f5c92dc82eee7ab066ca48d335125a548110a86f843e52b1549cca1669d0c628

Analysis

max time kernel
1051s
max time network
1051s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/09/2024, 00:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MAGIX Vegas Pro 20 Build 326 (64Bit)/MAGIX Vegas 20.0.326.exe
Size

295.7MB
MD5

a0a43da9c7d2664f7682e42fd303e614
SHA1

9331f4aed4786a95cc1f38ff20d6bc6fba4d1c6d
SHA256

39809648100bc4f03fdbb34eeb345e2a4b5fd0b6cb1f3947c20a4a9c7aad52e1
SHA512

2bf993af6c8a99c64466561159a3907ff7648218c278188e08f8cf3bd0335ecbd52dde51ec033f2a337a2d4aba66ec27ade554e386ae2df2b11b77c989708020
SSDEEP

6291456:HWtaYshdENz9XnYUTyrBEFrcoW+gWioIb0cmqlDHqoXPsvgAp5n5o9DN0nqA8:VYUdENRXnRGdKLW+g3L1dYos4ml5odQA

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 14 IoCs

pid	Process
4476	MAGIX Vegas 20.0.326.tmp
536	vegas200.exe
2668	VEGAS200.exe
2364	FileIOSurrogate.exe
2716	So4HardwareDetection.exe
4408	audio_plugin_scan_server_vst2.exe
3388	audio_plugin_scan_server_vst2_x64.exe
1860	audio_plugin_scan_server_vst3.exe
2752	audio_plugin_scan_server_vst3_x64.exe
7404	vegas200.exe
7900	audio_plugin_scan_server_vst3_x64.exe
7864	audio_plugin_scan_server_vst3.exe
7832	audio_plugin_scan_server_vst2_x64.exe
7784	audio_plugin_scan_server_vst2.exe

