Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
470s -
max time network
474s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/08/2024, 14:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://getintopc.com/softwares/multimedia/magix-vegas-pro-2022-free-download-1213161/
Resource
win10v2004-20240802-en
General
-
Target
https://getintopc.com/softwares/multimedia/magix-vegas-pro-2022-free-download-1213161/
Malware Config
Signatures
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe MicrosoftEdgeUpdate.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" MicrosoftEdgeUpdate.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 25 IoCs
pid Process 5664 7z2407.exe 1920 VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe 2968 VEGAS_Pro_20_setup.exe 3952 vcredist_x86.exe 3040 vcredist_x86.exe 5712 vcredist_x64.exe 5900 vcredist_x64.exe 5908 MicrosoftEdgeWebView2RuntimeInstallerX64.exe 3716 MicrosoftEdgeUpdate.exe 1660 MicrosoftEdgeUpdate.exe 5972 MicrosoftEdgeUpdate.exe 5484 MicrosoftEdgeUpdateComRegisterShell64.exe 3956 MicrosoftEdgeUpdateComRegisterShell64.exe 4576 MicrosoftEdgeUpdateComRegisterShell64.exe 6056 MicrosoftEdgeUpdate.exe 2880 MicrosoftEdgeUpdate.exe 5632 MicrosoftEdgeUpdate.exe 1780 MicrosoftEdgeUpdate.exe 6072 MicrosoftEdgeWebview_X64_98.0.1108.43.exe 2732 setup.exe 184 MicrosoftEdgeUpdate.exe 4808 vegas200.exe 4316 Patch.exe 2360 vegas200.exe 4744 FileIOSurrogate.exe -
Loads dropped DLL 64 IoCs
pid Process 3040 vcredist_x86.exe 1460 vcredist_x86.exe 5900 vcredist_x64.exe 4320 vcredist_x64.exe 3716 MicrosoftEdgeUpdate.exe 1660 MicrosoftEdgeUpdate.exe 5972 MicrosoftEdgeUpdate.exe 5484 MicrosoftEdgeUpdateComRegisterShell64.exe 5972 MicrosoftEdgeUpdate.exe 3956 MicrosoftEdgeUpdateComRegisterShell64.exe 5972 MicrosoftEdgeUpdate.exe 4576 MicrosoftEdgeUpdateComRegisterShell64.exe 5972 MicrosoftEdgeUpdate.exe 6056 MicrosoftEdgeUpdate.exe 2880 MicrosoftEdgeUpdate.exe 5632 MicrosoftEdgeUpdate.exe 5632 MicrosoftEdgeUpdate.exe 2880 MicrosoftEdgeUpdate.exe 1780 MicrosoftEdgeUpdate.exe 184 MicrosoftEdgeUpdate.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 4568 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 6112 MsiExec.exe 5256 MsiExec.exe 5256 MsiExec.exe 5256 MsiExec.exe 1836 MsiExec.exe 1836 MsiExec.exe 1836 MsiExec.exe 4080 MsiExec.exe 4080 MsiExec.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} = "\"C:\\ProgramData\\Package Cache\\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\\vcredist_x86.exe\" /burn.runonce" vcredist_x86.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7} = "\"C:\\ProgramData\\Package Cache\\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\\vcredist_x64.exe\" /burn.runonce" vcredist_x64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\G: VEGAS_Pro_20_setup.exe File opened (read-only) \??\J: VEGAS_Pro_20_setup.exe File opened (read-only) \??\M: VEGAS_Pro_20_setup.exe File opened (read-only) \??\T: VEGAS_Pro_20_setup.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\E: VEGAS_Pro_20_setup.exe File opened (read-only) \??\W: VEGAS_Pro_20_setup.exe File opened (read-only) \??\Z: VEGAS_Pro_20_setup.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\V: VEGAS_Pro_20_setup.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\A: VEGAS_Pro_20_setup.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\P: VEGAS_Pro_20_setup.exe File opened (read-only) \??\R: VEGAS_Pro_20_setup.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\N: VEGAS_Pro_20_setup.exe File opened (read-only) \??\S: VEGAS_Pro_20_setup.exe File opened (read-only) \??\U: VEGAS_Pro_20_setup.exe File opened (read-only) \??\Y: VEGAS_Pro_20_setup.exe File opened (read-only) \??\O: VEGAS_Pro_20_setup.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\K: VEGAS_Pro_20_setup.exe File opened (read-only) \??\H: VEGAS_Pro_20_setup.exe File opened (read-only) \??\I: VEGAS_Pro_20_setup.exe File opened (read-only) \??\L: VEGAS_Pro_20_setup.exe File opened (read-only) \??\Q: VEGAS_Pro_20_setup.exe File opened (read-only) \??\X: VEGAS_Pro_20_setup.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\B: VEGAS_Pro_20_setup.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\L: msiexec.exe -
Checks system information in the registry 2 TTPs 10 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName MicrosoftEdgeUpdate.exe -
Drops file in System32 directory 64 IoCs
description ioc Process File created C:\Windows\system32\vcamp120.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm120u.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120enu.dll msiexec.exe File created C:\Windows\system32\mfc120enu.dll msiexec.exe File opened for modification C:\Windows\system32\msvcp120.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120cht.dll msiexec.exe File opened for modification C:\Windows\system32\mfcm120.dll msiexec.exe File created C:\Windows\system32\mfc120ita.dll msiexec.exe File created C:\Windows\system32\mfcm120u.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\vccorlib120.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120esn.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120jpn.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120jpn.dll msiexec.exe File created C:\Windows\SysWOW64\msvcr120.dll msiexec.exe File created C:\Windows\SysWOW64\vcamp120.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120fra.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120rus.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120enu.dll msiexec.exe File created C:\Windows\system32\msvcp120.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\vcamp120.dll msiexec.exe File created C:\Windows\system32\mfc120.dll msiexec.exe File created C:\Windows\system32\mfc120chs.dll msiexec.exe File created C:\Windows\system32\mfc120cht.dll msiexec.exe File created C:\Windows\system32\mfc120deu.dll msiexec.exe File created C:\Windows\system32\mfc120rus.dll msiexec.exe File created C:\Windows\system32\mfcm120.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120u.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120chs.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120kor.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120cht.dll msiexec.exe File opened for modification C:\Windows\system32\vcamp120.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120cht.dll msiexec.exe File created C:\Windows\system32\mfc120fra.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\DLLDEV32i.dll vegas200.exe File created C:\Windows\SysWOW64\vcomp120.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120enu.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120ita.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120chs.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120deu.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120rus.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\vcomp120.dll msiexec.exe File created C:\Windows\system32\msvcr120.dll msiexec.exe File opened for modification C:\Windows\system32\msvcr120.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120esn.dll msiexec.exe File created C:\Windows\SysWOW64\mfcm120u.dll msiexec.exe File created C:\Windows\system32\mfc120u.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\msvcr120.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120u.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120fra.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120ita.dll msiexec.exe File created C:\Windows\SysWOW64\mfc120jpn.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120chs.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120ita.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120kor.dll msiexec.exe File created C:\Windows\SysWOW64\vccorlib120.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120deu.dll msiexec.exe File created C:\Windows\SysWOW64\DLLDEV32i.dll msiexec.exe File created C:\Windows\system32\vccorlib120.dll msiexec.exe File created C:\Windows\system32\vcomp120.dll msiexec.exe File opened for modification C:\Windows\system32\mfc120.dll msiexec.exe File created C:\Windows\system32\mfc120jpn.dll msiexec.exe File opened for modification C:\Windows\SysWOW64\mfc120u.dll msiexec.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Video Hardware Drivers\AVCDevices.dll msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\chrome_100_percent.pak msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_sRGB.spi1d msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcmp4xavcs\mcmp4xavcs.dll msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Protein\Forms\UnlockFormMail_nl_NL.rtf msiexec.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\Locales\gu.pak setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Delete Breath.efx msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\39.cube msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3_x64.exe msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Online\MagixOFA-pl.dll msiexec.exe File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64.chm msiexec.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] Very Large & Rich.efx msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\23819.png msiexec.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\Locales\bg.pak setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\Default.efx msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\resources\electron.asar msiexec.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\Locales\zh-TW.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\MLModels\nexturl.ort setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\Locales\az.pak setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\es\ScriptPortal.MediaSoftware.clrshared.resources.dll msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Protein\Resource\UnlockDialog_common.ini msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\Vegmuxdh.dll msiexec.exe File created C:\Program Files (x86)\Microsoft\Temp\EU56ED.tmp\msedgeupdateres_ta.dll MicrosoftEdgeWebView2RuntimeInstallerX64.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\index3.gif msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Online\MagixOFA-pt.dll msiexec.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\Locales\bg.