Analysis Overview
SHA256
e513658df9b96c8a30dfa822752035830d1e77fe643dc6ca41650b3120f440d3
Threat Level: Shows suspicious behavior
The file MAGIX.Vegas.20.0.411.rar was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Registers COM server for autorun
Executes dropped EXE
Enumerates connected drives
Drops file in System32 directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Runs .reg file with regedit
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Opens file in notepad (likely ransom note)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 15:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240426-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\EN.reg"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240419-en
Max time kernel
122s
Max time network
142s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\JA.reg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240508-en
Max time kernel
137s
Max time network
156s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\KO.reg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240508-en
Max time kernel
138s
Max time network
156s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\RU.reg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240426-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\SP.reg"
Network
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240426-en
Max time kernel
146s
Max time network
155s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
| N/A | N/A | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{413A0975-168F-46C8-AE58-88E8D4D36AFD}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F24-196D-11D1-B99B-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65A0ED34-90A1-46F6-99B7-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224541-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA1-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\xpvinyl_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA1-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1919819-AA5F-3A56-A45E-E96DD1AEC641}\LocalServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\DLLDEV32i.dll | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_esp.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\ffmpeg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\ProjectInterchange.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\RegModule_x64\mxmpeg2_x64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\opencv_core460.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\sfldsim.ldd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_cutout.ofx.bundle\Contents\Resources\spica_cutout.fr-FR.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\System.Buffers.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Synth Bass Compression.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm6K_to_REC.709.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\contents2.gif | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\CredentialManagement.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_48_nits_Shaper.RRT.Rec.709.spi3d | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.fr-FR.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Resources\TitlesAndText.fr-FR.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\VegasOfxRotation.pt-BR.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\AjaVideoProperties.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\colorgradingwindow.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\eFX_TubeStage.htm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\2fca99749fdb49aeb121a5b63ef568f7\plugin.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\_msi_keyfile_ixgm1x634e7u2mw2nsqodvrcc | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\DeEsser\Default.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Phaser\Default.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_1000_nits_Shaper_to_linear.spi1d | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\sfsbdmux.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Tube Console Master Bus.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Presets\PresetPackage.de-DE.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\TransitionWPFLibrary.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\[Sys] Female Up-Front.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] SlapBack.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\flacplug\flacplug_fra.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixAiFx.ofx.bundle\Contents\Resources\MagixAiFx.es-ES.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcmp4xavcs\mc_cpu\mc_enc_avc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.Web.WebView2.Wpf.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Presets\PresetPackage.pt-BR.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxhevcplug\SonyRawDev.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3plug.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\Default.efx | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\_msi_keyfile_dw332cbm3b6ue5z2b4gwxp4ut | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_esp.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\DetailedRenderLibrary.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces\luts\adx_adx10_to_cdd.spimtx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.Extensions.Logging.Abstractions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Resources\Stabilize.es-ES.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Aggressive Bassdrum.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\44.css | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Snare Cleanup.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\fr.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_48_nits_Shaper.RRT.sRGB__D60_sim._.spi3d | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.CognitiveServices.Speech.extension.kws.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3plugrw.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\[Sys] Fast modulation.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixAiFx.ofx.bundle\Contents\Resources\MagixAiFx.de-DE.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.pl-PL.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\es\ScriptPortal.MediaSoftware.Archive.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\V-Log_to_REC.709.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\WebView2Loader.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Compressor_Acoustic_Guitar.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Resources\Filters.ko-KR.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx.chm | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1118-0\System.Security.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\13c4-0\System.Numerics.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI60F8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI61A5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\marguerite.otf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8898.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e585fd2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\650-0\System.Data.SqlXml.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\950-0\System.Windows.Forms.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\Grand_Aventure_Shadow.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\hotel_de_paris_Xe.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\45c6202a7ea96c52643221352c836c4b\SMDiagnostics.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\a0cdcec9e91c643473569865e49a8857\Microsoft.VisualC.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1094-0\Vegmuxfa.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI61F5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI690D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\Gloss_And_Bloom.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\work_in_progress.otf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI93C7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdh\e32d8fa2a75184a2d5ac3458fa2e1e89\Vegmuxdh.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ec0-0\Accessibility.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI65DE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6E56.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\LaGuapita.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\rose_of_baltimore.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\SilverCharmDuo.otf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI93FB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFC586C3A0CC4AB4CF.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6354.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6366.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\Wasted.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\9f0-0\System.Runtime.Serialization.Formatters.Soap.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\994-0\System.Configuration.Install.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\10ec-0\Vegmuxfc.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Installer\e585fce.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI64ED.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI650D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\MarkMyWordsClean.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\7c4-0\BdmuxServer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\6c4-0\mux.net.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\Fonts\beyond_the_mountains.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\mark_my_words.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\the_breakdown.otf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8887.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\c4b8b8fd8fb0bfdcc45bd23336395c65\System.Runtime.Remoting.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\6dbe1f10baaa1b605d747b4359036e1c\System.ServiceModel.Internals.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\{B7A01017-2E89-43C2-8B05-C03E0CD4C64D}\ProgramIcon.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI91E1.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI67C3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6A87.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\bakery.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\mocking_bird.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\Thinking_of_Betty_Light.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.82d5542b#\9576fa690680ac6742feeedf37f7019d\System.Web.RegularExpressions.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4ab6b86800d4391f78a1da9440138c33\System.Web.Services.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Fonts\base05.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\3db036b964974b08b3fba860d798e263\System.DirectoryServices.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1190-0\System.ServiceProcess.