory/2556-6325-0x0000000007120000-0x0000000007140000-memory.dmp

memory/2556-6320-0x0000000006F30000-0x0000000006F52000-memory.dmp

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

MD5 a683ced06002f839eee1c1a5fc38acb3
SHA1 3f57f12b4528a365f374be4e1656d225a26836e3
SHA256 3234194f7c31820554ae45802efcb44554b550ce4e69e5d879c7894ce68ee943
SHA512 2f15c00f522fba846ef4639e8c7e5a5bc7d202f7bcc1b85f67ec40ae89f6e052d5f55cc00871cf60968fcbc6c3262cf49b61683681a62cfe8608a51f78709360

memory/2392-6371-0x0000000006040000-0x0000000006397000-memory.dmp

memory/1140-6402-0x0000000005C60000-0x0000000005FB7000-memory.dmp

memory/1140-6403-0x0000000007230000-0x000000000727C000-memory.dmp

memory/1916-6449-0x0000000006DD0000-0x0000000006DF1000-memory.dmp

memory/4200-6557-0x0000000007250000-0x00000000072CD000-memory.dmp

memory/4472-6558-0x0000000008800000-0x0000000008821000-memory.dmp

memory/3376-6635-0x0000000002E80000-0x0000000002EFD000-memory.dmp

C:\Config.Msi\e580f9e.rbs

MD5 a2ed9b79b71d4c0a8cb805dbc6aed228
SHA1 4577c24be5b4ffbb5ec4ec3279f50cfff1402ef2
SHA256 eab453992cbb219443d9a81cdcd4de6ab8369f21fbd0add9dc31dbf0862aeb97
SHA512 d41e810985b331e09954ec6a8b8794b6a9359afc50168310621c042e41484e7eaa491465dd8ce0c7c06a7782e85ff7bc49791549ec531544106955951070210f

memory/4624-7048-0x0000000000400000-0x00000000004F7000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240508-en

Max time kernel

105s

Max time network

124s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\DE.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\DE.reg"

Network

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240426-en

Max time kernel

145s

Max time network

154s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\FR.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\FR.reg"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240508-en

Max time kernel

109s

Max time network

127s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\PL.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\PL.reg"

Network

Country Destination Domain Proto
US 52.111.227.14:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:16

Platform

win11-20240508-en

Max time kernel

106s

Max time network

127s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\PT.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\PT.reg"

Network

Country Destination Domain Proto
IE 52.111.236.21:443 tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240426-en

Max time kernel

129s

Max time network

99s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\Ключ ЧИТАТЬ ПЕРЕД УСТАНОВКОЙ!.txt"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5052 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 5052 wrote to memory of 4844 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\Ключ ЧИТАТЬ ПЕРЕД УСТАНОВКОЙ!.txt"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\Ключ ЧИТАТЬ ПЕРЕД УСТАНОВКОЙ!.txt

Network

Country Destination Domain Proto
NL 52.111.243.31:443 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 15:10

Reported

2024-06-11 15:17

Platform

win11-20240426-en

Max time kernel

146s

Max time network

157s

Command Line

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\CN.reg"

Signatures

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Processes

C:\Windows\regedit.exe

regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\CN.reg"

Network

Files

N/A