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeWebView\Application\98.0.1108.43\Locales\pa.pak setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\5.cube msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Lush And Wide Open.efx msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\dhtml_search.js msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Dolby_PQ_108_nits_Shaper.RRTODT.P3D65_ST2084__108_nits_.spi3d msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Win64\ofx.ocl.executable msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Protein\Forms\UnlockFormServiceCenter_sv_SE.rtf msiexec.exe File created C:\Program Files (x86)\Microsoft\Temp\EU56ED.tmp\msedgeupdateres_pa.dll MicrosoftEdgeWebView2RuntimeInstallerX64.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\VisualElements\LogoDev.png setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\identity_proxy\resources.pri setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Video Plug-Ins\vfx1.dll msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\_msi_keyfile_m5cekti4xzmnzp2qmtvc8a6m6 msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\VegasOfxRotation.ko-KR.xml msiexec.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\Trust Protection Lists\Mu\Fingerprinting setup.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\VisualElements\SmallLogoBeta.png setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Protein\Resource\UnlockDialog_KO.ini msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Phaser\Default.efx msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Presets\PresetPackage.zh-CN.xml msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\so4compoundplug\so4compoundplug_esp.chm msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Protein\Resource\UnlockDialog_EN.ini msiexec.exe File created C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\Locales\fil.pak setup.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\msedge_100_percent.pak setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Subtle movement for pad.efx msiexec.exe File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\23.cube msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Protein\Resource\_msi_keyfile_g1y34igeyy92zs2b9x312imo3 msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\opencv_flann455.dll msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Protein\Forms\UnlockFormMail_de_DE.rtf msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Online\youtube_x64.dll msiexec.exe File created C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_fra.chm msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\bmrawplug\DecoderOpenCL.dll msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\Bitmaps\MxAutoUpdate\generalControls.ini msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\MagixAiFx.ofx.bundle\Contents\Resources\MagixAiFx.ru-RU.xml msiexec.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Presets\PresetPackage.xml msiexec.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\98.0.1108.43\Locales\en-GB.pak setup.exe File created C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Limiter\Default.efx msiexec.exe -
Drops file in Windows directory 64 IoCs
description ioc Process File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120deu_x86 msiexec.exe File opened for modification C:\Windows\Installer\e5d2952.msi msiexec.exe File opened for modification C:\Windows\Installer\MSI76E.tmp msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\12.0.40660\F_CENTRAL_msvcp120_x64 msiexec.exe File created C:\Windows\Fonts\Thinking_of_Betty_Light.otf msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\14e4-0\Vegmuxrt.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\171c-0\System.Web.RegularExpressions.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\38c83cbc8c853343f5467e7101522ad2\System.Web.ni.dll.aux.tmp mscorsvw.exe File opened for modification C:\Windows\Installer\MSIA764.tmp msiexec.exe File created C:\Windows\Fonts\beyond_the_mountains.otf msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\MSI2AAC.tmp msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120esn_x86 msiexec.exe File created C:\Windows\Installer\e5d292c.msi msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120ita_x64 msiexec.exe File opened for modification C:\Windows\Installer\MSIA622.tmp msiexec.exe File created C:\Windows\Fonts\The Perfect Christmas.otf msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120u_x64 msiexec.exe File opened for modification C:\Windows\Installer\e5d2977.msi msiexec.exe File opened for modification C:\Windows\Installer\MSIC8AC.tmp msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\82b1ae8cba204aa301aa01544206ca58\Microsoft.VisualC.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxdh\065ed88d0df1f94b9f414a1d072bc15e\Vegmuxdh.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\Fonts\hotel_de_paris_Xe.otf msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\2e725cfb62d648253c0f90354643f923\System.Data.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\072aa1ae4822c665a9fa09a7977b4938\System.Windows.Forms.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat ngen.exe File opened for modification C:\Windows\Installer\MSI305C.tmp msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\CacheSize.txt msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\85dfa5a61977f3a1c9eaaab052fbb179\System.Deployment.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\15f8-0\System.ServiceProcess.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\170c-0\Vegmuxtw.dll mscorsvw.exe File created C:\Windows\Installer\e5d2910.msi msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120_x86 msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120deu_x64 msiexec.exe File opened for modification C:\Windows\Installer\MSIA6D3.tmp msiexec.exe File created C:\Windows\Installer\{A9855401-2159-448A-9AF2-CC0AA49E473B}\ProgramIcon.exe msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1710-0\System.Transactions.dll mscorsvw.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F msiexec.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120u_x86 msiexec.exe File opened for modification C:\Windows\Installer\MSID037.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSID666.tmp msiexec.exe File created C:\Windows\Fonts\Grand_Aventure_Outline.otf msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1330-0\Microsoft.Build.Utilities.v4.0.dll mscorsvw.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660 msiexec.exe File created C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120u_x86 msiexec.exe File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat ngen.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\269fd33de9848d00fa6871ef3c64d607\System.Runtime.Remoting.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxrt\0666ddf90cfc0087652e9140b5e4cbed\Vegmuxrt.ni.dll.aux.tmp mscorsvw.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vcamp120_x86 msiexec.exe File opened for modification C:\Windows\Installer\MSICE4F.tmp msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1708-0\System.Security.dll mscorsvw.exe File created C:\Windows\Installer\SourceHash{D401961D-3A20-3AC7-943B-6139D5BD490A} msiexec.exe File created C:\Windows\Installer\SourceHash{A9855401-2159-448A-9AF2-CC0AA49E473B} msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\9fa25f2de7fde1cb22bafc3dfff42f9d\System.Design.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\163c-0\System.ServiceModel.Internals.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\6c0-0\Vegmuxfa.dll mscorsvw.exe File created C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfcm120u_x64 msiexec.exe File opened for modification C:\Windows\Installer\MSI1240.tmp msiexec.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\320-0\System.DirectoryServices.Protocols.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a88-0\Vegmuxdw.dll mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfc\3af30449ec87d23d8cb3215fb1c70f89\Vegmuxfc.ni.dll.aux.tmp mscorsvw.exe File created C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\53ee2f57567b84681fdf401e10770929\System.ServiceModel.Internals.ni.dll.aux.tmp mscorsvw.exe File opened for modification C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120chs_x86 msiexec.exe File created C:\Windows\Fonts\huntress.otf msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language VEGAS_Pro_20_setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ngen.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7z2407.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x86.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ngen.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Patch.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeWebView2RuntimeInstallerX64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vcredist_x64.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mscorsvw.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 6056 MicrosoftEdgeUpdate.exe 1780 MicrosoftEdgeUpdate.exe 184 MicrosoftEdgeUpdate.exe -
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a54fc9f1d525247c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a54fc9f10000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a54fc9f1000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da54fc9f1000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a54fc9f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies Control Panel 7 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001 vegas200.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Microsoft Input Devices vegas200.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Microsoft Input Devices\Mouse vegas200.exe Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions vegas200.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Filename = "vegas200.exe" vegas200.exe Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Description = "Sony Application" vegas200.exe Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Version = "4294967295" vegas200.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2D msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\EdgeUpdate MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2f msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2C msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Magix vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\main vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0 vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\Internet_Settings vegas200.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption" vegas200.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update" vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft MicrosoftEdgeUpdate.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\oed vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application vegas200.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)" vegas200.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%SystemRoot%\system32\NgcRecovery.dll,-100 = "Windows Hello Recovery Key Encryption" vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c msiexec.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs vegas200.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\ vegas200.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root vegas200.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{09F4E6FE-F1D3-4E5C-B4CF-25D9C378961D} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8} MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\FriendlyName = "VEGAS Graphic EQ" MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedZero = "0" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32\ = "{09F4E6FE-F1D3-4E5C-B4CF-25D9C378961D}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\Pins\Output MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\CLSID = "{869419DD-501F-11D3-8CDC-00C04F6B8E4C}" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000002-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Distortion" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\ = "XpAmpmod Property Page" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\Pins MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1045589A9512A844A92FCCA04AE974B3\SourceList\Media\1 = ";" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\CLSID = "{9E3E4540-8339-11D0-AEBC-00A0C9053912}" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A6F2A13-AD66-43BA-9C43-75FAACA814C8}\ID1 = "98311295" vegas200.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.vf\ = "vegas200_vf" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both" MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\InstanceType = "0" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71} MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedMany = "0" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\VersionIndependentProgID MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.ogg\vegas200_ogg msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\FriendlyName = "VEGAS Track EQ" MsiExec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000002-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000 MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedMany = "0" MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedZero = "0" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32 MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ = "IGoogleUpdate" MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\InprocServer32\ThreadingModel = "Both" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\CLSID = "{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\Pins\Input\Types MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32\ = "{09F4E6FE-F1D3-4E5C-B4CF-25D9C378961D}" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher.1.0" MicrosoftEdgeUpdate.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\Merit = "2097152" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Input\ConnectsToPin = "Output" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71} MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7D328E5-3F75-4137-AA1B-559B1BA54F68} vegas200.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods MicrosoftEdgeUpdate.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E} MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\ = "ExpressFX Graphic EQ" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4EA1C3C6-7D38-40D4-976C-CA2709E27637} vegas200.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4396FC35D89A48D31964CFE4FDD36514\Assignment = "1" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\NumMethods MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.veg msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" MicrosoftEdgeUpdateComRegisterShell64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\Pins\Output\IsRendered = "0" MsiExec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\ = "Resonant Filter" MsiExec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedZero = "0" MsiExec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000} MsiExec.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V12\DEPENDENTS\{EF6B00EC-13E1-4C25-9064-B2F383CB8412} vcredist_x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32\ = "{09F4E6FE-F1D3-4E5C-B4CF-25D9C378961D}" MicrosoftEdgeUpdateComRegisterShell64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ProxyStubClsid32 MicrosoftEdgeUpdate.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 VEGAS_Pro_20_setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a VEGAS_Pro_20_setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a VEGAS_Pro_20_setup.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 182516.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 40 IoCs
pid Process 1136 msedge.exe 1136 msedge.exe 888 msedge.exe 888 msedge.exe 1280 identity_helper.exe 1280 identity_helper.exe 5248 msedge.exe 5248 msedge.exe 3108 msedge.exe 3108 msedge.exe 5508 msedge.exe 5508 msedge.exe 5508 msedge.exe 5508 msedge.exe 6068 msedge.exe 6068 msedge.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 4364 msiexec.exe 3716 MicrosoftEdgeUpdate.exe 3716 MicrosoftEdgeUpdate.exe 3716 MicrosoftEdgeUpdate.exe 3716 MicrosoftEdgeUpdate.exe 3716 MicrosoftEdgeUpdate.exe 3716 MicrosoftEdgeUpdate.exe 4364 msiexec.exe 4364 msiexec.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2632 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
pid Process 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeRestorePrivilege 2632 7zFM.exe Token: 35 2632 7zFM.exe Token: SeSecurityPrivilege 2632 7zFM.exe Token: SeSecurityPrivilege 4364 msiexec.exe Token: SeCreateTokenPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeAssignPrimaryTokenPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeLockMemoryPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeIncreaseQuotaPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeMachineAccountPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeTcbPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeSecurityPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeTakeOwnershipPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeLoadDriverPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeSystemProfilePrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeSystemtimePrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeProfSingleProcessPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeIncBasePriorityPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeCreatePagefilePrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeCreatePermanentPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeBackupPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeRestorePrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeShutdownPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeDebugPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeAuditPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeSystemEnvironmentPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeChangeNotifyPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeRemoteShutdownPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeUndockPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeSyncAgentPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeEnableDelegationPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeManageVolumePrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeImpersonatePrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeCreateGlobalPrivilege 2968 VEGAS_Pro_20_setup.exe Token: SeBackupPrivilege 5208 vssvc.exe Token: SeRestorePrivilege 5208 vssvc.exe Token: SeAuditPrivilege 5208 vssvc.exe Token: SeShutdownPrivilege 3952 vcredist_x86.exe Token: SeIncreaseQuotaPrivilege 3952 vcredist_x86.exe Token: SeCreateTokenPrivilege 3952 vcredist_x86.exe Token: SeAssignPrimaryTokenPrivilege 3952 vcredist_x86.exe Token: SeLockMemoryPrivilege 3952 vcredist_x86.exe Token: SeIncreaseQuotaPrivilege 3952 vcredist_x86.exe Token: SeMachineAccountPrivilege 3952 vcredist_x86.exe Token: SeTcbPrivilege 3952 vcredist_x86.exe Token: SeSecurityPrivilege 3952 vcredist_x86.exe Token: SeTakeOwnershipPrivilege 3952 vcredist_x86.exe Token: SeLoadDriverPrivilege 3952 vcredist_x86.exe Token: SeSystemProfilePrivilege 3952 vcredist_x86.exe Token: SeSystemtimePrivilege 3952 vcredist_x86.exe Token: SeProfSingleProcessPrivilege 3952 vcredist_x86.exe Token: SeIncBasePriorityPrivilege 3952 vcredist_x86.exe Token: SeCreatePagefilePrivilege 3952 vcredist_x86.exe Token: SeCreatePermanentPrivilege 3952 vcredist_x86.exe Token: SeBackupPrivilege 3952 vcredist_x86.exe Token: SeRestorePrivilege 3952 vcredist_x86.exe Token: SeShutdownPrivilege 3952 vcredist_x86.exe Token: SeDebugPrivilege 3952 vcredist_x86.exe Token: SeAuditPrivilege 3952 vcredist_x86.exe Token: SeSystemEnvironmentPrivilege 3952 vcredist_x86.exe Token: SeChangeNotifyPrivilege 3952 vcredist_x86.exe Token: SeRemoteShutdownPrivilege 3952 vcredist_x86.exe Token: SeUndockPrivilege 3952 vcredist_x86.exe Token: SeSyncAgentPrivilege 3952 vcredist_x86.exe Token: SeEnableDelegationPrivilege 3952 vcredist_x86.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe 888 msedge.exe -
Suspicious use of SetWindowsHookEx 27 IoCs