Loads dropped DLL 64 IoCs

pid	Process
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
3096	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
1076	MsiExec.exe
3604	MsiExec.exe
3604	MsiExec.exe
3604	MsiExec.exe
644	MsiExec.exe
644	MsiExec.exe
644	MsiExec.exe
4864	MsiExec.exe
4864	MsiExec.exe
4864	MsiExec.exe
1320	MsiExec.exe
1320	MsiExec.exe
1320	MsiExec.exe
3104	MsiExec.exe
3104	MsiExec.exe
3104	MsiExec.exe
4872	MsiExec.exe
4872	MsiExec.exe
4872	MsiExec.exe
1236	MsiExec.exe
1236	MsiExec.exe
1236	MsiExec.exe
1612	MsiExec.exe
1612	MsiExec.exe
1612	MsiExec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\DLLDEV32i.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\id.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\libGLESv2.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Online\MagixOFA-cn.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcmp4xavcs\mc_cpu\mc_enc_aac.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfplug\mc_enc_mp2v.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\so4_blacklist_vp15.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] Very Light Guitar Room.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\29477.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\wicplug\wicplug.dll	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Patchlists\DeEsser\Default.epl	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\flacplug\flacplug_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\DeEsser\[Sys] Male Vox.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm_to_REC.709.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\eFX_Phaser.htm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\ProjectNotesHolder.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\REDLogFilm_to_REC.709.cube	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Limiter\[Sys] Default - no AutoMakeup.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\colorgradingwindow.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxInterface.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\compoundplug\mc_dec_aac.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Win64\ofx.cpu.executable	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\udf_image.xsd	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\VegasOfxRotation.ko-KR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Phaser\[Sys] 4_Stage_Feedback.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\2.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mxfp2\mc_dec_dv100.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\mcplug2\mc_demux_mp2.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\qt7plug\qt7plug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\pt-BR\ScriptPortal.Vegas.PublishOFA.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Online\youtube.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] Synth Arp 8th 16th BBD.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces\luts\adx_cid_to_rle.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\TransitionWPFLibrary.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Crunchy Guitar.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\obook.gif	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Rhode's Chorus.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\sv.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\hu.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_2000_nits_Shaper_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Online\MagixOFA-ru.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Microsoft.EntityFrameworkCore.Abstractions.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\Vegmuxdw.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] Analog Slow SlapBack.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\27666.htm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Log2_48_nits_Shaper.RRT.Rec.2020.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\locales\ms.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Presets\PresetPackage.zh-CN.xml	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Acoustic Guitar.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDFilm4K_to_REC.709.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGASCapture\swiftcapture\libGLESv2.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Snare Cleanup.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\StatusCodeTable.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\Online\MagixOFA-pt.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\so4compoundplug\mc_dec_mp2v.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Vox Cleanup.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\22.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\opencv_calib3d460.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\FileIO Plug-Ins\aifplug\aifplug_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\Dolby_PQ_2000_nits_Shaper.RRTODT.Rec.2020_ST2084__2000_nits_.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 20.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Resources\Filters.ja-JP.xml	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\BdmuxInterface\f8d81de9187dfcefb289921547845d9d\BdmuxInterface.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\3c0-0\System.Transactions.dll	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\45c6202a7ea96c52643221352c836c4b\SMDiagnostics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\6a8-0\Vegmuxfc.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1158-0\Vegmuxtw.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfo\54d70009d8c550f62f9d6164c828d310\Vegmuxfo.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSIADF1.tmp	msiexec.exe
File created	C:\Windows\Fonts\beyond_the_mountains.otf	msiexec.exe
File created	C:\Windows\Fonts\SilverCharm.otf	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\690-0\System.Drawing.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\8bda73cef6393916778c1ceb3ceb61ac\System.Data.OracleClient.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\31c-0\System.Web.ApplicationServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.8dc504e4#\da3b784b4517859cfc67b775643ac0a6\System.Web.ApplicationServices.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\6dbe1f10baaa1b605d747b4359036e1c\System.ServiceModel.Internals.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\Installer\{1D7D3DE9-717D-4E28-A6D7-CC15F8248F9E}\ProgramIcon.exe	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\91c-0\System.DirectoryServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dired13b18a9#\3db036b964974b08b3fba860d798e263\System.DirectoryServices.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt19c51595#\058dade460402fda33db1e4d46f7fdd6\System.Runtime.Caching.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e56ab72b3cb799f6c8bc89580ba946ac\System.Security.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\b64-0\System.Data.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\40c-0\System.Drawing.Design.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\895d11cc37c1157a9bce484cc8bafecf\System.ServiceProcess.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\Installer\e58abcb.msi	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\6a4-0\BdmuxServer.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\mux.net\9cfe4f257be604b3dcc85647d64e80bb\mux.net.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\49c-0\Vegmuxfb.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSIB156.tmp	msiexec.exe
File created	C:\Windows\Fonts\docktrin.otf	msiexec.exe
File created	C:\Windows\Fonts\Julietta.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\880-0\mux.net.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\c4c-0\System.Web.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\638-0\System.Deployment.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\880-0\System.Windows.Forms.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxrt\2a3dac2e3489c4e253064f92807221bd\Vegmuxrt.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSIB145.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBDBC.tmp	msiexec.exe
File created	C:\Windows\Fonts\hotel_de_paris.otf	msiexec.exe
File created	C:\Windows\Fonts\bakery.otf	msiexec.exe
File created	C:\Windows\Fonts\Mustardo.otf	msiexec.exe
File created	C:\Windows\Fonts\SilverCharmDuo.otf	msiexec.exe
File created	C:\Windows\Fonts\work_in_progress.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDAFD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIAE21.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB0A8.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBA0E.tmp	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\8c157f86f29b8ccff884035d0d5b8b95\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\a80-0\System.Data.OracleClient.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Draw0a54d252#\b6cc22a0294ba9df6eb9c94e885840f1\System.Drawing.Design.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\Fonts\LaGuapita.otf	msiexec.exe
File created	C:\Windows\Fonts\MarkMyWords.otf	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB8C1.tmp	msiexec.exe
File created	C:\Windows\Fonts\hotel_de_paris_Xe.otf	msiexec.exe
File created	C:\Windows\Fonts\huntress.otf	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Vegmuxfb\c8bc806c54b029fbeab9ad3d18fbc4d4\Vegmuxfb.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\139c-0\System.EnterpriseServices.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\f70b7c9f1fc4d6a6be7cac2cd5c0eb3a\System.Data.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\d40-0\System.ServiceProcess.dll	mscorsvw.exe
File created	C:\Windows\Fonts\Grand_Aventure_Rough.otf	msiexec.exe
File created	C:\Windows\Fonts\mark_my_words.otf	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	ngen.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Fonts\bernadette_rough.otf	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 55 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audio_plugin_scan_server_vst3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MAGIX Vegas 20.0.326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileIOSurrogate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audio_plugin_scan_server_vst3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audio_plugin_scan_server_vst2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	audio_plugin_scan_server_vst2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MAGIX Vegas 20.0.326.tmp