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC55C.tmp | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\701 = "0" | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\700 = "0" | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0 | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\Merit = "2097152" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\FriendlyName = "VEGAS Track Compressor" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\ = "SfGeq Property Page3" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input\Direction = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{B97C0F22-196D-11D1-B99B-00A0C9053912}\ = "VEGAS Time Stretch" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Output | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\ = "Multi-Band Dynamics" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Output\IsRendered = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\Pins\Output | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\ = "SfFlange Property Page" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CBDF57B-9A33-4DD4-B33A-4BD31B5E1C13} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000004-0F56-11D2-9887-00A0C969725B} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\Pins\Input\ConnectsToPin = "Output" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200\shell\Open | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\03F048F3672C0654F8D505532D221039\71010A7B98E22C34B8500CE3C04D6CD4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5FF5B4A1-858F-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\Pins\Output | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Input\Direction = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000000-0F56-11D2-9887-00A0C969725B} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Output | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\Merit = "2097152" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedMany = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedZero = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Input | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_sfa\ = "SFA File" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedMany = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\Pins\Output\Direction = "1" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000001-0F56-11D2-9887-00A0C969725B} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Input\ConnectsToPin = "Output" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Merit = "2097152" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Merit = "2097152" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\Pins\Input\Direction = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71010A7B98E22C34B8500CE3C04D6CD4\PackageCode = "2E406092BA5D40242925FA19B50D305D" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedMany = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000001-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Delay" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Input\Types | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000000-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000 | C:\Windows\System32\MsiExec.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe
"C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe"
C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp
"C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp" /SL5="$80058,304104975,64512,C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe"
C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
C:\Windows\system32\msiexec.exe
"msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi" /qn MX_DESKTOPSHORTCUT=0 TARGETDIR64="C:\Program Files\VEGAS\VEGAS Pro 20.0"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding FCD0142501B5309517ABF27882CDE757
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 54EEFC12066D2D1A1DC8F426A44AC7A7 E Global\MSI0000
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
"C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 1085
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 204 -Pipe 210 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 22c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 2ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2c4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 314 -Pipe 2d4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 338 -Pipe 334 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 328 -Pipe 340 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 348 -Pipe 314 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 360 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 34c -InterruptEvent 0 -NGENProcess 35c -Pipe 348 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 31c -Pipe 328 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 318 -Pipe 32c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 31c -Pipe 34c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 308 -Pipe 320 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 214 -Pipe 358 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 35c -Pipe 2e4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 338 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 30c -Pipe 308 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 344 -Pipe 31c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 354 -Pipe 310 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 214 -Pipe 2b0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 324 -Pipe 318 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 374 -Pipe 2f8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 380 -Pipe 3a8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 390 -Pipe 388 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 368 -Pipe 350 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 324 -Pipe 364 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 384 -Pipe 38c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 30c -Pipe 3a4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 394 -Pipe 378 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 374 -Pipe 3c0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 30c -Pipe 3b0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 324 -Pipe 380 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 33c -Pipe 2e8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 344 -Pipe 37c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 374 -Pipe 324 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 384 -Pipe 33c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 374 -Pipe 344 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 3ac -Pipe 2e0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 3b8 -Pipe 2f0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 214 -Pipe 35c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 390 -Pipe 354 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 368 -Pipe 36c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\ru.reg"
C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| GB | 95.101.143.202:443 | tcp | |
| US | 52.182.143.211:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 88.221.83.218:443 | r.bing.com | tcp |
| BE | 88.221.83.218:443 | r.bing.com | tcp |
| BE | 88.221.83.218:443 | r.bing.com | tcp |
| BE | 88.221.83.218:443 | r.bing.com | tcp |
| BE | 88.221.83.218:443 | r.bing.com | tcp |
| BE | 88.221.83.218:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
Files
memory/3836-0-0x0000000000400000-0x0000000000417000-memory.dmp
memory/3836-2-0x0000000000401000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-S3A56.tmp\MAGIX Vegas 20.0.411.tmp
| MD5 | 3cf000f76aebe1287fbce80803691eef |
| SHA1 | 1abfd84af565006ab0eb5048c62827db64ba6d20 |
| SHA256 | 2ec46149ff09b8028c0892b98c25eeb839052fae520b8692e1edbe3e1e90e555 |
| SHA512 | 0aa4a80a550e1319ac49298fc9fe792b078d37d0099e2a4033d4022da44e49c4b641d07eb3cd8bfbfd9badbcf1975c3c494f790dd7151125f79a76b1ae62c6ef |
memory/3044-11-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-17-0x0000000006A20000-0x0000000006A36000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\ISTask.dll
| MD5 | 86a1311d51c00b278cb7f27796ea442e |
| SHA1 | ac08ac9d08f8f5380e2a9a65f4117862aa861a19 |
| SHA256 | e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d |
| SHA512 | 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VclStylesInno.dll
| MD5 | b0ca93ceb050a2feff0b19e65072bbb5 |
| SHA1 | 7ebbbbe2d2acd8fd516f824338d254a33b69f08d |
| SHA256 | 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246 |
| SHA512 | 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2 |
memory/3044-23-0x0000000006C50000-0x0000000006F6A000-memory.dmp
memory/3044-26-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-36-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-83-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-82-0x00000000071F0000-0x00000000071F1000-memory.dmp
memory/3044-75-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-60-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-84-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-81-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-80-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-79-0x00000000071E0000-0x00000000071E1000-memory.dmp
memory/3044-78-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-77-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-76-0x00000000071D0000-0x00000000071D1000-memory.dmp
memory/3044-73-0x00000000071C0000-0x00000000071C1000-memory.dmp
memory/3044-72-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-71-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-64-0x0000000007190000-0x0000000007191000-memory.dmp
memory/3044-63-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-59-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-58-0x0000000007170000-0x0000000007171000-memory.dmp
memory/3044-57-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-56-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-55-0x0000000007160000-0x0000000007161000-memory.dmp
memory/3044-54-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-53-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-52-0x0000000007150000-0x0000000007151000-memory.dmp
memory/3044-51-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-50-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-49-0x0000000007140000-0x0000000007141000-memory.dmp
memory/3044-48-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-47-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-43-0x0000000007120000-0x0000000007121000-memory.dmp
memory/3044-42-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-41-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-40-0x0000000007110000-0x0000000007111000-memory.dmp
memory/3044-37-0x0000000007100000-0x0000000007101000-memory.dmp
memory/3044-74-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-69-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-70-0x00000000071B0000-0x00000000071B1000-memory.dmp
memory/3044-68-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-34-0x00000000070F0000-0x00000000070F1000-memory.dmp
memory/3044-33-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-67-0x00000000071A0000-0x00000000071A1000-memory.dmp
memory/3044-66-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-65-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-62-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-61-0x0000000007180000-0x0000000007181000-memory.dmp
memory/3044-46-0x0000000007130000-0x0000000007131000-memory.dmp
memory/3044-45-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-44-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-39-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-38-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-35-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-32-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-31-0x00000000070E0000-0x00000000070E1000-memory.dmp
memory/3044-30-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-29-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-28-0x00000000070D0000-0x00000000070D1000-memory.dmp
memory/3044-27-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/3044-25-0x00000000070C0000-0x00000000070C1000-memory.dmp