pid Process 5664 7z2407.exe 1920 VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe 1920 VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe 1920 VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe 1920 VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe 1920 VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe 2968 VEGAS_Pro_20_setup.exe 2968 VEGAS_Pro_20_setup.exe 2968 VEGAS_Pro_20_setup.exe 2968 VEGAS_Pro_20_setup.exe 2968 VEGAS_Pro_20_setup.exe 3952 vcredist_x86.exe 3040 vcredist_x86.exe 5576 vcredist_x86.exe 1460 vcredist_x86.exe 5712 vcredist_x64.exe 5900 vcredist_x64.exe 3284 vcredist_x64.exe 4320 vcredist_x64.exe 5908 MicrosoftEdgeWebView2RuntimeInstallerX64.exe 3716 MicrosoftEdgeUpdate.exe 1660 MicrosoftEdgeUpdate.exe 5972 MicrosoftEdgeUpdate.exe 6056 MicrosoftEdgeUpdate.exe 2880 MicrosoftEdgeUpdate.exe 4808 vegas200.exe 4808 vegas200.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 888 wrote to memory of 4376 888 msedge.exe 84 PID 888 wrote to memory of 4376 888 msedge.exe 84 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 2064 888 msedge.exe 85 PID 888 wrote to memory of 1136 888 msedge.exe 86 PID 888 wrote to memory of 1136 888 msedge.exe 86 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 PID 888 wrote to memory of 3888 888 msedge.exe 87 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintopc.com/softwares/multimedia/magix-vegas-pro-2022-free-download-1213161/1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8ed46f8,0x7ff9b8ed4708,0x7ff9b8ed47182⤵PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:82⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6484 /prefetch:82⤵PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵PID:5172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵PID:5180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:12⤵PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:12⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:12⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6860 /prefetch:82⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:12⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:5820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:12⤵PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6640 /prefetch:82⤵PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3108
-
-
C:\Users\Admin\Downloads\7z2407.exe"C:\Users\Admin\Downloads\7z2407.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵PID:5388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7712 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,13638408265270989557,5359932642114728462,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7292 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6068
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3120
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3384
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5036
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2632
-
C:\Users\Admin\Desktop\MAGIX_VEGAS_Pro_20.0.0.13\VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe"C:\Users\Admin\Desktop\MAGIX_VEGAS_Pro_20.0.0.13\VEGAS_Pro_20.0.0.139_DE-EN-FR-ES.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1920 -
C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\product\VEGAS_Pro_20_setup.exe"C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\product\VEGAS_Pro_20_setup.exe" -m C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\SetupValues.dat2⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2968 -
C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x86.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_143054\001#Install#vcredist2013_12_0_40664_x86.txt"3⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3952 -
C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x86.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_143054\001#Install#vcredist2013_12_0_40664_x86.txt" -burn.unelevated BurnPipe.{CE22DE04-16D5-4D22-A96A-08835DAA5931} {E85CB684-2CC8-4AE7-BF74-7032792DDACE} 39524⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3040
-
-
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} -burn.embedded BurnPipe.{FCA63D69-FDD4-4651-ADB1-A5D26CFCFFDC} {8333014B-099E-4283-8D62-79A2A83D9CE2} 39524⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5576 -
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe"C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} -burn.embedded BurnPipe.{FCA63D69-FDD4-4651-ADB1-A5D26CFCFFDC} {8333014B-099E-4283-8D62-79A2A83D9CE2} 3952 -burn.unelevated BurnPipe.{C524DED2-9A63-44EB-801D-D4183B4F3BF8} {A627379D-E3FD-4D82-B3AA-0F315B60CF16} 55765⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1460
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x64.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_143054\002#Install#vcredist2013_12_0_40664_x64.txt"3⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5712 -
C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\vcredist2013_12.0.40664\vcredist_x64.exe" /quiet /norestart /l "C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_143054\002#Install#vcredist2013_12_0_40664_x64.txt" -burn.unelevated BurnPipe.{278B6169-24B7-437C-B72C-83A296BFFE23} {A58E3929-E766-4F84-AF3B-1468D707AC46} 57124⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5900
-
-
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={042d26ef-3dbe-4c25-95d3-4c1b11b235a7} -burn.embedded BurnPipe.{0F06C499-19A4-43F7-B7FF-946F8474714B} {07827730-6496-4F3E-A8DF-CED881489509} 57124⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3284 -
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe"C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={042d26ef-3dbe-4c25-95d3-4c1b11b235a7} -burn.embedded BurnPipe.{0F06C499-19A4-43F7-B7FF-946F8474714B} {07827730-6496-4F3E-A8DF-CED881489509} 5712 -burn.unelevated BurnPipe.{72FE0C34-F2C8-49C8-8F03-8177B37CA7B9} {48135A2B-FDBF-4743-93EF-6F67E9C69AFE} 32845⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4320
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\WebView2\MicrosoftEdgeWebView2RuntimeInstallerX64.exe"C:\Users\Admin\AppData\Local\Temp\mgx1wc5nxlt\addon\WebView2\MicrosoftEdgeWebView2RuntimeInstallerX64.exe" /silent /install3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5908 -
C:\Program Files (x86)\Microsoft\Temp\EU56ED.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU56ED.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"4⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3716 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1660
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5972 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:5484
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3956
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.155.77\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4576
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDRGRDBBRUMtQjQ0Ny00RDQ4LThBODYtOUI1OEREODkxMkQ5fSIgdXNlcmlkPSJ7MEJENEE5NTQtNUFFNi00ODA1LUEwNzEtRTUwNjRCRkIxRTkwfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBOEM4NTVFMy03MUQxLTQzM0ItODkxQy1BNDY2MkNENjk0MDR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTU1Ljc3IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjUyNSIvPjwvYXBwPjwvcmVxdWVzdD45⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of SetWindowsHookEx
PID:6056
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{44FD0AEC-B447-4D48-8A86-9B58DD8912D9}" /silent /offlinedir "{C6CF0793-FFFF-4D2E-92E4-5AF26D62A30F}"5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2880
-
-
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4364 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D46A673C255AEFB87A6828296E2533892⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4568
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D0DD1A85ED05D8764A38DB9621FDDDD6 E Global\MSI00002⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6112 -
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe"C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 10853⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4808
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:6108 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 20c -InterruptEvent 0 -NGENProcess 1f8 -Pipe 208 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:3968
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2b4 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:3672
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2c4 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:4572
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 2f8 -Comment "NGen Worker Process"4⤵PID:3664
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2bc -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:5392
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2c0 -Pipe 304 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5264
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2e0 -Pipe 308 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:5176
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 308 -Pipe 30c -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5896
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 310 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:4916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 31c -Pipe 330 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5904
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 320 -Pipe 32c -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:1124
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 300 -Pipe 334 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:3660
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 300 -Pipe 338 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1436
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 324 -Pipe 338 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:184
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 348 -Pipe 2e0 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:3708
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 34c -Pipe 350 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5916
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 348 -Pipe 354 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5200
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 374 -Pipe 35c -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1964
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 348 -Pipe 36c -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:5616
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 358 -Pipe 340 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2560
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 368 -Pipe 36c -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:4200
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 358 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:6120
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 374 -Pipe 37c -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:3696
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 308 -Pipe 348 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:2904
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 388 -Pipe 34c -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:4816
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 398 -Pipe 380 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:800
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 394 -Pipe 38c -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5624
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 394 -Pipe 398 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:2248