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 7 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Filename = "vegas200.exe"	VEGAS200.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Description = "Sony Application"	VEGAS200.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Version = "4294967295"	VEGAS200.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001	VEGAS200.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Microsoft Input Devices	VEGAS200.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Microsoft Input Devices\Mouse	VEGAS200.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions	VEGAS200.exe

Modifies data under HKEY_USERS 25 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\Internet_Settings	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Kernel	vegas200.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706615882812431"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\	vegas200.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\701 = "0"	vegas200.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application\700 = "0"	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\logging	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\keyhook	vegas200.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\Internet_Settings\CallbackTimeout = "250"	vegas200.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0\Metrics\Application	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix	vegas200.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\autoupdate	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\oed	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\VEGAS Creative Software\VEGAS Pro\20.0	vegas200.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Magix\MagixOFA\main	vegas200.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas200_pca\DefaultIcon\ = "C:\\Program Files\\VEGAS\\VEGAS Pro 20.0\\icons\\sfpca.ico,0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\Pins\Input\Direction = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\Pins\Output\Direction = "1"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\Merit = "2097152"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Multi-Band Dynamics"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Output	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedMany = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\ = "SfTNoisg Property Page"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{413A0975-168F-46C8-AE58-88E8D4D36AFD}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\CLSID = "{ED1B4100-93BE-11D0-AEBC-00A0C9053912}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\Pins\Output	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Output\Direction = "1"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000000-0F56-11D2-9887-00A0C969725B}\CLSID = "{00000000-0F56-11D2-9887-00A0C969725B}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\03F048F3672C0654F8D505532D221039\9ED3D7D1D71782E46A7DCC518F42F8E9	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\ = "ExpressFX Distortion"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{54F29260-79B1-11D0-AEBC-00A0C9053912}\ = "VEGAS Simple Delay"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000004-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\ = "XpEq Property Page"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D6802BA0-A056-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\mchammer_x64.dll"	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B97C0F22-196D-11D1-B99B-00A0C9053912}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\FriendlyName = "VEGAS Track Compressor"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.ogg\vegas200_ogg\ShellNew	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\Pins\Output	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{607682E0-6E21-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000009-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.w64	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\ = "SfChorus Property Page"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{F09F6980-7845-11D0-AEBC-00A0C9053912}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{00000006-0F56-11D2-9887-00A0C969725B}\CLSID = "{00000006-0F56-11D2-9887-00A0C969725B}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\Pins\Input\Direction = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.sfa\vegas200_sfa\ShellNew	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.w64\ = "vegas200_w64"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED3D7D1D71782E46A7DCC518F42F8E9\SourceList\Media\3 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Pins\Input\IsRendered = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\Pins\Input\AllowedMany = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Output\Types	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\Pins\Input\Types	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}	MsiExec.exe