memory/3044-87-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-88-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-89-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-96-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-101-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-102-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-103-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/3044-352-0x0000000000400000-0x00000000004F7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\!!msiTarget64\Protein\is-9SO2J.tmp
| MD5 | 0c1e88ce1761b3b91a12325c4b5cd7e1 |
| SHA1 | c1cde89c8c8624e3ee80eda4bddf914ed23a71a7 |
| SHA256 | 164b291826b0f96044546db925332c677245ec1035b9f53808c2d1af5f999f62 |
| SHA512 | c5aa87f78f5981002aa16a100e3a8ca37837610eb476ae5e30b87a80c722c48a4140e246375fc5c74176cb96ad634675b2c051f88e7738b7914586525bd3869c |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-VFEC4.tmp
| MD5 | 0f1fb541827cc6bcc3dbb777c00ca3ed |
| SHA1 | 18e68b072c1f24eadb0fe10353ca2725eb1e6869 |
| SHA256 | 7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a |
| SHA512 | d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-CNC9B.tmp
| MD5 | b28fb870f7ac1fc58835cd538f0b3827 |
| SHA1 | 6535d439db0938e9ca0779e07c6751a111c00183 |
| SHA256 | a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef |
| SHA512 | 88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-ACFMK.tmp
| MD5 | d403b68f94df24047f1f5c06ceb438ff |
| SHA1 | fd41dd09cab1c9b522826715876fc050d3b444ae |
| SHA256 | 48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421 |
| SHA512 | 45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-4SE19.tmp
| MD5 | 24bacd15fc74bb26c48bc6d5b8ce4c98 |
| SHA1 | d1f1366025fd2bf0dd5d0a0b3508bc352e77a940 |
| SHA256 | c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f |
| SHA512 | fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\Language\is-II5TT.tmp
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\is-P95PL.tmp
| MD5 | d5c1877b824a8a99dd911891695e3352 |
| SHA1 | 5942c1c6a6fec16014aa59c3620be1d344a2ea13 |
| SHA256 | 0313f51c713f2fd18ff3c008e80cb36a55e30c9b8655c54b02c08be7da319c0c |
| SHA512 | 39c4d6ca223b39cc9a015005b2a042fa8dbcddf91ba31f435f597319640724754596c0eb0becb9ac51b2efbc0b7ff2be23e8b5ac123beeab77c6502d99175edb |
memory/3044-2627-0x0000000000400000-0x00000000004F7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\readme\is-9KCVF.tmp
| MD5 | ebaeda4e1c37e4064c13690311301566 |
| SHA1 | c2d298a754e2199b1a4ff8310bd6192478764b83 |
| SHA256 | cc1bd4c738f3bbe40164cee012cb5498cb5e6ed1ab66d1a782d5101e608ea9bf |
| SHA512 | ffdaa0cb0250066a2a9fc46e7b3c11c635c2a14ee36f43f001e5dfcdeae4e2641dcfc8c2810bafa64d01e601e9f923e68f5d2e610a8aee65222f14dd2cddc660 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vegas_deu.chm
| MD5 | ad71246de2a860f980b7298519510c21 |
| SHA1 | 420d54a1b88039d4f554f2e567b27c5377df53e6 |
| SHA256 | 65cae474ca7fbd4cb3f49f6cc2a871fcd97be3f67c995af83be35ed5c60ef9ed |
| SHA512 | 1ec0e10c4113f859f628905838d6622cdd963973d208e85d5135dc35bb2b48274ad4129329fc4fdd56254f89ca4119e63c6be4c576838da12f3e8d0d479681b4 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_deu.chm
| MD5 | 9d0f926ca5d507617b2c9980940a4ec1 |
| SHA1 | 19d57c14156482f0b9d4b9ac6e756dc3a2260821 |
| SHA256 | 59be8d099b496c1f8784ef6fdb05bae981ea12d93c1e92f48cf96afbd55c73e0 |
| SHA512 | 848e460ff2d573e92355e41f2630dd25f6c910bef2b850f49097e7bd156500a4196f004f3f9961d281fe295903c24b5e58f6ee85d354aa93548263d1dc6ade2e |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_deu.chm
| MD5 | 28189fe033f82b794cd4c787949b295b |
| SHA1 | 3bc70c77da4be191b1f9f29086d6bbeac93eaa27 |
| SHA256 | 20700008e101f12f468052230f1cfc0f0312b61b81e9a2e309e8965f3b51117a |
| SHA512 | 4e0be27a4d152ada6a51521c975236f3108f23e5c2f5c40a248e71dab6cdd986fd4d6a354f07d721457634edc49427274b74141581cc72120244e201af96d77b |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64_deu.chm
| MD5 | 7449d3c7a273366788882e044d736755 |
| SHA1 | 46cd34f8abe3a12521b314fd8082bc01bff56bf6 |
| SHA256 | 2c09932992c928c400ab8bbc96f9bc031558f4f8db0f01a69c6f0327a172cae7 |
| SHA512 | c3ce978606d6fe56b90767898b8a5af462ebd5cf1c63d73bbb5f4b0ade6f2e043c72a061eb4d16c722f5e2bb4688aa266e42c9b4b06b392fd3275edd40db99b5 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64_deu.chm
| MD5 | e4306c3bad1148bd3917fcda912254e7 |
| SHA1 | 09be8be0f26da548b8528c6fe50933d504e5bec4 |
| SHA256 | 7c9c1e154e6eca6d90f5809440fcb64e3c845257db806954ddcbaf1f247ac99a |
| SHA512 | 6d8dfa3d1533bdc78743c7072c40d201d0a9b5c9dd75fcca6d86ec90a7a91dafa2d2018a11c32c8780579c4d18f2ae9e7956a42cc6ca912916dd3115b4eff4b9 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64_deu.chm
| MD5 | 05ec141b5d879f94a1fc4fb63dab7c90 |
| SHA1 | cd376464d523dbd969e1d459861de8b8b059d3ba |
| SHA256 | 686e522a6d0503cee89b31f28e6ce6d3b1af734b32f3be46d9b394535be1e9cc |
| SHA512 | d3af9421171df4185ee5badc269d80943c1455b33d4223970128ae4841b51ce393084dadaede5f19b8aff89c91bd109e1e7a83b8dbed624970a1831b03b30355 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm
| MD5 | d96c5c1d2791f5b740b5b742239cc14d |
| SHA1 | f0cd9075d983fe059c39a46ec7c8255a34acf362 |
| SHA256 | 203d202642e917d6175c28e684d0df0bb6b94fd5644af99571f2becb19d19096 |
| SHA512 | 6d4f9d312ebab1c19bf35725d8775e4545a1de81f57c979e635617854eb63116565c96c7fc7c8da25f3e393ddbb8aa30e89d31466be9c1a170ca0d8ab7c0e71c |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_deu.chm
| MD5 | bdead6dd7d517b6551d6949273fafb38 |
| SHA1 | d388b3f6440454c7ab39c9f0aefc4420005b035f |
| SHA256 | bdf4dc7b2d3416f157a0ff16161e4db34e37b9bf9f3936eb442ca4ae9536d782 |
| SHA512 | a01b9fd3099eeac05dc36e0768bb9439736076448621d1117d74090321f01a78ea50e25e442b59185872b1f1a4bd1e39036fc1d70b10cc1685ab690dddf5ae9b |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sftrkfx1_x64_deu.chm
| MD5 | 1f28955e3548fd0d125366ff897f4486 |
| SHA1 | 2ce2e126216bab27a87f13ba0c3196dd3e69b40e |
| SHA256 | 2a2c5d5324f1838fd204206c513b72c36afaa3a7ac81bd1ef53cf6bde90227b7 |
| SHA512 | 69129f9ae19b2a0c55aeb9871aea074f30dae0c1ac931484e7a9975345b1942720d30a33443ed82200a2e2721cd1da96a751d7f086e66b841be37741deb2153a |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx1_x64_deu.chm
| MD5 | ced225cf1ddc86d43d722fe3f43395cf |
| SHA1 | af1c71b436d2f555092b8e95b48fe9d280f77b77 |
| SHA256 | 7172285a843dfea02861a0ceb37df09420fe63c7cd57d7b4c78a510dc5e781e1 |
| SHA512 | 0598400db2feb94fd4aa97d336eb7aeb1c2fd868c4a0b53d943ae84d122138a676da5a2bc9693c90ffdaa9dee5802a26474eedc18db3ffec1ccc5769bf6d0cf3 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm
| MD5 | 05fba5470961d350729077f24f2e226c |
| SHA1 | 8199bf209bf6923d4185fb960ef8624b3d8a22a6 |
| SHA256 | 8706882eb4f2d42a63da17daddea5a5a7186ee4b4292f4489624ca30d61d8662 |
| SHA512 | d7b7dc117922df0447577cba07d762fdd88a1b6f6cdac93169304e7724399ef5afcb49d2e888bc0b073099fb672397ba4a28162871e501b8290aa11e57fa01bf |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx3_x64_deu.chm
| MD5 | 38d74b2342a9750ddc419162a3b4bf8a |
| SHA1 | b59125ad03290f87e8e1dc8fdbcd02ca3cc15a09 |
| SHA256 | 55c48b9e003aa26c618db119af868bdfd958a5f55553d06d3f19ed5483622059 |
| SHA512 | 9c98b02b2088a9ee15b891db56e2cf43ed6e12ac9464ae16528195e36c14b516c9c2ff8637f5e3f3feac400783625d2e88e8e0dcf41f49ff08514771efc10382 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64_deu.chm
| MD5 | b6c8248c7ead44d8f29f9e45654266c7 |
| SHA1 | 0451c6a06b6fe85067775e1f17f8f1e03a2de79e |
| SHA256 | 7fca06a0d9f9b38e5dfc1536f7e9be5ab60573857d90d51cb817b0fd3bdfdb57 |
| SHA512 | ef19e040ec8b9ae3cc4944122492b75cdcff41a801fdb988cedda3ef8b20a57a3e99ef83c042dd51bea5b3249125978d549476493a0a6ddc613f66ff9f5c91da |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx_deu.chm
| MD5 | 02a37529c636b810f022d92ea9280403 |
| SHA1 | 02a1ce65fed7436bd7b28edb4ea55425107c5d12 |
| SHA256 | 52846b9e45a1bf9b1d301ae04c6c9fcec31ca6f90c73af10138087efc49b387e |
| SHA512 | 2e0e46120b972aa1927ad58fa79e4f3c2cd170781c671fdd7e3e81020395359c1b1c78442dd0dce655fd0eba40b9cc394ae91338189d81effe9f7b9c3e2f22b8 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\xpvinyl_x64_deu.chm
| MD5 | 9ff814b3438a27e4b9922cd6a456c841 |
| SHA1 | 9093622fa91ab1329a7e97485356e1462a7f1021 |
| SHA256 | d1c5d986e115c180373673668f2cf341070d0e7b9c02549c439370fd8436952c |
| SHA512 | ca383b963455572ce920266591c71a6eb0baae3fd301a8b7877767baf890bad9c15b09e692cd0a06e9edb6ac62ea580d02549c38b09a8455ccc70d2cf6dac421 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi
| MD5 | 3984e2c94a919c262e1b6809ce845138 |
| SHA1 | c6a38b5350db206a1da37ff194e5d103865d5b8a |
| SHA256 | a3c36305c3af58816ace57688a84bc3ee8096e4e78ead8b428335023e0df3c3c |
| SHA512 | 47dfe2808fa1715d30c4444a40c2f4eb9cb37f97043238af92389aadcfeda44730785d0f88fd60acb836785542a12e29b7289ae986df08ea951457ffa46369bd |
C:\Windows\Installer\MSI607A.tmp
| MD5 | cac46674c136dcfa1007c4474f74709c |
| SHA1 | 0e57991728954ece3258ac10c68722ab277291a8 |
| SHA256 | e6c3090f601c83088bc7c481e8384b487f2e0a9a5fa0ceadac890224401416f9 |
| SHA512 | ea54e2190e3c6019bf832aec09508520c54c3b5ca146dc7925c0a412cfcc291d328005e1922ac8f5f686a82061b48d81ab56174cc3fae3ef5813724a601068ed |
C:\Windows\Installer\MSI61A5.tmp
| MD5 | 205796434c869552ef4dd52df0137a71 |
| SHA1 | 3f38351609a85a4409be780b7186eb207082f703 |
| SHA256 | 3853de73a45b0f653d93de3c9884bf244fba54fdb715d54db5fb04f9ffecbf0f |
| SHA512 | 5eb324d9996841476ea1826cb09fc232562056a7345bbcb8937a1674a549a64d0616dac19d5e2293f473a7d2dcf19ff96c80bd8628aecf6ec9a1d9a810927133 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3_10.udat
| MD5 | e34227582523dd5d6450d2a48e742d79 |
| SHA1 | 0e7ad3795405d5eb2122fde5f0fc66ce74e1c855 |
| SHA256 | 883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932 |
| SHA512 | cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.chm
| MD5 | 2f72e2d18df0d6863de2b728aa943baa |
| SHA1 | 7fea25a58c85f4d67ba473eb0c565d532054d82b |
| SHA256 | 067c563c9557e097490bb3c5980a95115d9f6f6064086e2472fde89ad45f157a |
| SHA512 | 96cae7073c666beef8d03a920d2454e1925b655ed53e44939de4862fdce01c2f0ec935b2ed6c54dbb53029d836fa581e0fa100b4356dd233431b2a9b1b737751 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.dll
| MD5 | 36fc6c3385657831860504e811f71b53 |
| SHA1 | 4022a504ff83a298c5ee8a3d18e56ebf992bd48a |
| SHA256 | 3fd04618f5ea9f59b6aaf1447602f0672b2ab76b10e2a9e613408b41931968a0 |
| SHA512 | 673b228ceb40f311c7f0e63dae9c149a5c7434215ea5aa6ec0bf61304b2ca62f5d36422723b1ae5a3c8def0608db2b0edc9d233f47394863239d3f3c95b8d147 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plugrw.dll
| MD5 | 9a4bf31ef98aedbc301820fcb0f1a608 |
| SHA1 | 8e3e4608f75be5f1cac1ffd0e3955e8f957b2533 |
| SHA256 | 5053d52ea00511502ba832ba3b9b63f2b79dbc3fdbf0f9d0c2f7f741733992ec |
| SHA512 | 280504089de783df7d8661e55e043353d714af799afb1f750047e5fb85c4dbfb3c201f4eb18787ba38f404e4f623fba0cd9e7091800424ec8ce47b3d04cb9313 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\lrepacks.dll
| MD5 | 4f1a14e49b00be544481d943b0bcaa38 |
| SHA1 | a9649dc849df5b6713373606b3112ef729daad6c |
| SHA256 | 35ffd0cf34d46680fbe425df26df450f82cbf61784a05f4c3394981abd3cd6d0 |
| SHA512 | 63ef42cf81060aadc6d04e3d4e6dbb810ab53780238f2592eb1b050acf81b0efe12dfe9cfdb46c747f6b3e20a751b0d6e1124e138396ce72a6a888e61610f885 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3studioplug\ac3studioencoder.dll
| MD5 | 839e72f3aee74b047362ec6ba5fe3567 |
| SHA1 | 57781a9d357928ac0675fe628669f4deca6b6947 |
| SHA256 | 3834071314deb9b95f13e6ad606c2606d6cd123cf7ccbc536a09e46652484c7a |