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 390 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5692
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 384 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:2804
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 308 -Pipe 3a0 -Comment "NGen Worker Process"4⤵PID:2536
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4912
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 3a8 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:5852
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 0 -NGENProcess 3b8 -Pipe 39c -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:5176
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 388 -Pipe 3bc -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:5288
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a4 -InterruptEvent 0 -NGENProcess 318 -Pipe 3b0 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
PID:2696
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 308 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
PID:6048
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 370 -Pipe 388 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:2204
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 3c4 -Pipe 3cc -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5192
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3cc -Pipe 318 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:1728
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 378 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:3020
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 3c8 -Pipe 324 -Comment "NGen Worker Process"4⤵
- System Location Discovery: System Language Discovery
PID:4040
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3cc -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5900
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3dc -Pipe 344 -Comment "NGen Worker Process"4⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5348
-
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4936
-
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"2⤵
- Loads dropped DLL
PID:5256
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"2⤵
- Loads dropped DLL
- Modifies registry class
PID:1836
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"2⤵
- Loads dropped DLL
- Modifies registry class
PID:4080
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"2⤵
- Modifies registry class
PID:5636
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"2⤵
- Modifies registry class
PID:5796
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"2⤵
- Modifies registry class
PID:2636
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"2⤵
- Modifies registry class
PID:1832
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"2⤵
- Modifies registry class
PID:2988
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"2⤵
- Modifies registry class
PID:4304
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"2⤵
- Modifies registry class
PID:5008
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"2⤵
- Modifies registry class
PID:5640
-
-
C:\Windows\System32\MsiExec.exe"C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"2⤵PID:5904
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5208
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵PID:5404
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:5632 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDRGRDBBRUMtQjQ0Ny00RDQ4LThBODYtOUI1OEREODkxMkQ5fSIgdXNlcmlkPSJ7MEJENEE5NTQtNUFFNi00ODA1LUEwNzEtRTUwNjRCRkIxRTkwfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7NTFCRDgxREQtMEQ5RC00NUFELTk5NjctRDRFNUUzMDIzRDJDfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI3IiBpbnN0YWxsZGF0ZT0iLTQiIGluc3RhbGxkYXRldGltZT0iMTcyMjYwMjc2MyI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1780
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90034B36-B54B-481D-A9D5-30AEBFB7C9FD}\MicrosoftEdgeWebview_X64_98.0.1108.43.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90034B36-B54B-481D-A9D5-30AEBFB7C9FD}\MicrosoftEdgeWebview_X64_98.0.1108.43.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Executes dropped EXE
PID:6072 -
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90034B36-B54B-481D-A9D5-30AEBFB7C9FD}\EDGEMITMP_2898C.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90034B36-B54B-481D-A9D5-30AEBFB7C9FD}\EDGEMITMP_2898C.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{90034B36-B54B-481D-A9D5-30AEBFB7C9FD}\EDGEMITMP_2898C.tmp\MSEDGE.PACKED.7Z" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2732
-
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTUuNzciIHNoZWxsX3ZlcnNpb249IjEuMy4xNTUuNzciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDRGRDBBRUMtQjQ0Ny00RDQ4LThBODYtOUI1OEREODkxMkQ5fSIgdXNlcmlkPSJ7MEJENEE5NTQtNUFFNi00ODA1LUEwNzEtRTUwNjRCRkIxRTkwfSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7NEVDRDg2MjktQUI0OC00N0ZELTk1NjEtNTA0QzFGQzVEOEY2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSI5OC4wLjExMDguNDMiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY2MDgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZWQ9IjExNzI3ODExMiIgdG90YWw9IjExNzI3ODExMiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjEiIGluc3RhbGxfdGltZV9tcz0iODc1MiIvPjwvYXBwPjwvcmVxdWVzdD42⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Network Configuration Discovery: Internet Connection Discovery
PID:184
-
-
C:\Program Files\VEGAS\VEGAS Pro 20.0\Patch.exe"C:\Program Files\VEGAS\VEGAS Pro 20.0\Patch.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4316 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files\VEGAS\VEGAS Pro 20.0\error.bat"2⤵
- System Location Discovery: System Language Discovery
PID:5880
-
-
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe"C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe"1⤵
- Executes dropped EXE
- Modifies Control Panel
PID:2360 -
C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\FileIOSurrogate.exe"C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\FileIOSurrogate.exe" 10332⤵
- Executes dropped EXE
PID:4744
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Component Object Model Hijacking
1Image File Execution Options Injection
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5c0228e9acc2d3ce9c8c21c3608a9131f
SHA17ab3d6239402611c3dca304e89dab6384329584c
SHA25645bc758f699b25f6df81b4c6e9ea562a9196a4ae1456815e69ac83467506e6e6
SHA512093c047481908aa2cbc1524107b997c3a8169c13a9529e3505562854c98d1396ac96800de399418bba01704390bba3a1dff61acb68750abfb959d93c58ef0fd2
-
Filesize
13KB
MD511f74d2f8dde0f57a87dec9e6d4a1a6f
SHA1df71a4625b07dce848cfbc910a94cc543ad126af
SHA256a344f3eac5d48a21dc9f4344a7055f0a57c0ec8e4b492b66cdaff9b709d876e6
SHA5122f7dedc84b75bde55ad846fb711ba9c0a3d6bc124ef27b6ad4dd9e6808f4046fea06267e7da32c84dac4941bb916ba366e67c37306630c5d7db093f32a859828
-
Filesize
444KB
MD5a883c95684eff25e71c3b644912c73a5
SHA13f541023690680d002a22f64153ea4e000e5561b
SHA256d672fb07a05fb53cc821da0fde823fdfd46071854fe8c6c5ea83d7450b978ecb
SHA5125a47c138d50690828303b1a01b28e6ef67cfe48215d16ed8a70f2bc8dbb4a73a42c37d02ccae416dc5bd12b7ed14ff692369bc294259b46dbf02dc1073f0cb52
-
Filesize
948KB
MD52fb20c782c237f8b23df112326048479
SHA1b2d5a8b5c0fd735038267914b5080aab57b78243
SHA256e0305aa54823e6f39d847f8b651b7bd08c085f1dbbcb5c3c1ce1942c0fa1e9fa
SHA5124c1a67da2a56bc910436f9e339203d939f0bf854b589e26d3f4086277f2bec3dfce8b1f60193418c2544ef0c55713c90f6997df2bfb43f1429f3d00ba46b39b0
-
Filesize
331KB
MD569004e08c1eb19fcf709908103c002fd
SHA1d59459f9a18b2e9a06e5af2b88f4fecb0ce690d5
SHA256c1b61dd24dc2dd5efd5cd548c0cd74fac112358e9e580df4d780d2c125474dad
SHA5123fc67a5fccb252a67285e19d62057fb4e3c63e702f4be91e552f93d9827cc746b8fb43b4a3b24b7fd5c48832d18a1dae26c1bd237f40b7b88618d402fdac1a76
-
Filesize
242KB
MD5c7739dd4212d084d299df68f0a0debc3
SHA1cba81d847d91bfea5c03279c0ca03fb1aacd4ae9
SHA2561d67a8464991a03fc190d87b43591764f231d7a7a71a72ffc51d982b26691153
SHA5125b8e98e6764460f9afbfa6dd34c12ad59284003eea99997c9e1db9b4a85ba30ac8b6a699b2888388dc424c547918137d42984bf040ac3d292e612bc433368fb3
-
Filesize
117KB
MD590419039c035404fb1dc38c3fb406f65
SHA167884b612d143aa08a307110cee7069bddb989a0
SHA25662287589fc0b577398005f7ac07256d9fe671cdd3e5369faf74b9f64cb572317
SHA512e632c78c941861e61fbec68e333e6549cd4bec683593db92c2522e162176bd64160dba37d4226c1599cfe1d77b36d5d4c452dd2f453c291a15310dfb607f3414
-
Filesize
3B
MD521438ef4b9ad4fc266b6129a2f60de29
SHA15eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd
SHA25613bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354
SHA51237436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237
-
Filesize
26KB
MD5fbf6ae12c7031085d3005ebd5adf9549
SHA17d971ddb99bd31b0080e98d61b68409185fa055b
SHA256f1c30aa71c5a86b562df00c1cafee3235cbd4f473bde41209e50d98629a6eb6d
SHA512c007d6d3aaddcfe33756de707f5e1d32f45e03267282fbbeb5e9aaf5ec6534b6329de050b6fe605c56c767e683fbd5b43c6eeeeb4ecbdb51d8a089fe43e00a9c
-
Filesize
22KB
MD5cfda62c343a26d08517aa0f688b030b9
SHA1933b4a4f97af4b4cefd6c141579b688a7eaedcae
SHA2566bb996953dcb8d2370a210f4e5823360be12c22a1343c28527cdb9a3287c2045
SHA512f252bb2990e0929960545a9a4a829c82eaeb83cc89fc8e7663409f029044b86d5ee318ae327a50809418d7ef86a7d7940185aa003d4064a8ed330c4d85cc2f25
-
Filesize
45KB
MD52f7c88c43a8966882ca89ce4981e3cde
SHA1588bdeae6eab1f447771bd6963b5b3329196e686
SHA2565e7331a6adeb9d4252531ade800d47b8ddf020b97cfedc58de85386b3ae64e76
SHA5123f2eca126fc821e36aaf4430a0f41af1a060396f52cfb2efd1c3be2ab9d69cfac870121c646776c8b15e8561938ac30367bc5687bb9a79f0c19156c3b56249a7
-
Filesize
45KB
MD570bbafa7c8b0aeba0e25e27c440a6038
SHA144a5e06229ae4f6ce6d3b2b57cb3b6050667def2
SHA2569eec79bd4af04bba1e11fc24c64d94f30c22985c8ebbce3e0b411a61a1edbabe
SHA5122e9b8696c1b4ab8e721fa07b6c81fe30613f0d188250991c573af95263688b7db6e25ebc4c030825724248c9713d9c5b772f199369785ac615ad2d2fdf527f8a
-
Filesize
73KB
MD509936f1f2ad5ae9d0663b6e8709527c7
SHA1f0e5945663e65405d94c394db83880f713295104
SHA256550f6c9f16fe85a8338b04f1bec43de3babeac60ff257197625f2802907007b8
SHA5123e95e1e3f2043e1f0a4baf1267e82f912bcd5830ae6c5abc750a38a0666b1a6b9e1169dadb58bc2eafae00a2e11bcf574ea805f3a1f07f77d5450d1265e8e7f6
-
Filesize
63KB
MD59becefa155c8c9f5ef5bf9d537c0a258
SHA14f33f6d08685d50ce799df6369cb5efc51673e12
SHA256d1dbc7677010f9af7b680ea2efa28c964154997bddbf6c8d9d65ea225a5ec613
SHA5125e9972cfe26c0fc6a0ea38643c644b5ac33e4ddfc1cff5b25017c81f3121ec7732565554f43c1916e9f8e2b1d84226aacd2cc4d6805425c2f1f1e7683e506ff4
-
Filesize
72KB
MD530281f2891b6deae8c0deb122b5906c7
SHA143ed0c7bf45839ba07501c1013ba74c97b4d0beb