Runs .reg file with regedit 3 IoCs

pid	Process
1680	regedit.exe
3448	regedit.exe
4484	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4692	msedge.exe
4692	msedge.exe
3092	msedge.exe
3092	msedge.exe
912	msiexec.exe
912	msiexec.exe
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2668	VEGAS200.exe
7404	vegas200.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3048	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3048	msiexec.exe
Token: SeSecurityPrivilege	912	msiexec.exe
Token: SeCreateTokenPrivilege	3048	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3048	msiexec.exe
Token: SeLockMemoryPrivilege	3048	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3048	msiexec.exe
Token: SeMachineAccountPrivilege	3048	msiexec.exe
Token: SeTcbPrivilege	3048	msiexec.exe
Token: SeSecurityPrivilege	3048	msiexec.exe
Token: SeTakeOwnershipPrivilege	3048	msiexec.exe
Token: SeLoadDriverPrivilege	3048	msiexec.exe
Token: SeSystemProfilePrivilege	3048	msiexec.exe
Token: SeSystemtimePrivilege	3048	msiexec.exe
Token: SeProfSingleProcessPrivilege	3048	msiexec.exe
Token: SeIncBasePriorityPrivilege	3048	msiexec.exe
Token: SeCreatePagefilePrivilege	3048	msiexec.exe
Token: SeCreatePermanentPrivilege	3048	msiexec.exe
Token: SeBackupPrivilege	3048	msiexec.exe
Token: SeRestorePrivilege	3048	msiexec.exe
Token: SeShutdownPrivilege	3048	msiexec.exe
Token: SeDebugPrivilege	3048	msiexec.exe
Token: SeAuditPrivilege	3048	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3048	msiexec.exe
Token: SeChangeNotifyPrivilege	3048	msiexec.exe
Token: SeRemoteShutdownPrivilege	3048	msiexec.exe
Token: SeUndockPrivilege	3048	msiexec.exe
Token: SeSyncAgentPrivilege	3048	msiexec.exe
Token: SeEnableDelegationPrivilege	3048	msiexec.exe
Token: SeManageVolumePrivilege	3048	msiexec.exe
Token: SeImpersonatePrivilege	3048	msiexec.exe
Token: SeCreateGlobalPrivilege	3048	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe
Token: SeRestorePrivilege	912	msiexec.exe
Token: SeTakeOwnershipPrivilege	912	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4476	MAGIX Vegas 20.0.326.tmp
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
2668	VEGAS200.exe
7404	vegas200.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
6364	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
1604	msedge.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe
6364	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
4476	MAGIX Vegas 20.0.326.tmp
536	vegas200.exe
2668	VEGAS200.exe
2668	VEGAS200.exe
7404	vegas200.exe
7404	vegas200.exe
5636	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 4476	756	MAGIX Vegas 20.0.326.exe	80
PID 756 wrote to memory of 4476	756	MAGIX Vegas 20.0.326.exe	80
PID 756 wrote to memory of 4476	756	MAGIX Vegas 20.0.326.exe	80
PID 4476 wrote to memory of 3092	4476	MAGIX Vegas 20.0.326.tmp	82
PID 4476 wrote to memory of 3092	4476	MAGIX Vegas 20.0.326.tmp	82
PID 3092 wrote to memory of 1420	3092	msedge.exe	83
PID 3092 wrote to memory of 1420	3092	msedge.exe	83
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 3616	3092	msedge.exe	84
PID 3092 wrote to memory of 4692	3092	msedge.exe	85
PID 3092 wrote to memory of 4692	3092	msedge.exe	85
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86
PID 3092 wrote to memory of 2936	3092	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\MAGIX Vegas Pro 20 Build 326 (64Bit)\MAGIX Vegas 20.0.326.exe
"C:\Users\Admin\AppData\Local\Temp\MAGIX Vegas Pro 20 Build 326 (64Bit)\MAGIX Vegas 20.0.326.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:756
- C:\Users\Admin\AppData\Local\Temp\is-N5II3.tmp\MAGIX Vegas 20.0.326.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-N5II3.tmp\MAGIX Vegas 20.0.326.tmp" /SL5="$80028,309673624,64512,C:\Users\Admin\AppData\Local\Temp\MAGIX Vegas Pro 20 Build 326 (64Bit)\MAGIX Vegas 20.0.326.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lrepacks.net/informaciya/91-manifest.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb48113cb8,0x7ffb48113cc8,0x7ffb48113cd8
      4⤵
      PID:1420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,60504199109284416,220895486257926612,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2028 /prefetch:2
      4⤵
      PID:3616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,60504199109284416,220895486257926612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,60504199109284416,220895486257926612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
      4⤵
      PID:2936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,60504199109284416,220895486257926612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,60504199109284416,220895486257926612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
      4⤵
      PID:784
- - C:\Windows\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX Vegas Pro 20 Build 326 (64Bit)\settings.reg"
    3⤵
    - Runs .reg file with regedit
    PID:1680
- - C:\Windows\system32\msiexec.exe
    "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi" /qn MX_DESKTOPSHORTCUT=1 TARGETDIR64="C:\Program Files\VEGAS\VEGAS Pro 20.0"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3048
- - C:\Windows\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\ru.reg"
    3⤵
    - Runs .reg file with regedit
    PID:3448
- - C:\Windows\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\MAGIX Vegas Pro 20 Build 326 (64Bit)\settings.reg"
    3⤵
    - Runs .reg file with regedit
    PID:4484
- - C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS200.exe
    "C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS200.exe"
    3⤵
    - Executes dropped EXE
    - Modifies Control Panel
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\FileIOSurrogate.exe
      "C:\Program Files\VEGAS\VEGAS Pro 20.0\x86\FileIOSurrogate.exe" 1033
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2364
  - - C:\Program Files\VEGAS\VEGAS Pro 20.0\So4HardwareDetection.exe
      "C:\Program Files\VEGAS\VEGAS Pro 20.0\So4HardwareDetection.exe" -T 0 -O 1 -F C:\Users\Admin\AppData\Local\MAGIX\FileIO\1.0\So4HardwareDetectionOutput.xml -H \"INTEL|AMD|NVIDIA\"
      4⤵
      Executes dropped EXE
      PID:2716
  - - C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2.exe
      "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2.exe" ---SERVER_ID-569102.78707000007852911949157714843750000000000VST2-SCANNER-SERVER_ID-:p1091257248da9d08
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4408
  - - C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2_x64.exe
      "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2_x64.exe" ---SERVER_ID-569111.93541999999433755874633789062500000000000VST2-SCANNER-SERVER_ID-:p6d5efd55b3cdd258
      4⤵
      Executes dropped EXE
      PID:3388
  - - C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3.exe
      "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3.exe" ---SERVER_ID-569102.86821000010240823030471801757812500000000VST3-SCANNER-SERVER_ID-:p59b26c21e3c858e
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1860
  - - C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3_x64.exe
      "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3_x64.exe" ---SERVER_ID-569152.46940000005997717380523681640625000000000VST3-SCANNER-SERVER_ID-:pff94c2267e9d15a4
      4⤵
      Executes dropped EXE
      PID:2752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lrepacks.net/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb48113cb8,0x7ffb48113cc8,0x7ffb48113cd8
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
      4⤵
      PID:3548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      PID:4008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
      4⤵
      PID:5088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
      4⤵
      PID:4924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
      4⤵
      PID:3952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4280 /prefetch:8
      4⤵