| SHA512 | 6de454e366e7b8861adaeb104281c44a62489d3032af9f1128fe40bc3ccf53cc1f42352e1d86de090e5ecd7da3b1866b0b1c456438caa56f7eb8065c6b5baeda |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.zip
| MD5 | 76cdb2bad9582d23c1f6f4d868218d6c |
| SHA1 | b04f3ee8f5e43fa3b162981b50bb72fe1acabb33 |
| SHA256 | 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85 |
| SHA512 | 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_SetupRes.mxres
| MD5 | 35b41455060bf1766890ad4d31a49835 |
| SHA1 | 813ed4d2949c616a0d649dc35295cfa0018caba5 |
| SHA256 | bf3377ed0f7eca679631cfc3abd9a8509a27be0e2f5d039cf484a13237e2070e |
| SHA512 | 4285f09fb7eec72efcbd290d18495b436b0435dc7a83f4dff90a09c7dcf964350a14b9d6ba77855be8eca1982dc78d7fa642fa65e6981e484903c05ced5f2f03 |
C:\Windows\Installer\MSI65DE.tmp
| MD5 | 33b1ab9ee145562cbb7ca93fc5f464c2 |
| SHA1 | 1431d7c0dda4728211e74581952574ed3b30ef28 |
| SHA256 | 919d4075d01032a88b5dbd46e0c1ed2c1c6fe695404668e72656fda1ad80b22e |
| SHA512 | 11662b918d88a77c1e7ed666ac4c161ae3f5c9cde9b378e3d29f66d95f34df92d3fc8e2f6f3e8774a98eabc612dc61188705f6c38e65beb015f40a958a4d832a |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_SetupInfo.ini
| MD5 | d01419d02c71e590338368fdb1ded4b0 |
| SHA1 | 533f5c9147b51a2a74342dfea2f952bde0c0559f |
| SHA256 | fc12395775b26f77a44ecc5fac596eff8ff32a1fcbfe225fd2b1544ad8165347 |
| SHA512 | b6fd693805019553ac8c1a6d4537a5378a16814ff09ab3fff4d5a748bb9a8c022a7c001fec56b1ec37a2e6e9ee93b36c0cea348334b5af84cdea885b31440397 |
C:\Users\Admin\AppData\Local\Temp\is-NJLS3.tmp\VEGAS20\VEGAS_Pro_20_setup.exe
| MD5 | 04fb89ed372c0ae2c7fc694f8e78674d |
| SHA1 | 04eb033741e32ed3c73237fc4ebbe3fa40e8d1f8 |
| SHA256 | cfc902083b8d343a34d99059064dcf9e67add5295257662351adf8d4118ebe83 |
| SHA512 | 569dbc07a6cc6ee398f2791ce8c739935e9e2b7ead5d1119c5b0ba052f9275c04fc68c07c610cf6fa817151a6a5a526227af142c8e65baaeb051e907734c75f8 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\36.css
| MD5 | afa7ee18ebf29250e6c1d58d117b0a8f |
| SHA1 | 82848e876d0559e24d95cdc27f4d81a20f96acd1 |
| SHA256 | ba77806fa2c2ffe1f2c896b4340eb169fe0cd0f7ad0706e1b4d6cfe8dfbc03f6 |
| SHA512 | 054d13d69d68f8c3af0b9eed577d325877bc987699b29f622534f216a07c66f081edf16e6aa2c01635a0b9236191033abc7a904633fa918eefde87cb6baa61af |
C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_rec2020.spi1d
| MD5 | 67f295e9f8be3d15aa161031f3761b7c |
| SHA1 | 89fc2e9845ed297e16c05823b655520755a234fc |
| SHA256 | 4aa8c8265b737c5dd8604408899ff7ee9f70780f8b0d49ead183b48699a19b5d |
| SHA512 | 2dd2f2da4559a9f3e4f6363f5b96d3d94655026985f051889bb05fd6628d0051dc06632fff322e9057db9e2c71281d29ba1ee5a2ccab46813db26c558a7db3c6 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\HTML_ASSETS\release-banner.jpg
| MD5 | 6d5dc46f9bb6ca3b4991954c6ef4117c |
| SHA1 | 20a06a4ac4b1732ec0e676c507fc4a2860bea698 |
| SHA256 | 2519a81c7d217824efe2c734c940d6a29e752df20e134b64b777a1506f306d79 |
| SHA512 | 2abfb6431f3d42a785baff5dcf60b9798f0d9627ae47788cc31970a5c6c046412e47bd332d7b42b6e6bc5074eb22e17938a68921c1beb48a10c0d1365e01368d |
C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS Pro 20 -- ShuttlePRO.pref
| MD5 | 252498dbc17973a2bcfd3f79aaf58bf7 |
| SHA1 | 8fb11e85d99e4e853beed0298ca5515ba4b14b60 |
| SHA256 | 6f2c945852e035c98d2aa9c8fda43b7074a17f0de994dbcd99f3bea24aa86949 |
| SHA512 | 4b0b50d9130895226a78d88efa04a47b06583976028c9ff71b0743fdb84ddb971f77fc0e0816fb485b240cabddbee3a0e83d44043040f12f6e3e7922b799de3f |
C:\Windows\Fonts\mark_my_words.otf
| MD5 | 7c63423376c2f45b7d76537c933a95cc |
| SHA1 | 58561511026f8761d1a90a6bee79d4a152b420f0 |
| SHA256 | 57c478c62fb66a6dcc1281e1f92f741fedeb2e60ad42b4a06825336f1f3506eb |
| SHA512 | e15d075df3574bd7fc9191506cb113ed17767d1a50cc918ea1d7c75b22c5165a7b5ad33ddb453c5c7d4efa6ad182f90f2a1a1857c614acbbada34202e6c79a81 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
| MD5 | 3093432fefad3a1be4d0a0c48ef02ea0 |
| SHA1 | e36afc3c8482a79a4d42b7cb57e788e0887ced4f |
| SHA256 | fadcb8266b1802690cd34126996fcd0afd8ed7748d7b45f01e12cfd0ca71e6b9 |
| SHA512 | 5e83261a19ac1a9e84db4bf5de84e55c1c8d8a8ec6a05687e0797f36473359b9a919de3e2cfb6c68631f998fbcf2d2469097aecf01f8361c5d3579b81834189b |
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg
| MD5 | f4cc542f9b6ebaa24890661a9dc37c6a |
| SHA1 | f21def37e5f7b4d117716c6c489874d4705d375c |
| SHA256 | aae114be68cd90398ad3b45f328ef7ed8ad5a309c096ad70e9eda1c75ab28f31 |
| SHA512 | 1ccff8ef3c23513556d36f25035b648e1bc700238e1687d7131b3374b4a8355bde0cf351131695c8bebd5387ea9eb5a9490ac4b8d7a890c70a8dbd9e3ae48a75 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg
| MD5 | faa1fd9d5a3c6342d723bb0484de65ed |
| SHA1 | 74ad3d54cfaf2fed73d801c0dda028305b553d63 |
| SHA256 | 12bd0459ff92ba7c94fdc73c003e5eee5f87d55df4769ff2d94ba887a41690a9 |
| SHA512 | 590d8932df2e7005855c560a53e2f481ff0ad446550f19a477792c2631a9e1b2c656147341ae56c36ef66f9bd4276e2089870e6ea6ba263d9bc6c732258c28ba |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_en_US.cfg
| MD5 | e2a69354fff2be1810bf0d2c5da73c40 |
| SHA1 | 6eb935713030ee9068b89157caebc2e21a6b73d2 |
| SHA256 | 0d4718fccee44b16a4d8bf3d369e7d4d99844df5904191829d56a304d2996ce6 |
| SHA512 | 0bee0bc5079f7486e0e1cd0dd963404621a01bcfeb26b4d4004e64c615519b3df8125807e90c0da75af12bfba401b25c1279381dc7466f50620931db4ce120bb |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg
| MD5 | eef1e709e225fdfd1a4c247ef0e0a684 |
| SHA1 | 955e1ed9b66eba8d30d327b0453636f431069e43 |
| SHA256 | 90e01328f9525a72b7638e228873c437cd8cbb3bd8d1e237218db9c9e362a33d |
| SHA512 | cd8ec0b57e61a746436ea9827d0fbc25b1a4048162f4aeeab103b4746a95e1dea843564bbe257eeac18273172a04b0bcbf0f973047cee320dfd4ae9599b07ca8 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_es_ES.cfg
| MD5 | 9760865cc60798a9bfc1e27b8782c45a |
| SHA1 | 24d10d70ac93e687cffd563a06f27f68c7caea55 |
| SHA256 | 7b06ea074897081ff1a51a29448e8463ceb943270478a14405aa88f7479c8bef |
| SHA512 | f858d683e89f43ea0bd2858fd0f2ba06f27e77266dd5ddac08250b9904b988cbb7ef40bd6aa52c528bfb510505fa4bedecc4ee01f8ad72c90b16ebb0d7986731 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg
| MD5 | 900e140eb7091c26d4b1b555c6e362b5 |
| SHA1 | 5214bc2833bdf53fe2a103c49773cef292e5ae48 |
| SHA256 | bb1c2ff46403c7d4c82304fa827e5fc401a98fac0d33d865974b676876597c57 |
| SHA512 | 8dc147f20c48dff28553bfed6e08fc0ed2ad10579239a6fb0639c61d4014b03e33c152a13b229dd9c53284a59bdb87403ab5ad32d4d151a71e80e186c9fe220b |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_pt_BR.cfg
| MD5 | 22a39896ae01ede8b6ab0e5d7190fd69 |
| SHA1 | d684a31d2d6f306bcc98c46c62771e0ea923322b |
| SHA256 | 1b0e7702d21614267fd3b754ff88ac9e28ab2f39c2a7a1acb8dcab8383b05f4d |
| SHA512 | 394d1d67faaa37b0d4c84fb405bb92d4ef483cc06e5cd40e41ff87cb917896f9b0397af2aa8ac89752c85d07761ba4f1f3f3848e898a621beeeab8555230d228 |
memory/4980-6299-0x00000000037D0000-0x00000000037D8000-memory.dmp
memory/4980-6300-0x00000000037E0000-0x00000000037E8000-memory.dmp
memory/4980-6301-0x00000000037F0000-0x0000000003815000-memory.dmp
memory/4980-6302-0x00000000058B0000-0x0000000005906000-memory.dmp
memory/4980-6303-0x0000000003830000-0x0000000003840000-memory.dmp
memory/4980-6304-0x0000000005EC0000-0x0000000006466000-memory.dmp
memory/4980-6305-0x0000000005970000-0x00000000059B8000-memory.dmp
memory/4980-6309-0x0000000005A90000-0x0000000005ADF000-memory.dmp
memory/4980-6308-0x0000000005A20000-0x0000000005A3C000-memory.dmp
memory/4980-6307-0x0000000005A00000-0x0000000005A12000-memory.dmp
memory/4980-6306-0x00000000059D0000-0x00000000059D8000-memory.dmp
memory/4980-6312-0x0000000005AE0000-0x0000000005AEA000-memory.dmp
memory/4980-6311-0x0000000005C40000-0x0000000005CBA000-memory.dmp
memory/4980-6310-0x0000000005B50000-0x0000000005BBC000-memory.dmp
memory/4980-6313-0x0000000006470000-0x00000000067C7000-memory.dmp
memory/4980-6315-0x0000000005B30000-0x0000000005B38000-memory.dmp
memory/4980-6316-0x00000000067D0000-0x000000000681C000-memory.dmp
memory/4980-6319-0x0000000006890000-0x00000000068CC000-memory.dmp
memory/4980-6318-0x0000000005EA0000-0x0000000005EBE000-memory.dmp
memory/4980-6321-0x0000000006A30000-0x0000000006AE2000-memory.dmp
memory/4980-6320-0x0000000006920000-0x0000000006970000-memory.dmp
memory/4980-6317-0x0000000006820000-0x0000000006842000-memory.dmp
memory/4980-6322-0x0000000006AF0000-0x0000000006B56000-memory.dmp
memory/4980-6324-0x00000000069A0000-0x00000000069C2000-memory.dmp
memory/4980-6326-0x00000000069D0000-0x00000000069EC000-memory.dmp
memory/4980-6325-0x0000000006C00000-0x0000000006C92000-memory.dmp
memory/4980-6323-0x0000000007090000-0x00000000075BC000-memory.dmp
memory/4980-6328-0x0000000006B80000-0x0000000006B92000-memory.dmp
memory/4980-6327-0x0000000007A90000-0x0000000007F5C000-memory.dmp
memory/4980-6331-0x0000000006CE0000-0x0000000006D02000-memory.dmp
memory/4980-6330-0x0000000006CA0000-0x0000000006CD2000-memory.dmp
memory/4980-6329-0x0000000006BA0000-0x0000000006BC0000-memory.dmp
memory/4980-6332-0x0000000006DE0000-0x0000000006EAE000-memory.dmp
memory/4980-6334-0x0000000006BE0000-0x0000000006BFA000-memory.dmp
memory/4980-6335-0x00000000075C0000-0x00000000076E2000-memory.dmp
memory/4980-6333-0x0000000006D60000-0x0000000006DA4000-memory.dmp
memory/4980-6336-0x0000000006FB0000-0x000000000702D000-memory.dmp
memory/4980-6337-0x0000000006D50000-0x0000000006D5A000-memory.dmp
memory/4980-6338-0x0000000007030000-0x0000000007050000-memory.dmp
memory/4980-6339-0x0000000007880000-0x0000000007A08000-memory.dmp
memory/4980-6340-0x00000000077F0000-0x000000000780A000-memory.dmp
memory/4980-6342-0x0000000007810000-0x0000000007822000-memory.dmp
memory/4980-6341-0x0000000007A10000-0x0000000007A4C000-memory.dmp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log
| MD5 | d8c39457548529bfa9b8b7f232d6d267 |
| SHA1 | a60495b5dd8066216d7b7b462a92b9a375c889ac |
| SHA256 | 256a8424f028f7c86942eedade2c7f393f0b90ef2c5f871e6022a885f1450915 |
| SHA512 | 237da79911e82eb8f207d8cd5a00d2fd8def367c34b19972827f00bf6f0b17045ea0babe50ea90b27f1d5856644676bf3080a5590d0045a8046a08623396ec36 |
memory/4876-6374-0x0000000006E10000-0x0000000007167000-memory.dmp
memory/976-6404-0x0000000005EA0000-0x00000000061F7000-memory.dmp
memory/976-6406-0x00000000074A0000-0x00000000074EC000-memory.dmp
memory/1168-6452-0x00000000063C0000-0x00000000063E1000-memory.dmp
memory/1668-6560-0x0000000007E10000-0x0000000007E8D000-memory.dmp
memory/2876-6561-0x0000000008440000-0x0000000008461000-memory.dmp
memory/3908-6640-0x0000000005C70000-0x0000000005CED000-memory.dmp
C:\Config.Msi\e585fd1.rbs
| MD5 | 30cdee7e0d192b663ace1f16d878c8ba |
| SHA1 | 1fdc68cbdbd3fa6522adee7f03eb72c1b1e3ecf0 |
| SHA256 | e89a271e42ba5e74cc31ffa0f7e2a43925892c6e5e33ef9e4f21ce7446f1585e |
| SHA512 | 2d95d7c62d7d3a351c534bdead58fe8dd061f98e569597d09039ad1074eafec3a15e47ffcbfbfb2e8f5bdc5e4916204e877e310644fedd07b29e6251d57728b3 |
memory/3044-7050-0x0000000000400000-0x00000000004F7000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | e449ec26b66a84509feaa31a51163e22 |
| SHA1 | bceed7fc36e9c3ac6d279deafb5b1a13e2b35ceb |
| SHA256 | 3415d8e367d784ca181abd89e32007db2f9957e9444f4e7f01b08dc78f6a0d05 |
| SHA512 | 812919810c71299f9696eb7b555cc417db4988f89a6d083f878764e013585a9dd48deb22f02294d9f53d46748bea4e54296b9caaec2879ff8e3b7512a675098f |
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240426-en
Max time kernel
78s
Max time network
92s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