SHA25687e5c496e038c337ca1acee52c145d8f4bdb3e74261b13e1feb740c4e2124e0a
SHA512cb0e3f3cf89af55e4b849b3f4f883d8348fc8f806690db4fff238ee54bc5f80a34e53c7e8a22dd9d1dc57c1a60c69d3e25ad9cc52ac66628613cdf358e7aa537
-
Filesize
73KB
MD5b41aa9a167ac3d6c11b5c2e1e183c11b
SHA1ac8efa5f7b8211e4dc0d0d0e6bc7717f88d2c0ac
SHA256b098ed9a5f44052b9ab5ceee82ab4cea5c6d9a14a61816882ef996a0599838b2
SHA512de667f1fe0bcb0ddf8f59054a2d5c516ec47ab59f7e78e29ec8a2cc756c72aae65bb73ea03701c67c978166649d69278fb0269e9588d968f630165bcfa6f40f8
-
Filesize
71KB
MD52bcf9a28e5fe7a3fefd16a9c03d35dbb
SHA17c1446d8ca4d2c6890d62c02308daccb8be5475f
SHA256271abe43d14cbd8c80b85ec804787272522bc06c45b7f93244b718ab0c08a289
SHA512445ef027eeecda4361834334706079053ce9a735cbeeadaec37f28c4f9a485b07ba156178c2cdb1f012d1760d0495d041deceb6372921eb94d18241eb304eafa
-
Filesize
52KB
MD534b5ae129703de4a4bb5f52f4306fdf6
SHA1601ba6cc73cbbe6d7014519a885fde2c9e9c2fba
SHA25643cd9fdf714b7dfca4b2a8f54bc25ceeddc7a6212ba59233d89a03c650053407
SHA512016dae93356e42a19f4fb4d34efa04e93f802e5de3157c29ce940d9637d697d2b7a4f61b705b5b5df271b97d942cb81265d0fe7c9561c0ef3c46c249b8b7fb9c
-
Filesize
52KB
MD5f89147c034de186e3ab79326523888b8
SHA1d3e6c00363a429eae066953f7c187e33c687ec6b
SHA25632dfe0f26b5024ec900a31f0dde736ca62769dc5de48238b485f4322cd367e7d
SHA512d7842681f67b46f67233ad0f7c57c7155f152dc25ef546a08fb91914ee54984b87f9ccbd8da3e40d012b251fffade838f2d779681afa84c383ea7982f0ad1cfe
-
Filesize
69KB
MD5d7f2e87512d19d01328840187fc7cb04
SHA17a312b677b76d7303e01da6064f1a5e0fb26c604
SHA2561154c537bd700ebbda599a5c2923e73d098c3eaa930fd0f4d415583ff90eea67
SHA5128a00cae2dc0d59e530cd43bf84f33301f53ccdd96477787805b487ffdf6869223621414cf180a1aafb6b8910ba19684c02c60226a651d051eacc4cac1fbd8c2b
-
Filesize
4.2MB
MD5293002e4332f01c74c2a843b5c638a90
SHA12e412f945ac4353b4908c87e31b847415b3ec19b
SHA2566130ad7d21a492cd3f3924bed43d954f80b6b6920374934b9eed057f27130e15
SHA51249eaf5633debad535ffc6584c8383e21c99f7a3a81a0b3496943af0e79853399649706ceda9da9990c259d605ab163c22c08f641b91e80c8a14d519837a595ce
-
Filesize
4.2MB
MD5e1629a36f15824346bb54a9ebe9b622f
SHA1ee5d55315ffb351e24b7c918c82e6ce4ec17a645
SHA25668df186e26151313a0df2adb0ef5f3a45ebba3cb02229bd8723a29dee60e278d
SHA5120301ed7ad473015478f32afd3e41dafd045eab26ad42080bad6030324564a7ed09a7516b8d362b5cb2201d087eb25f2bb7ac5fc809a387f49f893ac3df8814bb
-
Filesize
81KB
MD536ca9bc41425660ad80f23933e6e9f1f
SHA13206186f932cd5948062a837b5fc2094ddb1c8b7
SHA2568c82f149507c3415250e52bf4c7fe937946a60d51f07492a1e36ab3e14482187
SHA512a58eee2824bad90ea0790bdf55c5b58a6eec5f3e87bebf5a941a6dbcb8106c6d96b7eee0a022c4a16f35d80e38501fed54d88127f30de0e9fdd22e4df8fa2ea5
-
Filesize
81KB
MD59b73043d5646be7b544e3ac3d49b7744
SHA1a3eecb1a85c244d5428a012041eee947462e7a09
SHA256d6d2ba4ac1606e825216a25ab401d26d77c4300299e957cfadab3b0b945d065a
SHA5128f339c23f8d1e8eed1bd055a31c027e5da03d916769468394ba1befe7b4f2586e67e8dcf29326ff40abb0d879a45f886398d5d733c988c507860d1ece16ed83a
-
Filesize
18KB
MD5fedda4cf0058960172748615d3b7f1b1
SHA12d2bbadeffc44917befb752eb796f86a1cd8fc7d
SHA25639756371feaa6792147f0e5829cd5fdda80e91332e046f7a2755f8366832513c
SHA512a44cd81763c30728e1947d79c0f2c0728d81c4dd29c36fe5106af247ce86416b0a5835c1609a9072a4ae1201e3c0a4824c4b4e867371b04ea6b80ccece20232e
-
Filesize
14KB
MD50b61d78cf8984fa4e508af79ad9517b1
SHA1ec6681fd1a8cddafae2f34bc85d00243e206ff35
SHA25606370406a6e2b882d02362c97f417c641390a4cb777489e80a28f145010b1872
SHA51287eefd261519ef2fd97264db097b1746161643dd9270b7a646fb3a19e95913790bf6fcc763a47ca2acc1921f7ff3ce121d33719f212c6c7373ddc88404cf7548
-
Filesize
644KB
MD5edef53778eaafe476ee523be5c2ab67f
SHA158c416508913045f99cdf559f31e71f88626f6de
SHA25692faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f
SHA5127fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8
-
Filesize
940KB
MD5aeb29ccc27e16c4fd223a00189b44524
SHA145a6671c64f353c79c0060bdafea0ceb5ad889be
SHA256d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa
SHA5122ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006
-
Filesize
470KB
MD5f0ec8a3ddf8e0534983a05a52bce8924
SHA15f6d0265273f00ffe8e30cf507f0d05d330ff296
SHA25688a5ed51a7be4ff7ebded0c107fafda6ace3801877216c0bb6cbb458ae054a7b
SHA512d7b084d7f20de29ff16341df2756861bb7ac22eab0711869b3e77a84d841fb76a898d7459ca1be62eed522caa1f022c891a7d30c94bf0fff1bb4d016be8aa9bb
-
Filesize
348KB
MD5ea1e99dec990691d41f938085f68bcc7
SHA15fdcbcd777e10e765d593994dc66f930c1377b0e
SHA2561b296bd172332d3b2253bdcb6ecac46afef883f75c13c361632ff40fec743fcc
SHA512e90a40bd8e20bbca3c6188a78ad75578e51d88aa638e0bbfed4f6f6efdd0917e92b08ef4b0ccc2dee08774f08658b189e25234270e8ce1ca60a7e0ec8e3fbcf8
-
Filesize
134KB
MD5d7dbc7c92177837431ae2fd7fb569e2c
SHA1c26140204a6db421842ad36599326a5369fd1b5d
SHA25622d14e004ba4b78a9143257399dc40ef4d0e8f2cdb9127e1ba2638f54cce5c70
SHA5124f2b197ea912b5ea1a82ac84e1c15ca8e3787460cd79a32733ea920dcf3b1db5cf0507ad7c94f4e4ccab9dfc6773a9d05a8eeaa7bd7c61b63d780b69ed7ae0d8
-
Filesize
27KB
MD5e9e6dd7ff46e9cfd0438bd8c1ca44e87
SHA164e88de1d09197b017d761edc34969cae3457e25
SHA2566d51af7d30f16f329304b4fa45380a08361ff2e5b878a4ed15f4fb63496e178a
SHA5124d2307b64b39030cc7f9ddfd85b09db592aecb9ea4996b0352e80a68e665cda72e878ba23d39405a1ff7b699faed76c8d93a3d1a806e64e2ecae2ad0d36684df
-
Filesize
22KB
MD5a9e4fb52365b959316df1c53f357ad77
SHA1ade2a7adb6d022cb51a1ac503d8a5cd322dcc4d8
SHA2565b138823523c2e0a965c004ecf84054cfb10a00c082c65b28801440b9db50171
SHA512b56238e3f152aabbfcad4bb97edea78fa8f1cef63d5d3e7be837d28446dad90b710759ab63bab2fe9494097d22d1a691002ac4ef659e50d6556fffb8198f499e
-
Filesize
45KB
MD5f96a9a88487a27de7b3e15c733cf1fe1
SHA10a4157f064349b0370b8ee3f244f44debd04b4c0
SHA256cb531679be2881677a93d11067c71274ec30b30aadf1cdcf1543dddd6b1d7b61
SHA512df5390b235157e65efa3a9385a7ffd6d5f4f2471306625f01370ed463c65b81c4274370f93b5b0d04d44175c57322d2f2fb1cdd2bcbc123997f4ae4ae9557f0b
-
Filesize
45KB
MD56a5e17d5a4b24e5c2b947a343a182949
SHA1ddf5ed505953e073f09b17e8e2bdecf2766c6a4b
SHA2560301c5dc6e762788891356987e9c8cd0d40b262df06e8384bf5796b1f20f083e
SHA5128a383192f9f6e6c4fab24645cf7c30fa927881451f0e65175b724717151cca6fcc49ed3394cc689407f19a7b1afd6b462688bccb898912762b804eeeb7cd8d97
-
Filesize
73KB
MD5bfc853c578252e29698ff6b770794e6a
SHA11091dced7b18bdd7eda2be4d095ac43cfd342b7d
SHA25680e0f29ff6b7ada892f23927f17021783575ad80f9f6c8a268a6c2a7ce35e5d6
SHA512306445384614b48d3182a91c8adf8d8206c36efd88abf23753800566f9650518af382164ca1a17ed000888e6a99c175478ad621d0a0d46c9bc7d5359113e05fb
-
Filesize
63KB
MD519b7b852ac2dec695e6a52801e59c421
SHA1cd72265e1a6a64c761984980895d92cb93bc61b7
SHA256e463f38fa6b6157398ad224a462538bd8e36b75031fa711e567c5505a9092df6
SHA512d0fd9f75820d3dbdc4001ed6262a940f062655ebb5f31f3d45d984e38b1bae2e5a958665b79b5b4aeb899e39348ba987c82148bfd85477e69249d3a59a076017
-
Filesize
72KB
MD59ef2dc352d20b615a556be53b449b17c
SHA1933b2a39f3d730c6b5d437558d0db68c5d2c22b7
SHA256db4fc3652d24224d5375d1a5696144ac8881332cc20f5992ed1488236e64c120
SHA5128031a4d0e44beb290c48292a0987108ed6d6f56950dfb17ee4671e692407fcbb8dc652d82907d8f98db2f841689f9480aee6fbce60cf2bfa1d0d6294c3f6da91
-
Filesize
73KB
MD506473191b67c8b3d1a26b76474c5daeb
SHA194c72bb597c365cb77f621e6e2cf3920954df2d7
SHA256e7cb6c2818ca27c864bda635d5b5d9f7bdb308f4b5d4bbc206ee1e135b7dbbf7
SHA512237c144cd3cd78c4a4eeb5c6a22043a8e604bdbd7182b89bacb81135b1e3de08780061dfa3664508cfbdc01e918fa2610e317f9441b10c4df8def1ca444de4eb
-
Filesize
71KB
MD5713e30e13c1998e035cf4ace66b03230
SHA12d244e01c2bd9f3f17dfa0b74c19ce6bc512e1b5
SHA2569cfc5985440df4e70b57869b32c8ee69eb6fc570a98cc94a53141a0dc7535e10
SHA5128a2581aaa125eb45543e679e58be7040d151cfcfe0625f6e62dccc3fcf87872d3504b30082036d5219dc4c8493600838d31b2ddfde3ba0bc1b2b6ef97078e29a
-
Filesize
52KB
MD5689b5f0061a67ac95f59a64744702186
SHA152227dd2c8a66c0528bff28475846faf7036340f
SHA25683fb72fd2142d54bff6280e7c4d4ff22d43c3a81fa4ff8881003abbe5e21ec3b
SHA51230b4e01d20c6c3ac1b799dd4d23fda3ca988eadb59356f84aff0a0760572b5c4119ef21467494e47a7d74dd6b136633a6ae40f45ec051d5cacbe44b5d6255d42
-
Filesize
52KB
MD57d03ffc6a8fb686abd660efdc3aaf223
SHA13d04c53971a525cc3255ff1eab05ff0cbad75bb7
SHA256b2c7fc2c95b13bac36316d298c94d842dd2574f78e9c22e4d4e4af1c3fcc0fd9
SHA512b5d41294630e342f2242a91c9dcf9085cddbd2389860e14c741147cb695425971cf79339b523d28fd3189589e5f948115359b89f59a03186e3c6a103f854f4e1
-
Filesize
69KB
MD5a99ad214ccd1e7bc1f609b972467b0ca
SHA19ee79954fdb2338026c3c81da00ab6e7e6c2e1ff
SHA2563238676035d9c1595248ef65ef5b044384b473ab9bdfe8d1077e10e4fe7bc983
SHA512da1f8a4dd82559635ea53dfeac1817a9ced1d247a170a8153a54c05c371fc80aa2fa958bc5c515c026815c505f70fb374178f8ccf94836b66c4a7e23dab1c083
-
Filesize
5.4MB
MD5ee4af4ceb4b7fded7cdda37faef69704
SHA15ab8f2ace2f4a1892ea4a2a26df5ee7e9cd497b2
SHA25675497de4aec4b5f0f258164672db2eb55eef5138c028317860e05f11030f7b7c
SHA5124f807157e6bd57ac37bd1d8a52ffdc38e330e517101a1ea603096d8728b04c9c2ae96e510b961c87536e957587ce169fdece6bc3ed5e5025aa87c0f276da0ece
-
Filesize
5.3MB
MD5a6d08e8e290c80822842015cd877d405
SHA12ee9d28e20a73facff20be87092e482b562dad41
SHA256950ff7746d747de51cc09c1aaaf88fbc2fc97c59865f574cc3fb10243ae7b906
SHA512b6dfc3d0ef4f57c116d44b201fae187c9427d4fe7cad969f50f9408af40071d811e88698134491f479923b259a47d0b528e7ea23790248314e902ee24d0b93a2
-
Filesize
89KB
MD543aae7bfb0c911e7e98003e2b45667e6
SHA10c6c7d96cd0eca734e425b1ddef178c3ab6c31ce
SHA256a78e7988c9f99bcbe02d29441b0dcbdebafa616d2a4652aad867b81f554a0476
SHA51233d1293a7905ee9ec58b9a7744981006d6dadafb75ef64769723de02ba273f344a20e20d206d64d2453746549fe471328a035e2b5cc8e485e7cfd2c2fbc7c6a9
-
Filesize
89KB
MD50d5451a0050f7acc970ca02459c63d9a
SHA12de9febca0b1d48014081907e835237c832c65b0
SHA256864958960b8dd2890d47f2774ba836954f2c4f5ad6e4d529b13138caefcce73e
SHA5124d0b3d3d494c1774ae4575eb945f3c0742b723d6583d98dd36cc51a1d099b8f1a090d4b18c54897d1d58a67381b800604724cb609447860105bc2e0e8d5094a8
-
Filesize
15.5MB
MD5ec990d45dc131e4472248c47d3702380
SHA111a3c801396f2de4c7e00aa212ea1b23ef94a79f
SHA256a38978852e3f5f05f993feceb8c4eb9f8cae564105221efd238e1eae223083fe
SHA5124fc35168bc620b0d21721b709e7313521131e569798ab392af97ae47f72f28149e59464605851a01597a9d8caf4d62c852cc2c318a89468e25b2e54d54504c98
-
Filesize
3.0MB
MD5c0af69fc8e601eb1d3123889fc3bc613
SHA157a863ac53499034e287c0697a8a35b828e724b2
SHA25693da62653499196cb002fc418d93944cd2ee9468532a43775337b502b7d78c80
SHA5122b68d697980260eceff105ab41f6a10d35df2c3f7ded7e0dd9bd3aabe9237715dd3688b3495a2f1c3b629b7d2fb8692e0002ba558df952282169d74f683e1d54
-
Filesize
209KB
MD50032498af2ebc50357cb31f1024c87fb
SHA19818522c47ec379ff7bddf92ea72cd831691d094
SHA256c6bdf041b02561700c71c6275df4704a52d1fed4ba6a1bec98a602c6c325d6e7