      PID:3480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
      4⤵
      PID:788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
      4⤵
      PID:6216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
      4⤵
      PID:6432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
      4⤵
      PID:7072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,10731964528626960594,8253214931743274199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
      4⤵
      PID:7068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:912
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2F18FBEFE4CAA59520C1A292FC26869E
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3096
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 027267656C4F29D8171911D1986675A8 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1076
- - C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
    "C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe" /register /user 1085
    3⤵
    - Executes dropped EXE
    - Modifies data under HKEY_USERS
    - Suspicious use of SetWindowsHookEx
    PID:536
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe install "C:\Program Files\VEGAS\VEGAS Pro 20.0\bdmux\BdmuxServer.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1092
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 220 -InterruptEvent 0 -NGENProcess 210 -Pipe 21c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2900
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2bc -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2cc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1700
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 0 -NGENProcess 218 -Pipe 2d8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:5116
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2e0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2176
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 338 -InterruptEvent 0 -NGENProcess 31c -Pipe 32c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1980
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 2a0 -Pipe 314 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2916
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 340 -Pipe 2dc -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:828
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 350 -Pipe 318 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:72
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 344 -Pipe 320 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2932
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 344 -Pipe 364 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:960
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 360 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:5020
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 35c -Pipe 344 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2332
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 2d4 -Pipe 348 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1960
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 384 -Pipe 388 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3148
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 374 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1680
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 390 -Pipe 358 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1064
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 370 -Pipe 388 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:700
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2176
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 3a8 -Pipe 354 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3680
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 39c -Pipe 390 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1592
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b8 -InterruptEvent 0 -NGENProcess 3bc -Pipe 3ac -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3976
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 3d0 -Pipe 3bc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2688
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 0 -NGENProcess 3c4 -Pipe 394 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1036
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 3a4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:796
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 218 -Pipe 33c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1260
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 35c -Pipe 384 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3248
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 2bc -Pipe 218 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3392
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 388 -Pipe 35c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 388 -Pipe 2d4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3568
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2bc -InterruptEvent 0 -NGENProcess 39c -Pipe 36c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2284
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 2ec -Pipe 380 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2364
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 0 -NGENProcess 39c -Pipe 340 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2240
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 308 -Pipe 2a0 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1216
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 3c4 -Pipe 2bc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:904
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 3c4 -Pipe 338 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5020
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 3a8 -Pipe 38c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1788
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 310 -Pipe 3b4 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2388
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 3d0 -Pipe 334 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2260
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 30c -Pipe 330 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1704
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 0 -NGENProcess 304 -Pipe 388 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3724
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 350 -Pipe 3c4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1180
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 3a0 -Pipe 3d0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:644
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 3a8 -Pipe 39c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4440
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 310 -Pipe 308 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4580
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe update /queue
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:4908
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 20.0\sfvstwrap.dll"
  2⤵
  - Loads dropped DLL
  PID:3604
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:644
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:4864
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:1320
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3104
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:4872
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:1236
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:1612
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
  2⤵
  - Modifies registry class
  PID:4372
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
  2⤵
  - Modifies registry class
  PID:4608
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
  2⤵
  - Modifies registry class
  PID:4576
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
  2⤵
  PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
PID:6688