| N/A | N/A | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E1-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E1-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1010333D-5114-41CE-807B-4483785EEF84}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA2-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6DF8F41-BAF4-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6DF8F41-BAF4-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0B-10E8-11D2-9B89-00104B8D13C2}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3CBDF57B-9A33-4DD4-B33A-4BD31B5E1C13}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F1919819-AA5F-3A56-A45E-E96DD1AEC641}\LocalServer32\ = "C:\\Program Files\\VEGAS\\VEGAS Pro 20.0\\vegas200.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{824AFE10-2098-4254-B2C3-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfresfilter_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E1-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\DLLDEV32i.dll | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\atracplug\atracplug_fra.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug3\mc_demux_mp4.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.EntityFrameworkCore.Design.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfhdcamsrplug\mp4encoder_dll.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\ffplugsk32.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Compressor_Vocals.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Limiter\[Sys] Pop Maximizer +6dB (Transparent).efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfxavc\mc_bc_dec_avc.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Icons\_msi_keyfile_6cnk8veuvssmc4evm16ss316t | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\dbghelp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\toc.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Acoustic Guitar.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\de\AjaVideoProperties.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\fargo.pdd.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug\mc_enc_mp2v.002 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\so4compoundplug\SonyRawDev.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\tab_toc.htm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\System.Diagnostics.DiagnosticSource.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\[Sys] Male Rap vocal.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\19.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\he.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\hr.pak | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug\mc_mux_mxf.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.pl-PL.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Release-x64.fio2007-config | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\[Sys] Fast modulation.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\41.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_V-Log.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\compoundplug\mc_mfimport.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\minus.gif | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mp3plug2\mp3plug2_esp.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfxavc\SMDK-VC140-x64-4_21_0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxhevcplug\SMDK-VC140-x64-4_21_0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\_msi_keyfile_dw332cbm3b6ue5z2b4gwxp4ut | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_esp.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Subtle movement for pad.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfp2\mxfp2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\ScriptPortal.MediaSoftware.Archive.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\wavplug\wavplug_deu.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\wavplug\wavplug.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\_msi_keyfile_kcygdzpate9gwv8xkex9z9ciq | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Joystick Profiles\Eliminator Precision Pro Joystick.ini | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\Interop.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfhdcamsrplug\mp4decoder_dll.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\fr\ScriptPortal.MediaSoftware.TextGen.CoreGraphics.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\pt-BR\ScriptPortal.Vegas.Slideshow.Resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Megaphone.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm6K_to_REC.709.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\spica_cutout.ofx.bundle\Contents\Resources\spica_cutout.pl-PL.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\2.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\36.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcaacplug\mcaacplug.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Win64\ofx360Stabilizer.ofx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.pl-PL.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\pt-BR\ScriptPortal.MediaSoftware.Archive.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\External Control Drivers\spconsoleopt.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Rough Vocals.efx | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\30454.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\30465.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_D-Log.cube | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Resources\MagixCVFx.es-ES.xml | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\8bda73cef6393916778c1ceb3ceb61ac\System.Data.OracleClient.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI13EF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5057.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1250-0\BdmuxServer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\a74b72d41141812b82335be6b43653e0\Accessibility.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\be4-0\System.Web.ApplicationServices.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0e4e3f4853c40b985b57dc12443d1058\System.Windows.Forms.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\894-0\Vegmuxrt.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1275.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI18FF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\magnolia_sky.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\mocking_bird.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#\da3b784b4517859cfc67b775643ac0a6\System.Web.ApplicationServices.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a08-0\System.Web.RegularExpressions.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d80-0\System.ServiceProcess.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\e70-0\System.ServiceModel.Internals.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxmc\68e3e508050426b6843248656521e64a\Vegmuxmc.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\574-0\System.Numerics.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxtw\e0a8a727d4cb162c7516b3b323f9f0e2\Vegmuxtw.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1223.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF74768958281D9C74.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFC23C6FA2974C3597.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\Mustardo.otf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5098.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Microsoft.NET\ngenserviceclientlock.dat | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\0a857079b30735fa8e347e188eafb7d3\System.Deployment.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdh\e32d8fa2a75184a2d5ac3458fa2e1e89\Vegmuxdh.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\38c-0\Vegmuxfb.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfb\c8bc806c54b029fbeab9ad3d18fbc4d4\Vegmuxfb.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\Fonts\marguerite.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\work_in_progress.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\12b0-0\System.Drawing.Design.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\4ab6b86800d4391f78a1da9440138c33\System.Web.Services.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1208-0\Vegmuxdw.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdw\5d0f327942b48780d08fa802195f654f\Vegmuxdw.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1780.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1B04.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1172.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1040-0\BdmuxInterface.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ae0-0\System.EnterpriseServices.Wrapper.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\57c-0\System.Deployment.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfo\54d70009d8c550f62f9d6164c828d310\Vegmuxfo.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1068-0\System.Design.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\af3094d576bc64823a6bae121b92764a\System.Design.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\700-0\System.Runtime.Serialization.Formatters.Soap.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#\b6cc22a0294ba9df6eb9c94e885840f1\System.Drawing.Design.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF806E72AB9E501D2E.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1B25.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\MarkMyWordsClean.otf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\77c-0\System.Transactions.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfa\e712e336b04c0a17d34e36a960d7c64d\Vegmuxfa.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\BdmuxInterface\f18602598146c7777ffb9be1fcf3af5a\BdmuxInterface.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\ae0-0\System.EnterpriseServices.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\530-0\System.Windows.Forms.dll | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFBADB45BC3D4C9C85.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI141F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI14EC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Fonts\Julietta.otf | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI465F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cf1bb15a8adda62c0600239e31e87de1\System.Drawing.ni.dll.aux.tmp | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\700 = "0" | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0 | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\701 = "0" | C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_sfa\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\ = "Pitch Shift" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins\Output\AllowedMany = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\FriendlyName = "VEGAS Track Noise Gate" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.sfa\ = "vegas200_sfa" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Output\ConnectsToPin = "Input" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\Pins\Input\IsRendered = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\ = "XpGeq Property Page" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{EE38CA88-D78E-4BFB-B05E-577892730C83} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Merit = "2097152" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedMany = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pca | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000006-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Reverb" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}\Pins\Input | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\71010A7B98E22C34B8500CE3C04D6CD4\PackageCode = "2E406092BA5D40242925FA19B50D305D" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{260DF3E1-AC77-11D2-9E93-00C04F68BE44} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\Pins\Input\Direction = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2E-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedMany = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Output\IsRendered = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_vf\CLSID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\ = "MCHammer Property Page" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\ = "ExpressFX Equalization" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\ = "VEGAS Track EQ" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA} | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Output | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\ = "SfGdyn Property Page" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\ = "SfSmooth Property Page" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\vegas200\shell\Open\command\ = "\"C:\\Program Files\\VEGAS\\VEGAS Pro 20.0\\vegas200.exe\" \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\CLSID = "{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B97C0F22-196D-11D1-B99B-00A0C9053912}\FriendlyName = "VEGAS Time Stretch" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Vibrato" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Output\Types | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000008-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Dynamics" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Input | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\ = "Smooth/Enhance" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Chorus" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedZero = "0" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Output\Types | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\Merit = "2097152" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32 | C:\Windows\System32\MsiExec.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\_Silent Install.cmd"
C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe
"MAGIX Vegas 20.0.411.exe" /VERYSILENT /TASKS=RUS,desktopicon
C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp
"C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp" /SL5="$600D2,304104975,64512,C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\MAGIX Vegas 20.0.411.exe" /VERYSILENT /TASKS=RUS,desktopicon
C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
C:\Windows\system32\msiexec.exe
"msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi" /qn MX_DESKTOPSHORTCUT=1 TARGETDIR64="C:\Program Files\VEGAS\VEGAS Pro 20.0"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 09217AE15A4887D98006CFE6186AF926
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8591B5B963510DD569D43FF256787072 E Global\MSI0000
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
C:\Windows\System32\MsiExec.exe
"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
"C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 1085
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 20c -Pipe 1b4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2e8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 300 -Pipe 2ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 310 -Pipe 314 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 318 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 300 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 31c -Pipe 338 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 340 -Pipe 22c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 310 -Pipe 2c4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 334 -Pipe 2e0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 328 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 324 -Pipe 30c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 330 -Pipe 31c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 340 -Pipe 334 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 310 -Pipe 340 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 0 -NGENProcess 354 -Pipe 34c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 354 -Pipe 364 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 304 -Pipe 36c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 388 -Pipe 370 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 388 -Pipe 384 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 348 -Pipe 33c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 378 -Pipe 398 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 39c -Pipe 3a8 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 378 -Pipe 350 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ac -InterruptEvent 0 -NGENProcess 3b8 -Pipe 3b4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 3c8 -Pipe 394 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 390 -Pipe 3dc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 3c8 -Pipe 3b0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 390 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 3e8 -Pipe 3d0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3fc -Pipe 3e0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3ac -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3fc -InterruptEvent 0 -NGENProcess 3bc -Pipe 3f0 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3cc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 3c8 -Pipe 3ec -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 39c -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3bc -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 368 -Pipe 380 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d8 -InterruptEvent 0 -NGENProcess 374 -Pipe 368 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 330 -Pipe 2e4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 360 -Pipe 2c4 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 32c -Pipe 344 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 3f4 -Pipe 360 -Comment "NGen Worker Process"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\ru.reg"
C:\Windows\regedit.exe
"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\settings.reg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/4976-0-0x0000000000400000-0x0000000000417000-memory.dmp
memory/4976-2-0x0000000000401000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-T6P6K.tmp\MAGIX Vegas 20.0.411.tmp
| MD5 | 3cf000f76aebe1287fbce80803691eef |
| SHA1 | 1abfd84af565006ab0eb5048c62827db64ba6d20 |
| SHA256 | 2ec46149ff09b8028c0892b98c25eeb839052fae520b8692e1edbe3e1e90e555 |
| SHA512 | 0aa4a80a550e1319ac49298fc9fe792b078d37d0099e2a4033d4022da44e49c4b641d07eb3cd8bfbfd9badbcf1975c3c494f790dd7151125f79a76b1ae62c6ef |
memory/4624-11-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/4624-17-0x0000000006A30000-0x0000000006A46000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\ISTask.dll
| MD5 | 86a1311d51c00b278cb7f27796ea442e |
| SHA1 | ac08ac9d08f8f5380e2a9a65f4117862aa861a19 |
| SHA256 | e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d |
| SHA512 | 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VclStylesInno.dll
| MD5 | b0ca93ceb050a2feff0b19e65072bbb5 |
| SHA1 | 7ebbbbe2d2acd8fd516f824338d254a33b69f08d |
| SHA256 | 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246 |
| SHA512 | 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2 |
memory/4624-23-0x0000000006C50000-0x0000000006F6A000-memory.dmp
memory/4624-28-0x00000000070D0000-0x00000000070D1000-memory.dmp
memory/4624-32-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-34-0x00000000070F0000-0x00000000070F1000-memory.dmp
memory/4624-33-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-31-0x00000000070E0000-0x00000000070E1000-memory.dmp
memory/4624-30-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-29-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-27-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-26-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-25-0x00000000070C0000-0x00000000070C1000-memory.dmp
memory/4624-36-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-45-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-48-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-84-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-83-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-82-0x00000000071F0000-0x00000000071F1000-memory.dmp
memory/4624-81-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-80-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-79-0x00000000071E0000-0x00000000071E1000-memory.dmp
memory/4624-78-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-77-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-76-0x00000000071D0000-0x00000000071D1000-memory.dmp
memory/4624-75-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-74-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-73-0x00000000071C0000-0x00000000071C1000-memory.dmp
memory/4624-72-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-71-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-70-0x00000000071B0000-0x00000000071B1000-memory.dmp
memory/4624-69-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-68-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-67-0x00000000071A0000-0x00000000071A1000-memory.dmp
memory/4624-66-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-65-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-64-0x0000000007190000-0x0000000007191000-memory.dmp
memory/4624-63-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-62-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-61-0x0000000007180000-0x0000000007181000-memory.dmp
memory/4624-60-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-59-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-58-0x0000000007170000-0x0000000007171000-memory.dmp
memory/4624-57-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-56-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-53-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-52-0x0000000007150000-0x0000000007151000-memory.dmp
memory/4624-51-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-50-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-49-0x0000000007140000-0x0000000007141000-memory.dmp
memory/4624-47-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-46-0x0000000007130000-0x0000000007131000-memory.dmp
memory/4624-55-0x0000000007160000-0x0000000007161000-memory.dmp
memory/4624-54-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-43-0x0000000007120000-0x0000000007121000-memory.dmp
memory/4624-42-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-41-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-40-0x0000000007110000-0x0000000007111000-memory.dmp
memory/4624-39-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-38-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-37-0x0000000007100000-0x0000000007101000-memory.dmp
memory/4624-44-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-35-0x0000000006F70000-0x00000000070B0000-memory.dmp
memory/4624-87-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/4624-88-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/4624-89-0x0000000000400000-0x00000000004F7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\!!msiTarget64\Protein\is-MCJFU.tmp
| MD5 | 0c1e88ce1761b3b91a12325c4b5cd7e1 |
| SHA1 | c1cde89c8c8624e3ee80eda4bddf914ed23a71a7 |
| SHA256 | 164b291826b0f96044546db925332c677245ec1035b9f53808c2d1af5f999f62 |
| SHA512 | c5aa87f78f5981002aa16a100e3a8ca37837610eb476ae5e30b87a80c722c48a4140e246375fc5c74176cb96ad634675b2c051f88e7738b7914586525bd3869c |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-BJJQA.tmp
| MD5 | b28fb870f7ac1fc58835cd538f0b3827 |