SHA512f83fc43ca54e87a67d949666ca8c30721f372312042be978b01dcdccd530ce5db4d3d9d6ddc934a92c079825b91fd988f362cd481dd87fa09ddf2cfac85c05c3
-
Filesize
364B
MD5aa8b1aaf407515ff2fe454995bfc5daa
SHA13b729362d3fe731e3e52d429c14d7fe43b9d0f40
SHA25637ea38acf57d5dabaf18d89496e13b78d60ceabc322d52bb523d698330d7c387
SHA512dcadf529760d6ecad030a35f029e9b3936d909e6a55c4e5f192443f8718a75a34650aea8639525d423ca49c8d6f9a8361c9279bde19656274bda641d6a86a610
-
Filesize
4KB
MD55633d0f24fe622b3c2a343d55e0ce6a1
SHA133a651e4fa1a0baec44c644aa340083435a64188
SHA25624f317e999cf23b9a2fee265b2d23fc8ea9337df5590113da4205260a35041be
SHA51293151600d30464bc45229b3d2e3e20e70c60e82a3a70a84a309ffc575debcda95d1eee24d8ca32a914c1f5ffbda626dd1166096303ed361f85d5c6cb960178a0
-
Filesize
2KB
MD5d6ec7a20c3516d4c67257ac5a07a5bfb
SHA17f815e8dee26f797998be621a4e7d72a9ea52d28
SHA25691864a10531d2151fa672733693445212a44a7bfc7dfbca75f0ac3490b4bd904
SHA5126948400641286d34ceebda231a190a8d45e2a827e9f4d26960cf248423ce032b1dedbc6eb9746981c8d64bbb85feddd76f32a90f31d1f3165d3eb62d4cc3e96c
-
Filesize
4KB
MD5f855183b9027a34bfcb654ae86d70275
SHA13b1720dfb0594d0d2584861f1914dff7f3c1bd27
SHA25661be1ef5e49ffa966fd3a0f5b9f49cc4929985496fe0bba7d76de74b48413451
SHA512eeeec48300c50897eda325fcc087e0695aded8ac7e08eec3703efe70003bef02e7c7020fc29bc42ac571cc65e5c6cff3f8581555a1568df5ca7e90015373f809
-
Filesize
1KB
MD5f772485d6a08e941c8b13c45281debd8
SHA18cd72fbc29f60e9026819cf5da50f56c0a8c4496
SHA256c3a017a794e36802cc6fce387fe26a675871dc0c1a0264018cc007e4dbda5d86
SHA51240419083dcc597fd31905747e383452deac2dead9c7788f8a1a9dfa52e6b8c0d56ea78ac69c9c00831e071846c554a904e24e6d492819370e4b331708e534cc5
-
Filesize
3KB
MD51ede04aa1fdcdd2ea6758dfce819188b
SHA1883ba66abba4bf1e4ceaa385ca9e4ef1cba3d834
SHA2564ce5f170b3ed14d6e864c0c066c8f49bf72fd0dbea47919e16c483d2b8a70dc1
SHA5129c1004cdcf45ee2ec9e38c90847710c285ea22d103ba8091507c1be6f80f6dfc123505fe132f459e006c0587853f6e9a3ddb49337c9849455aee373985529610
-
Filesize
4KB
MD5355a4587490466dcd1e5f7c05f1a3549
SHA11012a7198548fbc98c99734456e4e1cf719eb8c5
SHA25690cecf48894ebb617ea3e55ace9d905793fe410333fb5e0d919693cfc72f4b03
SHA512581af5bf6a24ce3fdcc6826f164563c0e46a9c481a969c82fcfceccf596a427254004e576e77c37b0acdc169b05414b62af88e33ae6df2beb4d7ab7e544d3068
-
C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.ko-KR.xml
Filesize122KB
MD5069da82f697d7f0fcfb418bef6906dab
SHA177612368f47efcdd9f9b556f16051cba8c6f049f
SHA25637c850d079ca1b28e773812cf7d022a40e32a2c5f9ca629060183d984cce5542
SHA5125f04f9f69f6f3ddba5410df6720954b5fa148a8befa2c926dafe701dfc31ba9d9342d5f4bc8b4ee8984bf18fcf6742fad85171ea6d6341103a95afb51c157beb
-
Filesize
2KB
MD5fa703609338cc05f182d4d0d7d07fb1c
SHA1cc34fc7d8282a2fc2bc4610ac671dce0b82661f7
SHA2565a31feaa4bdbc96da11a4f68a7fcb36bb791dc073b41e109f7d085dd008790bc
SHA51205e30eed8c0d921e721d3382dc26bbbef047ce77564c5926c122477500f28ae11e63522e93dd119436717878fa065d4d83e02f33d2c4e71c2c9eb1ca73412e08
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
218B
MD56442392fd24fe949531717a3d4af52e1
SHA1791c02ebc00eb16e856e15af06dc119584bb1268
SHA2560d97c6dfa2f6e339bc58b7d24218c7fabf61cb3876826d5e174b7a757a0df655
SHA512190dd180c1c38acc80f9f5a2885e39521325ff9c72f55925adccb4f0b7c8d1ec8a8874491257381d50b7d9a4e6fcf42c0c4a335e2f95ebb0c57ca5967990131e
-
Filesize
1KB
MD5f47aa9746fed2eacbdf0bad3206b526e
SHA12786131fe4da952dc8f4131e2d82777ae1fb5a52
SHA256315b53a586fa8882ae2909bd687e1269f9988ec3b961d3c66833a2dd8e874021
SHA5121a5add1e643c6b89952bcefa844eb8c1b8fcc6890e1834470e3cf259fbf43c3fc3a6b2e0cc425d94da2100fcda75b24f9f73dd4bff54752859fb3700cc2c08ba
-
Filesize
1KB
MD5dcee176d240f95a24a2a794b155c4a20
SHA1613cad9251cffcd3c76a73ae4cc49f3307c1b552
SHA256f8fa4155cbc814665edac509f05a624a62ca9e97d18dde0412af918584f602f5
SHA51214e8d0d78a53061fe3913c23efa478e6115f2a42b639219533e4e875b7a7ad40c9ee116e92b9c12e5716dbf7de70f7a48f4f83f9187b23b474f8aa87650e3ffb
-
Filesize
1KB
MD56e4f484f8aa5e2535c9b17dc93d69627
SHA1d8fcd3fc06e493160e6509f66e99e6130e06461e
SHA2560dbccefa0eb86e22e866c8dfd4c323e630ba94b82f8aa226202009d5030d8001
SHA512bd3f0ed0f0be03ddb9932f0a8e0b2428d9b643b8cd2ab103b0d8e0c7e387605cb0650485ff4368fd53de4c3e5d4bedc5593f4986cadeffb4b31a3d8ce13025d4
-
Filesize
2KB
MD5977ea52f7dbad82458aa03e89c18c366
SHA15ef30d5ef8d1427eee420d92dda112f0f6afd510
SHA256c1b113802b4df6040fea2535f662cf2eff441e656ff9c5b1ac08f310ff860ca3
SHA512f2af7052149d71538152444c3000ad214c6d65e3b93c4a9dd1133180bb5921b294c8cac3c8cf0a5372457b14980df18b211aa90f46dfeca48ffcf4867db2041c
-
Filesize
24KB
MD5bc8b639e7a2cdde356451fe6a64a12fa
SHA19e1f11ca216bfc94cc1f306a7b5a722b6df0d4ce
SHA256fd7815888f37930050c439788ea2a5a20d1804734f0f852a1f10aae8257658d2
SHA5125e159ac4a947389aff462b6ae719918e156a313419bd38597d7726d7940428ddd60ec15015ad5990a3a1ebe3d588aeb76dae8597ad7dfe9803ddc2aaeae41251
-
Filesize
61KB
MD575e2c2906eda2a4be1c20fd392d7d13d
SHA1e72f00d540a5b7850fbc9cb9ff5c555b57c41db7
SHA256dc503966bea6df78f2599d803b30bc9de966c75decde9a614528560229b98b36
SHA512480418ee5a1d829e446aa4875a0cf7b39e51f2f3cc92f5492f54bdebe8d81c7445a30ae16b083437708af05a856fafd4f6bdf3d21cc809b6854dc9c2b66f668c
-
Filesize
402B
MD5355bb8ff68a4a5d6c4c2692b55dde9d7
SHA1455c92404269e74c44c24dfc620b7dbef5173135
SHA2563a9ecb09f9cb6be4a6132121d52832afcbb2fd2da03c9d84257d33a8e5ac3ec3
SHA512a57300d288109ff347f979be985f8965145787e18de9f36d03cbd7e8eb8e1cd39491847de86b37138bcb86207f9ea2f753b70c2715e05b3fd5756548e3e14050
-
Filesize
12KB
MD562aee45f8dea59bd167e7a1c76cae032
SHA11927720659de475d1d54c05fb8629207e63aa0ab
SHA256fde4b9ff8e51f8916ca7ab5edf667b1d2628a2ed7f953ba7fa36e6a1a6010654
SHA512589a3cd8abf51715ab57ca5bee7c50401be8e30614919ca2393d9ff6c0265c71a3d17589ed6d122f154796c4174ace9a63c079a2c5814bacae30e5d1801e4a4a
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
20KB
MD5631c4ff7d6e4024e5bdf8eb9fc2a2bcb
SHA1c59d67b2bb027b438d05bd7c3ad9214393ef51c6
SHA25627ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82
SHA51212517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e
-
Filesize
20KB
MD58c34c7b82f4668c975defa63ea3c9911
SHA101aee6e4857efb1898934c58dfbaab60a9bafb75
SHA2566fddf44c880fa4ab45d21e764fb4371c8820b7b1c49502ece0fb5e1eab95ab3e
SHA5127b8db2103dedf6b36759771c5b0451d6e2feb8ba889a07f1dbb869c229739e4343636ab5fe0bae8ff7ae5798d533caf3e408e34b71be72d0bfdd076da5a6104f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD51a4dfe946634a2b095f9783667598ccc
SHA1b9135ac299dc04824ca58ed5c2ebdab31ebfc98b
SHA25642c28b8ea0302132c9c272dd6c8d99081f03d5c8e67d2092baaf9044819542b4
SHA512e1974c206c62b36e5c3478a6213e997cf507686d592399135fee7e69475084c81fcaaa0065272fe41a4e97dd5a817cafc785056b862ad4ebf9c6be403cc7c5bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5ab7b5aeb4fc80ec25a0fff8b67b17dfd
SHA1e11a8d63e87258cc1ef10ed5f21fdb1289331c81
SHA256f1b296e3ae9a2d6ddaeb600442b84ffbfade13498cc06c8881533411513e5769
SHA512e97036b8a360eec85b89a23c5974bf4dd3794c71405f9f62cead9cee023930a241b513f5aaa752a6b8b0958399d1e358075e86be52f44a6b732a73b8007ab053
-
Filesize
4KB
MD58abbf0107c8b87e53be78af6b5b02666
SHA1f0cb8fe236ed48888da5ba8268abcaefc379b2cc
SHA256ee0b2c70dce6343cbd70a582b246275157782eaaa65971dc71d1befbb6f547f6
SHA512f61ece64a766c98237310367a5a7b41e4e725305d08c50801ddbc4e94605610c3b0090ca8e4f49c09d9b073c7137f15d16066482a2e436e521b4eabac0746b47
-
Filesize
8KB
MD5c9cda1686fd75543f590d3791fee2d97
SHA186b77d55855d10018fc6ad42133f7f8d5f98f4f4
SHA2562cde0a05307938b62abcfd6e1d717a58dd532b69fdb41e81200d1e0ac9a58bdb
SHA512569e683cfee3266ae37cac04231ff6b0c303fb08957fc3a26aa270cd65adea7a61c4ff77e629a870a349a751e9d492bbc8c9b90666c96238ebe3312bc86d885a
-
Filesize
6KB
MD56e53b847e26e959ef8e12b49397443b2
SHA1bd8632f5e766ed149fea3fea66d519933a64c430
SHA25653c9d321c7ea069ed6d0b29814b58c10595b0209c5d386acaa145228dd15f480
SHA5123e8d24233a15220e030b2bcd3e3f83113119985ca8f528c54cc2506bc878897cc9e1f01aaf1010669e203b3a2140e971f406fcaeef90ca107ee6ab4cf972ae13
-
Filesize
9KB
MD524a867564925db639512becff28028e4
SHA1a311cc734374e8e30631a8c8f86bc84402c361e0
SHA2565ea94354d00b101c1557b1558a8abf7e76e7746dbfce30b953e2f382a2c94ece
SHA51252bb59b56180e9f49dcbeaeaab70314b1aacf7011e7c5d03d51b8f2a98e592607e7abcea42e9406231645b55f43c772bcd334e4227a7491773a04f363d7080e1
-
Filesize
8KB
MD58c14b4897b1156a00427ae4473a8d399
SHA1a254ac00545ac828d3d2762327c90d83ec5a0342
SHA256fdae5fe5513430a766ebb346bd75f62b9fe6effc5a629e493734abe15c92736e
SHA5122afaaa03169f57ef187521eb68fe6f57c718e955f5c6ebce5857ffb250488fd861149602fac25dc28a6bc23e393b9f2bad7f6cb55bca034972439b29d5786407
-
Filesize
9KB
MD5b2d60eb3713a0816328d8c7c38c458a0
SHA1f1b8ac10cb75e2f1f79a89371e69162b8db5867e
SHA256e1886e63d53e65b313edb1183465921ea15235f4112a3d14985ced014e325a21
SHA512298c62f09fba4cf4581d52e77a719f19cf427972c3786081204852f2cf3698a41416b2d0cc512be5ccb07842456176eaa44cdc241b76d7cd336043e911c251c9
-
Filesize
9KB
MD54f4f5939e14a8531c2598f72115b64e7
SHA141510ca961b7d71f03929ee628e6864b269ba586
SHA2561879ba9b6639190d029eb98cb361e833cbe738a2f7d3beec45a585c3d89980ff
SHA512f12822cc79cea0d6e967ac846d264e0980f7a9301ab4230b0e5b858104d85e857db864fa6a4ad504a5a0688a81adc181b2324adf28e117bb50b0607eba369af1
-
Filesize
1KB
MD51f463b9dc3af16a906e580f2f2e76307
SHA1da101a70239299730ff44b18eb0d539bfc9fc7fc
SHA2562aea2825a0189afae04827ca6d62039accb4497d729295927362127babbf6205
SHA5125cd052d17f8e4081beeaf7e41735e52a094cecd9dd72ae65529b342ecd66d6a241e71eb81ee4229258eec74711e00f2a9ed0ef5eaab415e12255c262b96366fc
-
Filesize
1KB
MD5aea30f81feb2c21cbb5ec3723c43c96d
SHA10f51af2f92079f686d7bd8ae0d986cd4cd894d45
SHA2563a45eb2079fe1f375d4bba69c26f178e9c02f38c5516eec99caf1aaaa750c87e
SHA5122ccdf46718e91fa6daa504994c1262740802c66cd7b3736e1df23c2338d4ccff1e4bf83fd756a6ad175cfdf2dbd1c12561320bc62c53e296fad06a0388e42fb6
-
Filesize
1KB
MD55fc1022a0bab8b02043693db3477bae9
SHA128cf550ba80c6e9d76019bd46dad67705c03d228
SHA2561ad0a4a26a6d25418575512b43597325f17941cfefef619c80c20a6a886bff5d
SHA51293c4cbe49718d83e8152351b3557b4583277c5c3c935ffceb780e598b9bf4e3becee5f3ebcd6f68749d8db35574917432262b1945bee4e947d87b846b450441a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5734df61346381faabad25e9438275156
SHA1145bf13506fac9b20bc677150b75cdda0746fcc1
SHA256d88fe54c51dfa49a3761a8d24d1319e8d6c0455bd2aebb2eafd027e663aa4b64
SHA5127f7dec7ad5f93decd760d4e81af471cc72d02beec6c67ddea9ee4c5f01681b1071de6bacd80b8726059924e7b3e706ee56c180355c86744a9e968dbeea235fbb
-
Filesize
11KB
MD55f79b23197a06b2aebaacb28b6c35d10
SHA12480bbc9795f72c4a0710901290125207c07beb6
SHA2561965f99440e47cb49971ae312475addeb698974f01142662550eafdfb788f264
SHA51206d8831579fff914a94e68363ff5d9f3d6faaff4b1d27b90eac71d7e680fe72b68c3c0d629959513461145bcd5932dba5de428f6e61a7fb971cb89b94875ddb0
-