C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe
"C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:7404
- C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3_x64.exe
  "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3_x64.exe" ---SERVER_ID-595454.32101000007241964340209960937500000000000VST3-SCANNER-SERVER_ID-:p209312d8570c9661
  2⤵
  - Executes dropped EXE
  PID:7900
- C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3.exe
  "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst3.exe" ---SERVER_ID-595457.42180000001098960638046264648437500000000VST3-SCANNER-SERVER_ID-:pa10940d96b00373f
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7864
- C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2_x64.exe
  "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2_x64.exe" ---SERVER_ID-595461.53020999999716877937316894531250000000000VST2-SCANNER-SERVER_ID-:pae137051b9b5d88
  2⤵
  - Executes dropped EXE
  PID:7832
- C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2.exe
  "C:\Program Files\VEGAS\VEGAS Pro 20.0\audio_plugin_scan_server_vst2.exe" ---SERVER_ID-595488.07935000001452863216400146484375000000000VST2-SCANNER-SERVER_ID-:p328b33919a424706
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7784

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xd8,0xe4,0x7ffb3743cc40,0x7ffb3743cc4c,0x7ffb3743cc58
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:6736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2132,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2188 /prefetch:8
  2⤵
  PID:7320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:8172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3284,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:8180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4268,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:7080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:7536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=212,i,12446658370896413231,9636482982513230261,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:4868

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:7396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58abce.rbs

Filesize
15.6MB

MD5
87fa4be5af220c0d361483718a685b42

SHA1
43ae00ba8e53245deca7b1d92146a903c82da41f

SHA256
88697552479bcc2d9cd3d348c501281cdfa163d6212b454536e55c4397bfffd1

SHA512
372bf39dd2a403e6769de99313da76fed892555e3d6e45bad349011d379c4968c11f1fc66193519d2e4cedc46d2f895f87d7e50993bbcd9ed8db8cc6cd2b9c94

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_de_DE.cfg

Filesize
15KB

MD5
b451fb5949b28232379fb60d7c3d568b

SHA1
94a67ba4b6eb784407e6eb0d52e25acba0a77d8b

SHA256
e9c0e2abfea85b3fd60ae55d1282bf62b6a90680ec3d86fd3ec0d00d2561441c

SHA512
95a0f056e34d2afe1de486b209ed33706fd552a214db02cdc47db120cf6a4d0e08c5cf9c082e15e86567b2f998ed3527abef3a7cd389dd66ee60e75823531e09

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_en_US.cfg

Filesize
15KB

MD5
eb805dce065b58cdf2fd88f63381338f

SHA1
f998a67be6dbe07c01ff355c1ebf736382b3765b

SHA256
93b516d6f5c06d2d555941ba899ba0ade61e7dfffb43f1f211dd36ff6a75cdbb

SHA512
5ed2c34bd8a20feb1bb9408c6f46b1d6662dac14b9c55f202375bee53ff59aa4cef9fcde00dbe804c22d6875d113bf111a7d26ea165abc7285a69057c1f2b1f2

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_es_ES.cfg

Filesize
14KB

MD5
fe6a4a86c8c77728ef228ff26f29941b

SHA1
0e16d2161c2e53a3d01a8a50b499a18d608d01ec

SHA256
193c2acfb56afb949e1c3ecf342592070cc22b3bcfb5ead32afd69c811d87d84

SHA512
ff1712eaa32c0368a0b4faa90c3411b018b8afda79c17c9eae5518f46119cd2ce1825471a2ff5932887fd96bb077190a6d37bf9a587308a4ef912e831c3bb33b