| SHA1 | 6535d439db0938e9ca0779e07c6751a111c00183 |
| SHA256 | a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef |
| SHA512 | 88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-BA6V2.tmp
| MD5 | 0f1fb541827cc6bcc3dbb777c00ca3ed |
| SHA1 | 18e68b072c1f24eadb0fe10353ca2725eb1e6869 |
| SHA256 | 7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a |
| SHA512 | d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-Q3S6Q.tmp
| MD5 | d403b68f94df24047f1f5c06ceb438ff |
| SHA1 | fd41dd09cab1c9b522826715876fc050d3b444ae |
| SHA256 | 48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421 |
| SHA512 | 45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-K7MQF.tmp
| MD5 | 24bacd15fc74bb26c48bc6d5b8ce4c98 |
| SHA1 | d1f1366025fd2bf0dd5d0a0b3508bc352e77a940 |
| SHA256 | c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f |
| SHA512 | fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\Language\is-QSQGQ.tmp
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\is-6HIK2.tmp
| MD5 | d5c1877b824a8a99dd911891695e3352 |
| SHA1 | 5942c1c6a6fec16014aa59c3620be1d344a2ea13 |
| SHA256 | 0313f51c713f2fd18ff3c008e80cb36a55e30c9b8655c54b02c08be7da319c0c |
| SHA512 | 39c4d6ca223b39cc9a015005b2a042fa8dbcddf91ba31f435f597319640724754596c0eb0becb9ac51b2efbc0b7ff2be23e8b5ac123beeab77c6502d99175edb |
memory/4624-2366-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/4624-2365-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/4624-2540-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/4624-2569-0x0000000000400000-0x00000000004F7000-memory.dmp
memory/4624-2626-0x0000000000400000-0x00000000004F7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\readme\is-ULESP.tmp
| MD5 | ebaeda4e1c37e4064c13690311301566 |
| SHA1 | c2d298a754e2199b1a4ff8310bd6192478764b83 |
| SHA256 | cc1bd4c738f3bbe40164cee012cb5498cb5e6ed1ab66d1a782d5101e608ea9bf |
| SHA512 | ffdaa0cb0250066a2a9fc46e7b3c11c635c2a14ee36f43f001e5dfcdeae4e2641dcfc8c2810bafa64d01e601e9f923e68f5d2e610a8aee65222f14dd2cddc660 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vegas_deu.chm
| MD5 | ad71246de2a860f980b7298519510c21 |
| SHA1 | 420d54a1b88039d4f554f2e567b27c5377df53e6 |
| SHA256 | 65cae474ca7fbd4cb3f49f6cc2a871fcd97be3f67c995af83be35ed5c60ef9ed |
| SHA512 | 1ec0e10c4113f859f628905838d6622cdd963973d208e85d5135dc35bb2b48274ad4129329fc4fdd56254f89ca4119e63c6be4c576838da12f3e8d0d479681b4 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_deu.chm
| MD5 | 9d0f926ca5d507617b2c9980940a4ec1 |
| SHA1 | 19d57c14156482f0b9d4b9ac6e756dc3a2260821 |
| SHA256 | 59be8d099b496c1f8784ef6fdb05bae981ea12d93c1e92f48cf96afbd55c73e0 |
| SHA512 | 848e460ff2d573e92355e41f2630dd25f6c910bef2b850f49097e7bd156500a4196f004f3f9961d281fe295903c24b5e58f6ee85d354aa93548263d1dc6ade2e |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_deu.chm
| MD5 | 28189fe033f82b794cd4c787949b295b |
| SHA1 | 3bc70c77da4be191b1f9f29086d6bbeac93eaa27 |
| SHA256 | 20700008e101f12f468052230f1cfc0f0312b61b81e9a2e309e8965f3b51117a |
| SHA512 | 4e0be27a4d152ada6a51521c975236f3108f23e5c2f5c40a248e71dab6cdd986fd4d6a354f07d721457634edc49427274b74141581cc72120244e201af96d77b |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm
| MD5 | d96c5c1d2791f5b740b5b742239cc14d |
| SHA1 | f0cd9075d983fe059c39a46ec7c8255a34acf362 |
| SHA256 | 203d202642e917d6175c28e684d0df0bb6b94fd5644af99571f2becb19d19096 |
| SHA512 | 6d4f9d312ebab1c19bf35725d8775e4545a1de81f57c979e635617854eb63116565c96c7fc7c8da25f3e393ddbb8aa30e89d31466be9c1a170ca0d8ab7c0e71c |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64_deu.chm
| MD5 | e4306c3bad1148bd3917fcda912254e7 |
| SHA1 | 09be8be0f26da548b8528c6fe50933d504e5bec4 |
| SHA256 | 7c9c1e154e6eca6d90f5809440fcb64e3c845257db806954ddcbaf1f247ac99a |
| SHA512 | 6d8dfa3d1533bdc78743c7072c40d201d0a9b5c9dd75fcca6d86ec90a7a91dafa2d2018a11c32c8780579c4d18f2ae9e7956a42cc6ca912916dd3115b4eff4b9 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64_deu.chm
| MD5 | 7449d3c7a273366788882e044d736755 |
| SHA1 | 46cd34f8abe3a12521b314fd8082bc01bff56bf6 |
| SHA256 | 2c09932992c928c400ab8bbc96f9bc031558f4f8db0f01a69c6f0327a172cae7 |
| SHA512 | c3ce978606d6fe56b90767898b8a5af462ebd5cf1c63d73bbb5f4b0ade6f2e043c72a061eb4d16c722f5e2bb4688aa266e42c9b4b06b392fd3275edd40db99b5 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64_deu.chm
| MD5 | 05ec141b5d879f94a1fc4fb63dab7c90 |
| SHA1 | cd376464d523dbd969e1d459861de8b8b059d3ba |
| SHA256 | 686e522a6d0503cee89b31f28e6ce6d3b1af734b32f3be46d9b394535be1e9cc |
| SHA512 | d3af9421171df4185ee5badc269d80943c1455b33d4223970128ae4841b51ce393084dadaede5f19b8aff89c91bd109e1e7a83b8dbed624970a1831b03b30355 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sftrkfx1_x64_deu.chm
| MD5 | 1f28955e3548fd0d125366ff897f4486 |
| SHA1 | 2ce2e126216bab27a87f13ba0c3196dd3e69b40e |
| SHA256 | 2a2c5d5324f1838fd204206c513b72c36afaa3a7ac81bd1ef53cf6bde90227b7 |
| SHA512 | 69129f9ae19b2a0c55aeb9871aea074f30dae0c1ac931484e7a9975345b1942720d30a33443ed82200a2e2721cd1da96a751d7f086e66b841be37741deb2153a |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_deu.chm
| MD5 | bdead6dd7d517b6551d6949273fafb38 |
| SHA1 | d388b3f6440454c7ab39c9f0aefc4420005b035f |
| SHA256 | bdf4dc7b2d3416f157a0ff16161e4db34e37b9bf9f3936eb442ca4ae9536d782 |
| SHA512 | a01b9fd3099eeac05dc36e0768bb9439736076448621d1117d74090321f01a78ea50e25e442b59185872b1f1a4bd1e39036fc1d70b10cc1685ab690dddf5ae9b |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64_deu.chm
| MD5 | b6c8248c7ead44d8f29f9e45654266c7 |
| SHA1 | 0451c6a06b6fe85067775e1f17f8f1e03a2de79e |
| SHA256 | 7fca06a0d9f9b38e5dfc1536f7e9be5ab60573857d90d51cb817b0fd3bdfdb57 |
| SHA512 | ef19e040ec8b9ae3cc4944122492b75cdcff41a801fdb988cedda3ef8b20a57a3e99ef83c042dd51bea5b3249125978d549476493a0a6ddc613f66ff9f5c91da |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx1_x64_deu.chm
| MD5 | ced225cf1ddc86d43d722fe3f43395cf |
| SHA1 | af1c71b436d2f555092b8e95b48fe9d280f77b77 |
| SHA256 | 7172285a843dfea02861a0ceb37df09420fe63c7cd57d7b4c78a510dc5e781e1 |
| SHA512 | 0598400db2feb94fd4aa97d336eb7aeb1c2fd868c4a0b53d943ae84d122138a676da5a2bc9693c90ffdaa9dee5802a26474eedc18db3ffec1ccc5769bf6d0cf3 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx3_x64_deu.chm
| MD5 | 38d74b2342a9750ddc419162a3b4bf8a |
| SHA1 | b59125ad03290f87e8e1dc8fdbcd02ca3cc15a09 |
| SHA256 | 55c48b9e003aa26c618db119af868bdfd958a5f55553d06d3f19ed5483622059 |
| SHA512 | 9c98b02b2088a9ee15b891db56e2cf43ed6e12ac9464ae16528195e36c14b516c9c2ff8637f5e3f3feac400783625d2e88e8e0dcf41f49ff08514771efc10382 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm
| MD5 | 05fba5470961d350729077f24f2e226c |
| SHA1 | 8199bf209bf6923d4185fb960ef8624b3d8a22a6 |
| SHA256 | 8706882eb4f2d42a63da17daddea5a5a7186ee4b4292f4489624ca30d61d8662 |
| SHA512 | d7b7dc117922df0447577cba07d762fdd88a1b6f6cdac93169304e7724399ef5afcb49d2e888bc0b073099fb672397ba4a28162871e501b8290aa11e57fa01bf |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx_deu.chm
| MD5 | 02a37529c636b810f022d92ea9280403 |
| SHA1 | 02a1ce65fed7436bd7b28edb4ea55425107c5d12 |
| SHA256 | 52846b9e45a1bf9b1d301ae04c6c9fcec31ca6f90c73af10138087efc49b387e |
| SHA512 | 2e0e46120b972aa1927ad58fa79e4f3c2cd170781c671fdd7e3e81020395359c1b1c78442dd0dce655fd0eba40b9cc394ae91338189d81effe9f7b9c3e2f22b8 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\xpvinyl_x64_deu.chm
| MD5 | 9ff814b3438a27e4b9922cd6a456c841 |
| SHA1 | 9093622fa91ab1329a7e97485356e1462a7f1021 |
| SHA256 | d1c5d986e115c180373673668f2cf341070d0e7b9c02549c439370fd8436952c |
| SHA512 | ca383b963455572ce920266591c71a6eb0baae3fd301a8b7877767baf890bad9c15b09e692cd0a06e9edb6ac62ea580d02549c38b09a8455ccc70d2cf6dac421 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi
| MD5 | 3984e2c94a919c262e1b6809ce845138 |
| SHA1 | c6a38b5350db206a1da37ff194e5d103865d5b8a |
| SHA256 | a3c36305c3af58816ace57688a84bc3ee8096e4e78ead8b428335023e0df3c3c |
| SHA512 | 47dfe2808fa1715d30c4444a40c2f4eb9cb37f97043238af92389aadcfeda44730785d0f88fd60acb836785542a12e29b7289ae986df08ea951457ffa46369bd |
C:\Windows\Installer\MSI1085.tmp
| MD5 | cac46674c136dcfa1007c4474f74709c |
| SHA1 | 0e57991728954ece3258ac10c68722ab277291a8 |
| SHA256 | e6c3090f601c83088bc7c481e8384b487f2e0a9a5fa0ceadac890224401416f9 |
| SHA512 | ea54e2190e3c6019bf832aec09508520c54c3b5ca146dc7925c0a412cfcc291d328005e1922ac8f5f686a82061b48d81ab56174cc3fae3ef5813724a601068ed |
C:\Windows\Installer\MSI1172.tmp
| MD5 | 205796434c869552ef4dd52df0137a71 |
| SHA1 | 3f38351609a85a4409be780b7186eb207082f703 |
| SHA256 | 3853de73a45b0f653d93de3c9884bf244fba54fdb715d54db5fb04f9ffecbf0f |
| SHA512 | 5eb324d9996841476ea1826cb09fc232562056a7345bbcb8937a1674a549a64d0616dac19d5e2293f473a7d2dcf19ff96c80bd8628aecf6ec9a1d9a810927133 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.dll
| MD5 | 36fc6c3385657831860504e811f71b53 |
| SHA1 | 4022a504ff83a298c5ee8a3d18e56ebf992bd48a |
| SHA256 | 3fd04618f5ea9f59b6aaf1447602f0672b2ab76b10e2a9e613408b41931968a0 |
| SHA512 | 673b228ceb40f311c7f0e63dae9c149a5c7434215ea5aa6ec0bf61304b2ca62f5d36422723b1ae5a3c8def0608db2b0edc9d233f47394863239d3f3c95b8d147 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.chm
| MD5 | 2f72e2d18df0d6863de2b728aa943baa |
| SHA1 | 7fea25a58c85f4d67ba473eb0c565d532054d82b |
| SHA256 | 067c563c9557e097490bb3c5980a95115d9f6f6064086e2472fde89ad45f157a |
| SHA512 | 96cae7073c666beef8d03a920d2454e1925b655ed53e44939de4862fdce01c2f0ec935b2ed6c54dbb53029d836fa581e0fa100b4356dd233431b2a9b1b737751 |
C:\Windows\Installer\MSI154D.tmp
| MD5 | 33b1ab9ee145562cbb7ca93fc5f464c2 |
| SHA1 | 1431d7c0dda4728211e74581952574ed3b30ef28 |
| SHA256 | 919d4075d01032a88b5dbd46e0c1ed2c1c6fe695404668e72656fda1ad80b22e |
| SHA512 | 11662b918d88a77c1e7ed666ac4c161ae3f5c9cde9b378e3d29f66d95f34df92d3fc8e2f6f3e8774a98eabc612dc61188705f6c38e65beb015f40a958a4d832a |
C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\ac3plug\ac3_10.udat
| MD5 | e34227582523dd5d6450d2a48e742d79 |
| SHA1 | 0e7ad3795405d5eb2122fde5f0fc66ce74e1c855 |
| SHA256 | 883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932 |
| SHA512 | cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c |
C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\36.css
| MD5 | afa7ee18ebf29250e6c1d58d117b0a8f |
| SHA1 | 82848e876d0559e24d95cdc27f4d81a20f96acd1 |
| SHA256 | ba77806fa2c2ffe1f2c896b4340eb169fe0cd0f7ad0706e1b4d6cfe8dfbc03f6 |
| SHA512 | 054d13d69d68f8c3af0b9eed577d325877bc987699b29f622534f216a07c66f081edf16e6aa2c01635a0b9236191033abc7a904633fa918eefde87cb6baa61af |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plugrw.dll
| MD5 | 9a4bf31ef98aedbc301820fcb0f1a608 |
| SHA1 | 8e3e4608f75be5f1cac1ffd0e3955e8f957b2533 |
| SHA256 | 5053d52ea00511502ba832ba3b9b63f2b79dbc3fdbf0f9d0c2f7f741733992ec |
| SHA512 | 280504089de783df7d8661e55e043353d714af799afb1f750047e5fb85c4dbfb3c201f4eb18787ba38f404e4f623fba0cd9e7091800424ec8ce47b3d04cb9313 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\lrepacks.dll
| MD5 | 4f1a14e49b00be544481d943b0bcaa38 |
| SHA1 | a9649dc849df5b6713373606b3112ef729daad6c |
| SHA256 | 35ffd0cf34d46680fbe425df26df450f82cbf61784a05f4c3394981abd3cd6d0 |
| SHA512 | 63ef42cf81060aadc6d04e3d4e6dbb810ab53780238f2592eb1b050acf81b0efe12dfe9cfdb46c747f6b3e20a751b0d6e1124e138396ce72a6a888e61610f885 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3studioplug\ac3studioencoder.dll
| MD5 | 839e72f3aee74b047362ec6ba5fe3567 |
| SHA1 | 57781a9d357928ac0675fe628669f4deca6b6947 |
| SHA256 | 3834071314deb9b95f13e6ad606c2606d6cd123cf7ccbc536a09e46652484c7a |