Filesize
11KB
MD5e8e314f9edcf640580106d8136740926
SHA1d8745da8a3e13185ff2320b689d0fdf6d9b5e83d
SHA25677caf3d2e3c9911694f2a48a8eb6941045014099ad0cf1f913c6b028789967a6
SHA5124f510187fa628369b7abc74e7e1d7e230f58b8d03a46f59094502d44f220fb70d23b5f44912695b0271ef653d0ec82f658f4978cfac965b2c31a1d056933f772
-
Filesize
12KB
MD56a6384f024b8ca678fa30a740284a072
SHA1290fe4c9c8dbe825799fd5079ebc2aa0863bcd61
SHA2566644e7e7bf25720751f2a03b91a75f2dd07b23e3a7ff3e4c9fefead991eb4d57
SHA512f1b2e7d4910f1b956fe84c6eae4afe91b8b038d1a5d308dea49e3b143d415aa047987f53df5347dfca48a686fdb368e53a4f0368bccada9ffedd8fdfa3167578
-
C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_143054\001#Install#vcredist2013_12_0_40664_x86_000_vcRuntimeMinimum_x86.txt
Filesize2KB
MD56dc0086f0931ae52f463e804b3a32a6d
SHA1360d1f5482b2e59d20d36acd203eeac62c98264a
SHA25610129f873ff21abe591f3102e13b5d39219023538b673775b1b73051abb62eb2
SHA512cd151511d93c9e41864d4ac6d6b0ec1a1d1e7bbf1c30c2a3e74983349e76bbb307e2ccf1f95ede040f4ccd20ee845dc8fd3ec73c1bfda7632c75474d7851486f
-
C:\Users\Admin\AppData\Local\Temp\MxMsiLogs\VEGAS_Pro_20_20240809_143054\001#Install#vcredist2013_12_0_40664_x86_001_vcRuntimeAdditional_x86.txt
Filesize2KB
MD5132efa66ddc2f828a206293be78c7bcd
SHA14a8125ba28df648e34d49508f1089a3b0d452183
SHA256cc06176e03c7c73fd631a5335e8a166a7c02ed056b7e6dab1a9e9456ee0c3eed
SHA512b8e573049a6f5d23dbf26c2606a4571da15c7fe554c3efba2cf0915e7af2781cf2d10d31c376c5a4561fe38848b5517308477a1fe033eca76f26c592174a47d3
-
Filesize
6.9MB
MD549b1164f8e95ec6409ea83cdb352d8da
SHA11194e6bf4153fa88f20b2a70ac15bc359ada4ee2
SHA256a4bba7701e355ae29c403431f871a537897c363e215cafe706615e270984f17c
SHA51229b65e45ce5233f5ad480673752529026f59a760466a1026bb92fc78d1ccc82396ecb8f07b0e49c9b2315dbef976cb417273c77f4209475036775fe687dd2d60
-
Filesize
6.2MB
MD538a1b890ce847167d16567cf7b7a5642
SHA10f5d66bcaf120f2d3f340e448a268fe4bbf7709d
SHA25653b605d1100ab0a88b867447bbf9274b5938125024ba01f5105a9e178a3dcdbd
SHA512907a9aac75f4f241a85ecb94690f74f5818eea0b2241d9ef6d4bf171f17da0f4bc702e2bb90c04f194592fcc61df5c250508d16b886ed837a74b9f45da9627cd
-
Filesize
1KB
MD50f9b272995d5a4006119977e95fb2686
SHA1b7f626600d693c1cf05cdf8cc00cc6fd5c412098
SHA256b500fa16098cba0b9a60340834185c5d1c3b60528d1ef86b262785e37d727e11
SHA512e4fdfac2f0c5ce1e90167bea82931590c99a73974bf6cfba6bfea4d56b919e2a47be158b458d90686c7a6badffbd2777b43c7492b092b71729551d6bbca664b0
-
Filesize
2.3MB
MD5106dc03b6e83113c84709cbd7fef4f2c
SHA11e4d1d835f82557ca17f1f5016eb525f42429514
SHA256eb1e26006d02c6ee5f49b8f321f84bb9aaf167169a298f4b306539bbd85a3254
SHA51255c135e7f22d479d383a592154125e217631a377e64426bd1c119b86f2bd3f9034723daa19af0012eaefff1b9369725a73ba932399057663672eca59080662a7
-
Filesize
48KB
MD5a39462cb32fabbed15189cc0275cbf00
SHA1ef209f952e0653b4a1a65827becffa9dd45b1b1a
SHA2565e6e353911f45d829ca31b70f1d763730f1e8216785aa87e1ac57f9c9c23f2cd
SHA512f8ac2f8556f3ea0d97f6bdd4c80c3c04d9474c0e36e80ec00b416ea688e253a1b206749d4ad58f6b584313388b9a5c9631e4015fb0feb4fda8c51e62524f33d8
-
Filesize
48KB
MD5928f2477cfdfb7a531de1f77d0a97fdb
SHA1ad386e5cc50f63b407a9f847f00c3b813abec37c
SHA2568f6efacb230ac2587524b13b4ce1e95d7de51800a495dbbfa7d846057678a632
SHA5122f87f6e53a65181f5405df3cecaf20de9f7f19f9fe67a8c90118406ffc791e74636f6154a69ec222154c4482932174b976ec7a20cdb3cd6d49bf5d0732449fa8
-
Filesize
52KB
MD53ce3f886f3a7716fb901b2d24f89ea60
SHA1c0cce042c925a4d687e44d709f042ee998bab4f2
SHA2560d7eeb6a2ae87a64cc7c1f1c09bff69a7f53f8bf758d7fcbe56b0139975dcdd0
SHA51205e299f91e75db24239bee5bd00d66425792100feeb714dfc9b4f14a1f826cd44b006e462b9b07b7b8bd876425f979618cd9157825e4711e07e787600fbe3987
-
Filesize
4.6MB
MD5917717e087557e261275260f84a3b276
SHA1d087843ed032c2ebf87cd82cc76b3b8ccaba2d57
SHA2566a562ea680d7300a582d8ddf204342a6bf332a2cf883f43668ce0bd4a3315346
SHA512ddacad901355a3f3acefd1c4cf28de7799500d1cd512f5f9f1ef087e20d17c2b83d27926ed346a7607bafc55e7f81890e73ee7e502f1bdc38e1f44016fd9a2b6
-
Filesize
5KB
MD5165d5e68beedc583873611ecf592c4bd
SHA1fa8dcd59626bdde8f0304ce6ec09567057f18ef3
SHA2569c017fab68cdcaf3dfa8e27bc4d330a40e5e90d9faf8bdb26762adec0075b485
SHA51211b8017a7d98a9c94dcb67c23ad3b7930995744029209cf976be043780c60eee4e1c1ff756a67bc16c634e62b1609ba774a436638d36c5896d10c957c5389e2a
-
Filesize
2.8MB
MD5b8c935669d29c9471636f2abdefc2b29
SHA149b85eabed1bda1e2d45633d674c30109d6f798a
SHA2566a6f786ce2d44bce9ffc0622855e45f024a745ba194c08190dbbe5ed8427eb1b
SHA5125657599417a38d635b6b5f55ad2f11ddaaeb7ff9deb6e66029b2a825471de0fbf1c529c2bac75e35200d750250a58f246cff09a6ec63bc56a2215a9db9cd48a3
-
Filesize
36B
MD58708699d2c73bed30a0a08d80f96d6d7
SHA1684cb9d317146553e8c5269c8afb1539565f4f78
SHA256a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f
SHA51238ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264
-
Filesize
6KB
MD51e47ee7b71b22488068343df4ce30534
SHA1deaee13f21ab70b57f44f0aa3128ec7ad9e3816a
SHA2568518f0420972c1dbe8a323ffc6f57863af0b80c6a3b27fd0c6fc9bdabb7e2d13
SHA512c4c653bfd1fc493b0efd8f9c75495287818179dc35969d1fb1927faac3ff9189fde1131c5abbcc3963f707412a7f8ad05a9e6855b7d47d6df1f80d25d67be9ed
-
Filesize
2KB
MD5fbfcbc4dacc566a3c426f43ce10907b6
SHA163c45f9a771161740e100faf710f30eed017d723
SHA25670400f181d00e1769774ff36bcd8b1ab5fbc431418067d31b876d18cc04ef4ce
SHA512063fb6685ee8d2fa57863a74d66a83c819fe848ba3072b6e7d1b4fe397a9b24a1037183bb2fda776033c0936be83888a6456aae947e240521e2ab75d984ee35e
-
Filesize
5KB
MD50056f10a42638ea8b4befc614741ddd6
SHA161d488cfbea063e028a947cb1610ee372d873c9f
SHA2566b1ba0dea830e556a58c883290faa5d49c064e546cbfcd0451596a10cc693f87
SHA5125764ec92f65acc4ebe4de1e2b58b8817e81e0a6bc2f6e451317347e28d66e1e6a3773d7f18be067bbb2cb52ef1fa267754ad2bf2529286cf53730a03409d398e
-
Filesize
1KB
MD5d6bd210f227442b3362493d046cea233
SHA1ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b
-
Filesize
117KB
MD5a52e5220efb60813b31a82d101a97dcb
SHA156e16e4df0944cb07e73a01301886644f062d79b
SHA256e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf
SHA512d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e
-
Filesize
455KB
MD50ce624d3a5a586c2bdda26b748da78d7
SHA1b9ed0a86eae645ba19ed08327888a4474c95e34a
SHA256fd597b58a578cfa46e1818b3b4b795ca6d25225dc11ee86cd491f3d55d7b235d
SHA512e5bc577bd319eb3ac70c527acfb313fac817e63f5184e6581f6d813491ca0f1a0f80583c14c2b9f2b8fa1df5938c2ae3318a91bda41171c63cd1670c55a85b7f
-
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\cab54A5CABBE7274D8A22EB58060AAB7623
Filesize973KB
MD5258b65eb9fed187051d5fcec7ce65dc5
SHA1b9afc5fcd8c6ca2ee3dfe9507e9adabdd9ded039
SHA25680a29d5ce27c6794b9a38e5d5b98d535f877ac3363f450ee7ac0be9394426e49
SHA5128d5b4c14deb07cc1bf70abfd6e04573822eff3b3937fb3867f5300d97c46f900f2446f923334d1cf5b51b17eeef063d6d59e8540456f310edecd98d223125bb1
-
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\cabB3E1576D1FEFBB979E13B1A5379E0B16
Filesize4.7MB
MD57fe64755ed8427ee4512760b69cfaee1
SHA130b8c69a5eb83a1804975f04fd0e701e2e9d98cc
SHA256e12efc1bc0c61a7b9ba10a07502ef6833297d028368760da26e63218b744da79
SHA512dc6c9dc1cb0502be87281ad5bae3ed54c5cfc7cbc4434880f1ba7a33599fc5503d8192ce6afbcf8ffcc142955f593e9830e49e72c0d5c9a7aac5f91024eac38f
-
Filesize
140KB
MD5b547a22dcdcf3d035a56f52f1b16c2b5
SHA1ec9e2fbee0a5c43c021365a35d1d6d04eea335b3
SHA2567cef0419f52c47f41b9546065e6788f20de07a7f1e647589ab52d88f6c7e50a5
SHA5126d49cd8266575f3a9cac205425f1fc11b70a58b0a657ba3e4ebafab43cc37ccaf54f551cbf367c8c08b2a6710f82a18ccffb3870683a9b922c91cff19ea7b65a
-
Filesize
140KB
MD589d36fccb34b319b60d1850863e0560b
SHA1f356410e3946063b85750f54998582510b9672c8
SHA25660714fcdac0a7cbfc45e6ed9bc6d4b7f8536947f630016e5faca5cce1745adcf
SHA51224e167d0305811409e433c8d78716e9b3af4bce4b3f372276f4730ae7c802b8be8f193a70ac0d44ad6e083a35f03fcfdb2faaae4a9975c9e2ef1254285b0309f
-
Filesize
23KB
MD58c9a233796c7a98c56e33e3816be6015
SHA1eb216efa84eeda1f3b518be133934f21803c28c5
SHA256556603c375a6a6e3ebe28ca18088e011c9b3574279a3d62faa58dc035dbb7740
SHA512eb86f324c82c44ee68ac52e8e1fc13446874f321b5ee5ef053c63c2e851799439fc40b0da916b57549a3e16676d21cfcccf47b81ebd53d947c20a858f10ac414
-
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-523280732-2327480845-3730041215-1000\0f5007522459c86e95ffcc62f32308f1_a5c5e2ae-85e3-447c-9e0b-c9a7b966d823
Filesize1KB
MD5bc5a1acab1fd601e9924f778482d8deb
SHA14bb2126c223bb7963e553be26222eb86161c1704
SHA256f5a12e46267e4c683cf62cdf3340143a259398ff3143ec31018b72281d4c906e
SHA5126706bc830f8ff24554feb256b2dfefaa43ee6742b2b50c14b92b5c26a5998f273f63fefe61e58e2372cd415c2357134caf03ec2312c85d059c7cc184c9a98b2e
-
Filesize
1.3MB
MD53f6d2cef65fe49a38190781a0cb46707
SHA16132b1cbb8b81a587d3eda3c9ac3a1c434fb13b0
SHA256151261d221ba0f6120c7f16700ab0724b92ff3230f05a89ef15dbcd8198678bb
SHA512731b8fe2c578444ce859bf2061c342b13716e49647d99517358b69740e2f6e49d751474c241f25381b0e194defc2af9fe0f434aedd3bd96aa39cbd19dd457a58
-
Filesize
109KB
MD5fa69e5cf4218af3928b2fd555d68dd49
SHA19aaaa287cd9ba0ab05e8a5f0b60b61f302091f02
SHA256275fde668dbf6b346c8eab30755fc0514e6a1fc361d2e266931f904c2a0ae354
SHA512dd7c9ad37bbf602021795079319b62c2d709c6ac077f2d087f1084dd040206975bd32d00a602d7fe7a98b1bf40d259390ae8edd2a56ebf51cfa6603cb5d46bea
-
Filesize
1.7MB
MD57cb17fb61194fa5f2fd93f49a035b75a
SHA1f0dbeff9a5e8f138586f7e8b6b4a7c431f2ff0f4
SHA2568a78c9053c8b3645b0aa8423893f653997b9f40aa5a54c1fc4c947ddeefb5e3e
SHA512d0acbec1d67c9442be82f57b2529783f1d06be9dbac11646a8ec22591ef8d6ac848aa546448be05fd0e14394d0e5adcefa4b49ff24b0234fd745d4ae0cb14da4
-
Filesize
181KB
MD5785ee78478d43f00870e91fa96b94646
SHA197e3f06230bb97333db9574e56a187c2b5dfce50
SHA256b8665993cd5f7224e35c122a5c1965f8c4f2b4d9d41f75160b515e66f9affc53
SHA512d34cd716d1925c2286a0d75a4e31d8a3deaaf381322cbd1931d3e26a51addd1d37f6c72f6511f6e7058c8ad1f016f4fa26e9594b02bb7bbba874c1b2406ac3ed
-
Filesize
352KB
MD53e9a039fdd1a8b125b1409bf76cdb9b0
SHA18b99aec15c9a2482d5c9bef3ee7eaa4b8809881c
SHA256b36f8918846b210e2863d606d9dd536a708ecdb0310d5d151631f0981edc25b5
SHA5127e8e1e57fcc617d6625cc53af7c893edfb2538f985ca3c91a8be46bcabe7a11aabb6f2bc0b12474602519f171d6c267510601a6760f8aea44836a2323e9d0b13
-
Filesize
148KB
MD5991acf535b1c6126704d47dcfbc2a03a
SHA1a9ca427c64b6df441663f574ccedc92e18492bcb
SHA256541199e0103329de50377c8476bf9b233e91424a44cd96e955d361a545902334
SHA5122af36cf378ad56844ced501dc6050aca3231af0011a20242b9f994a121aa5958ca8b0cebbfc70dc59a7d6f952c1b88836414bb6d6295aed727582d14ed2d53f7
-
Filesize
117KB
MD5c1a43f0b58be9892362b11f0008d3b1f
SHA1608f5bd3cbd729f6475a611c1347143c91b2323d
SHA256810a77a90aa2ce17cb328a7d36792c0c815a752bcde0751554031c9867adf228
SHA51299881ecb643464a4e6170b64c5474c84bc128edc78909db4c4e9f26af0cc48edfba291fc76cd157dedce8c488688f03d6611f1b3a32dcab16dca39dd12d80712