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg

Filesize
3KB

MD5
37c494e4a7caa5ae0925bc48f511077f

SHA1
9b191626a02474f6a9d61d958c7008eaa293298b

SHA256
4a903588232a5f9ca943de058f4bb04d815241f9590c407bceb30dbc078eacaf

SHA512
bc627c57e6124301ec86611530b72bb2a4b5bca19c3e3b8d3de950c153fe2e548a4450e78c75e755fa9c934c7e65876d808ccf6bf59f0ce67539b7f859ba8c71

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_fr_FR.cfg

Filesize
5KB

MD5
ca11f3d94085230756238f8d26dd4b3e

SHA1
de2f00ec122c722b28bfa8ea9eb00a030db638af

SHA256
961b08bfd576a519794ac65a231bcb926705fe455bf71acb06a0b28995ac505b

SHA512
79056a7cbc8ff7a817a08216fd903d6c74ddb115896459fb0abd9043a99c867bfa59f4cefcf7479240b65a05967e8705521d867a2a01ba3af928d4a07aa1cce4

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Language\local_pt_BR.cfg

Filesize
11KB

MD5
eb8e9e9f166f0760aa669928edb58734

SHA1
b39ef190ff2346622fab23866f4a3fcbb193a2b0

SHA256
a2d74a614f59c8822b0a164137a6f534961b4073056f128a492a4c26d14ba100

SHA512
36d224c4dab29ef8851e6fa846efeaad313d1007ed5e98b9418e8b139aa79412c0cde1023a27b865f011dbac5cbcad292062793403f809da21bf8028fabdc25e

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Help\EN\36.css

Filesize
55B

MD5
afa7ee18ebf29250e6c1d58d117b0a8f

SHA1
82848e876d0559e24d95cdc27f4d81a20f96acd1

SHA256
ba77806fa2c2ffe1f2c896b4340eb169fe0cd0f7ad0706e1b4d6cfe8dfbc03f6

SHA512
054d13d69d68f8c3af0b9eed577d325877bc987699b29f622534f216a07c66f081edf16e6aa2c01635a0b9236191033abc7a904633fa918eefde87cb6baa61af

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] TBX160.efx

Filesize
728B

MD5
fc86d688081c4bf09dba3a066433c1ff

SHA1
879d015def134b14f9ac001207493a8bd1cee4d1

SHA256
330a6f77d0ef56f14345f860df9f5fd8d4f41d5de4c61e147f87ffc3aa5756e4

SHA512
c0c858fdfbc041419d51e2061aeae8de20cef583f0c50c44a3d1e4ac2d5bf18524ae2a0920b097aad99c00690b3e386a74362eaaa2ff6095131ee30729acdea4

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\OpenColorIO\configs\aces_1.2\luts\linear_to_rec2020.spi1d

Filesize
76KB

MD5
67f295e9f8be3d15aa161031f3761b7c

SHA1
89fc2e9845ed297e16c05823b655520755a234fc

SHA256
4aa8c8265b737c5dd8604408899ff7ee9f70780f8b0d49ead183b48699a19b5d

SHA512
2dd2f2da4559a9f3e4f6363f5b96d3d94655026985f051889bb05fd6628d0051dc06632fff322e9057db9e2c71281d29ba1ee5a2ccab46813db26c558a7db3c6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\Release-x64.fio2007-config

Filesize
1KB

MD5
53a5d419a902fc550441f47ded3cde10

SHA1
baeec7a8554318e7f5614699cebf37971cdac448

SHA256
f38edcc964a77f14dc8d4054b740b2d1bedab327c867d24af029713c9a9d18b3

SHA512
8b7763e110e42adc249b834e4f9f7b58604f548641e9aaaedd131bdd7f39aeeb54dd55e798917e64324da7ea822adfbd9eeb83a07a39167fbf736069db897099

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\VEGAS Pro 20 -- ShuttlePRO.pref

Filesize
11KB

MD5
252498dbc17973a2bcfd3f79aaf58bf7

SHA1
8fb11e85d99e4e853beed0298ca5515ba4b14b60

SHA256
6f2c945852e035c98d2aa9c8fda43b7074a17f0de994dbcd99f3bea24aa86949

SHA512
4b0b50d9130895226a78d88efa04a47b06583976028c9ff71b0743fdb84ddb971f77fc0e0816fb485b240cabddbee3a0e83d44043040f12f6e3e7922b799de3f