| SHA512 | 6de454e366e7b8861adaeb104281c44a62489d3032af9f1128fe40bc3ccf53cc1f42352e1d86de090e5ecd7da3b1866b0b1c456438caa56f7eb8065c6b5baeda |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.zip
| MD5 | 76cdb2bad9582d23c1f6f4d868218d6c |
| SHA1 | b04f3ee8f5e43fa3b162981b50bb72fe1acabb33 |
| SHA256 | 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85 |
| SHA512 | 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_SetupRes.mxres
| MD5 | 35b41455060bf1766890ad4d31a49835 |
| SHA1 | 813ed4d2949c616a0d649dc35295cfa0018caba5 |
| SHA256 | bf3377ed0f7eca679631cfc3abd9a8509a27be0e2f5d039cf484a13237e2070e |
| SHA512 | 4285f09fb7eec72efcbd290d18495b436b0435dc7a83f4dff90a09c7dcf964350a14b9d6ba77855be8eca1982dc78d7fa642fa65e6981e484903c05ced5f2f03 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_SetupInfo.ini
| MD5 | d01419d02c71e590338368fdb1ded4b0 |
| SHA1 | 533f5c9147b51a2a74342dfea2f952bde0c0559f |
| SHA256 | fc12395775b26f77a44ecc5fac596eff8ff32a1fcbfe225fd2b1544ad8165347 |
| SHA512 | b6fd693805019553ac8c1a6d4537a5378a16814ff09ab3fff4d5a748bb9a8c022a7c001fec56b1ec37a2e6e9ee93b36c0cea348334b5af84cdea885b31440397 |
C:\Users\Admin\AppData\Local\Temp\is-AL9A0.tmp\VEGAS20\VEGAS_Pro_20_setup.exe
| MD5 | 04fb89ed372c0ae2c7fc694f8e78674d |
| SHA1 | 04eb033741e32ed3c73237fc4ebbe3fa40e8d1f8 |
| SHA256 | cfc902083b8d343a34d99059064dcf9e67add5295257662351adf8d4118ebe83 |
| SHA512 | 569dbc07a6cc6ee398f2791ce8c739935e9e2b7ead5d1119c5b0ba052f9275c04fc68c07c610cf6fa817151a6a5a526227af142c8e65baaeb051e907734c75f8 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_rec2020.spi1d
| MD5 | 67f295e9f8be3d15aa161031f3761b7c |
| SHA1 | 89fc2e9845ed297e16c05823b655520755a234fc |
| SHA256 | 4aa8c8265b737c5dd8604408899ff7ee9f70780f8b0d49ead183b48699a19b5d |
| SHA512 | 2dd2f2da4559a9f3e4f6363f5b96d3d94655026985f051889bb05fd6628d0051dc06632fff322e9057db9e2c71281d29ba1ee5a2ccab46813db26c558a7db3c6 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\HTML_ASSETS\release-banner.jpg
| MD5 | 6d5dc46f9bb6ca3b4991954c6ef4117c |
| SHA1 | 20a06a4ac4b1732ec0e676c507fc4a2860bea698 |
| SHA256 | 2519a81c7d217824efe2c734c940d6a29e752df20e134b64b777a1506f306d79 |
| SHA512 | 2abfb6431f3d42a785baff5dcf60b9798f0d9627ae47788cc31970a5c6c046412e47bd332d7b42b6e6bc5074eb22e17938a68921c1beb48a10c0d1365e01368d |
C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS Pro 20 -- ShuttlePRO.pref
| MD5 | 252498dbc17973a2bcfd3f79aaf58bf7 |
| SHA1 | 8fb11e85d99e4e853beed0298ca5515ba4b14b60 |
| SHA256 | 6f2c945852e035c98d2aa9c8fda43b7074a17f0de994dbcd99f3bea24aa86949 |
| SHA512 | 4b0b50d9130895226a78d88efa04a47b06583976028c9ff71b0743fdb84ddb971f77fc0e0816fb485b240cabddbee3a0e83d44043040f12f6e3e7922b799de3f |
C:\Windows\Fonts\mark_my_words.otf
| MD5 | 7c63423376c2f45b7d76537c933a95cc |
| SHA1 | 58561511026f8761d1a90a6bee79d4a152b420f0 |
| SHA256 | 57c478c62fb66a6dcc1281e1f92f741fedeb2e60ad42b4a06825336f1f3506eb |
| SHA512 | e15d075df3574bd7fc9191506cb113ed17767d1a50cc918ea1d7c75b22c5165a7b5ad33ddb453c5c7d4efa6ad182f90f2a1a1857c614acbbada34202e6c79a81 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
| MD5 | 3093432fefad3a1be4d0a0c48ef02ea0 |
| SHA1 | e36afc3c8482a79a4d42b7cb57e788e0887ced4f |
| SHA256 | fadcb8266b1802690cd34126996fcd0afd8ed7748d7b45f01e12cfd0ca71e6b9 |
| SHA512 | 5e83261a19ac1a9e84db4bf5de84e55c1c8d8a8ec6a05687e0797f36473359b9a919de3e2cfb6c68631f998fbcf2d2469097aecf01f8361c5d3579b81834189b |
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg
| MD5 | c6558a2f2a726a99417ade99e900f958 |
| SHA1 | 7847dcfdc349fffbfcf0dcd59b5998b235bae57a |
| SHA256 | 73a04a2dd7254acc7e8a2539f7f02970fef2778a5526094faa02f9d385cc8d08 |
| SHA512 | 4e069170aca2a0ee9bdd3417b8c7f0635fe0a93235ea646a392c692b3dba678ca38e608f0726f082d5c251c377cd152b7977ce2516a6c30d6f78ed9e02023d77 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg
| MD5 | 23cb523b29b01b264127f906933c1514 |
| SHA1 | eb619c3cd448af1a182eb8cdb3e5127e0a527ef7 |
| SHA256 | 1dfa17bcf3fb7a22e3dc58f11b08bc69c78cb8ab4466c6822ae3b03391f9fae0 |
| SHA512 | 3cafe70c26d8331d7ee93aad436a1885cf71100ece7b1b452d289e1d583e00451a26d3b04303483615bcf6a43172d7596099b9ebf18a3a1223901304f8d627be |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_en_US.cfg
| MD5 | 1700b4b9e4cad89420c63e5d987726ab |
| SHA1 | 5db4aa25d0f0c3f8813d77391c5556e9a2a415fc |
| SHA256 | 2e19767c12bb501fbf1cfdf49ceb7ab25ab5cbeb5a38642f98d486e726e9c2ec |
| SHA512 | 8305ab3e0b074412afca99747e543504417b2cca209aaca45a87a52e3f5b6d7d170cf05db913259a7437f356a47c87c17f8132d514473d99932b58d6480567a1 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg
| MD5 | eef1e709e225fdfd1a4c247ef0e0a684 |
| SHA1 | 955e1ed9b66eba8d30d327b0453636f431069e43 |
| SHA256 | 90e01328f9525a72b7638e228873c437cd8cbb3bd8d1e237218db9c9e362a33d |
| SHA512 | cd8ec0b57e61a746436ea9827d0fbc25b1a4048162f4aeeab103b4746a95e1dea843564bbe257eeac18273172a04b0bcbf0f973047cee320dfd4ae9599b07ca8 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_es_ES.cfg
| MD5 | 9760865cc60798a9bfc1e27b8782c45a |
| SHA1 | 24d10d70ac93e687cffd563a06f27f68c7caea55 |
| SHA256 | 7b06ea074897081ff1a51a29448e8463ceb943270478a14405aa88f7479c8bef |
| SHA512 | f858d683e89f43ea0bd2858fd0f2ba06f27e77266dd5ddac08250b9904b988cbb7ef40bd6aa52c528bfb510505fa4bedecc4ee01f8ad72c90b16ebb0d7986731 |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg
| MD5 | 900e140eb7091c26d4b1b555c6e362b5 |
| SHA1 | 5214bc2833bdf53fe2a103c49773cef292e5ae48 |
| SHA256 | bb1c2ff46403c7d4c82304fa827e5fc401a98fac0d33d865974b676876597c57 |
| SHA512 | 8dc147f20c48dff28553bfed6e08fc0ed2ad10579239a6fb0639c61d4014b03e33c152a13b229dd9c53284a59bdb87403ab5ad32d4d151a71e80e186c9fe220b |
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_pt_BR.cfg
| MD5 | 22a39896ae01ede8b6ab0e5d7190fd69 |
| SHA1 | d684a31d2d6f306bcc98c46c62771e0ea923322b |
| SHA256 | 1b0e7702d21614267fd3b754ff88ac9e28ab2f39c2a7a1acb8dcab8383b05f4d |
| SHA512 | 394d1d67faaa37b0d4c84fb405bb92d4ef483cc06e5cd40e41ff87cb917896f9b0397af2aa8ac89752c85d07761ba4f1f3f3848e898a621beeeab8555230d228 |
memory/2556-6295-0x0000000003C70000-0x0000000003C78000-memory.dmp
memory/2556-6296-0x0000000003C80000-0x0000000003C88000-memory.dmp
memory/2556-6297-0x0000000003C90000-0x0000000003CB5000-memory.dmp
memory/2556-6298-0x0000000005E70000-0x0000000005EC6000-memory.dmp
memory/2556-6299-0x0000000003CD0000-0x0000000003CE0000-memory.dmp
memory/2556-6300-0x0000000006480000-0x0000000006A26000-memory.dmp
memory/2556-6301-0x0000000005F20000-0x0000000005F68000-memory.dmp
memory/2556-6305-0x0000000006030000-0x000000000607F000-memory.dmp
memory/2556-6308-0x0000000006080000-0x000000000608A000-memory.dmp
memory/2556-6307-0x00000000061E0000-0x000000000625A000-memory.dmp
memory/2556-6306-0x00000000060F0000-0x000000000615C000-memory.dmp
memory/2556-6304-0x0000000005FC0000-0x0000000005FDC000-memory.dmp
memory/2556-6309-0x0000000006A30000-0x0000000006D87000-memory.dmp
memory/2556-6303-0x0000000005FA0000-0x0000000005FB2000-memory.dmp
memory/2556-6302-0x0000000005F70000-0x0000000005F78000-memory.dmp
memory/2556-6311-0x00000000060D0000-0x00000000060D8000-memory.dmp
memory/2556-6312-0x0000000006420000-0x000000000646C000-memory.dmp
memory/2556-6314-0x0000000006DF0000-0x0000000006E0E000-memory.dmp
memory/2556-6315-0x0000000006E50000-0x0000000006E8C000-memory.dmp
memory/2556-6316-0x0000000006EE0000-0x0000000006F30000-memory.dmp
memory/2556-6317-0x0000000006FF0000-0x00000000070A2000-memory.dmp
memory/2556-6318-0x00000000070B0000-0x0000000007116000-memory.dmp
memory/2556-6313-0x0000000006DC0000-0x0000000006DE2000-memory.dmp
memory/2556-6319-0x0000000007650000-0x0000000007B7C000-memory.dmp
memory/2556-6322-0x0000000006F60000-0x0000000006F7C000-memory.dmp
memory/2556-6321-0x00000000071C0000-0x0000000007252000-memory.dmp
memory/2556-6323-0x0000000008050000-0x000000000851C000-memory.dmp
memory/2556-6324-0x0000000006FD0000-0x0000000006FE2000-memory.dmp
memory/2556-6326-0x0000000007180000-0x00000000071B2000-memory.dmp
memory/2556-6328-0x0000000007360000-0x000000000742E000-memory.dmp
memory/2556-6330-0x0000000007290000-0x00000000072AA000-memory.dmp
memory/2556-6331-0x0000000007B80000-0x0000000007CA2000-memory.dmp
memory/2556-6335-0x0000000007E40000-0x0000000007FC8000-memory.dmp
memory/2556-6336-0x0000000007610000-0x000000000762A000-memory.dmp
memory/2556-6338-0x0000000007630000-0x0000000007642000-memory.dmp
memory/2556-6337-0x0000000007CF0000-0x0000000007D2C000-memory.dmp
memory/2556-6334-0x0000000007330000-0x0000000007350000-memory.dmp
memory/2556-6333-0x00000000072B0000-0x00000000072BA000-memory.dmp
memory/2556-6332-0x0000000007570000-0x00000000075ED000-memory.dmp
memory/2556-6329-0x00000000072E0000-0x0000000007324000-memory.dmp
memory/2556-6327-0x0000000007260000-0x0000000007282000-memory.dmp
memory/2556-6325-0x0000000007120000-0x0000000007140000-memory.dmp
memory/2556-6320-0x0000000006F30000-0x0000000006F52000-memory.dmp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log
| MD5 | a683ced06002f839eee1c1a5fc38acb3 |
| SHA1 | 3f57f12b4528a365f374be4e1656d225a26836e3 |
| SHA256 | 3234194f7c31820554ae45802efcb44554b550ce4e69e5d879c7894ce68ee943 |
| SHA512 | 2f15c00f522fba846ef4639e8c7e5a5bc7d202f7bcc1b85f67ec40ae89f6e052d5f55cc00871cf60968fcbc6c3262cf49b61683681a62cfe8608a51f78709360 |
memory/2392-6371-0x0000000006040000-0x0000000006397000-memory.dmp
memory/1140-6402-0x0000000005C60000-0x0000000005FB7000-memory.dmp
memory/1140-6403-0x0000000007230000-0x000000000727C000-memory.dmp
memory/1916-6449-0x0000000006DD0000-0x0000000006DF1000-memory.dmp
memory/4200-6557-0x0000000007250000-0x00000000072CD000-memory.dmp
memory/4472-6558-0x0000000008800000-0x0000000008821000-memory.dmp
memory/3376-6635-0x0000000002E80000-0x0000000002EFD000-memory.dmp
C:\Config.Msi\e580f9e.rbs
| MD5 | a2ed9b79b71d4c0a8cb805dbc6aed228 |
| SHA1 | 4577c24be5b4ffbb5ec4ec3279f50cfff1402ef2 |
| SHA256 | eab453992cbb219443d9a81cdcd4de6ab8369f21fbd0add9dc31dbf0862aeb97 |
| SHA512 | d41e810985b331e09954ec6a8b8794b6a9359afc50168310621c042e41484e7eaa491465dd8ce0c7c06a7782e85ff7bc49791549ec531544106955951070210f |
memory/4624-7048-0x0000000000400000-0x00000000004F7000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240508-en
Max time kernel
105s
Max time network
124s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\DE.reg"
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240426-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\FR.reg"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240508-en
Max time kernel
109s
Max time network
127s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\PL.reg"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:16
Platform
win11-20240508-en
Max time kernel
106s
Max time network
127s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\PT.reg"
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.21:443 | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240426-en
Max time kernel
129s
Max time network
99s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5052 wrote to memory of 4844 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
| PID 5052 wrote to memory of 4844 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\NOTEPAD.EXE |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\Ключ ЧИТАТЬ ПЕРЕД УСТАНОВКОЙ!.txt"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\Ключ ЧИТАТЬ ПЕРЕД УСТАНОВКОЙ!.txt
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.31:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 15:10
Reported
2024-06-11 15:17
Platform
win11-20240426-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Processes
C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\MAGIX.Vegas.20.0.411\LNG\CN.reg"