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

Filesize
1KB

MD5
d6d5eeb376433f25fc0f65cd38338fab

SHA1
57f0ae422475bb9b2bda24a0e28067a6d051ced7

SHA256
233068ead6df377ce48a93a73abf0fbf60ec08e2307867dc19e3a9f706dfe599

SHA512
bb68067e37041666faff49b2b5f79298b2de56e781d7fb6047b192e2db2c4da760eeaa9e8882ee33fa2ee836c74097c8b5d4270b3e904f99ef7d9a2f4fa779f8

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\install.cfg

Filesize
2KB

MD5
ef9be27c587b868c498a7c79ab0eabde

SHA1
c560771a56aaec89ce6bcf72cc8b2ddda7d92f54

SHA256
8ca09fa6a388c368c2687b13d084913990f086be35f23a017c603b1f35256499

SHA512
e22cb8ad0ebb2e48159238bf0f7909682ee50aff50bd898f656fca64ec0a55bb7ef14b3c86f39d1a95c05e3876288038105d545b591db0653c9d273a134c86b6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\readme\HTML_ASSETS\release-banner.jpg

Filesize
3KB

MD5
6d5dc46f9bb6ca3b4991954c6ef4117c

SHA1
20a06a4ac4b1732ec0e676c507fc4a2860bea698

SHA256
2519a81c7d217824efe2c734c940d6a29e752df20e134b64b777a1506f306d79

SHA512
2abfb6431f3d42a785baff5dcf60b9798f0d9627ae47788cc31970a5c6c046412e47bd332d7b42b6e6bc5074eb22e17938a68921c1beb48a10c0d1365e01368d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 20.0\vegas200.exe

Filesize
41.6MB

MD5
742a78da03f39891965283a7bf02ff1b

SHA1
f45020d0d4038ea23ce21329127e4e2ba4ff05e0

SHA256
c198a471dde59bc37bf7fe02242010f80c036251125015f80f67b54b7fe99e77

SHA512
aec243f390e787173742a2c8cb63b6f6d28bbe349088d3fbd191a282e35995b42f5cc3f8a7d0efd00025c35b359c807f45e4fb44eab12909bed16161d0ae4b4b

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\Default.efx

Filesize
604B

MD5
730cabeb868dd4b7831d780ee7f7fb80

SHA1
a12e3d076cb98c1d3e983e09461ecbbe77aabdf6

SHA256
75b531d26901472ea00c40e4969880f04da64dbbad39b8028bf96efbaeb836d7

SHA512
4e36c9db4ea12ade5af60ca9b6077ae1f2ee8b564bda6e812df3ec3021188dfd8d94a4febff5e3a3fea114460059d84d0d269ebab0bc837d75a0b55809acf2aa

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Compressor\Default.efx

Filesize
716B

MD5
d2d9565d9fddfbaf13a7f99149b99fe4

SHA1
fb5a1b3ed341081759524b1152692c290fce897e

SHA256
3b9d895b91da6bde266faf4ed7dd9f10d2153f9bf5a0ab809ba9f3a1fb99bdc4

SHA512
66016cc17f46b5391786d7eca57830a31b86321af96e81ff0197a652a845467480bc051fef1610067b695ad6dea67bcb8a34e051bd62ceb46395cf4abc928b67

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\DeEsser\Default.efx

Filesize
426B

MD5
6d824afdbc2a5ff1e33bd9c268900c21

SHA1
98572f2b9ae9dc8ae133a6ec42da97d925280b3a

SHA256
ca6c14b97b700eacb1156c01723ae75af8815a508fbd3ee6595a03646c2bbfb1

SHA512
c7c9c9806f7f458ed8e3b3d2dc2fccac00804451795da6449f71f398d7cea7e46c038b8053f8dc9c10f4f3765a5dcda9c1b3d48823f9c412f3567b64d28c9496

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Gate\Default.efx

Filesize
768B

MD5
89523a37c80dc73b24e111d34dc9dc0e

SHA1
c33d1a0fa4ec2507307b8b17d147d79fdff75ba8

SHA256
b72b3da8ae07903028157276018b9a8707d7a03d29b2c38dc06b7575a5620501

SHA512
4db180cd670a747085237bdc9da5ecd4fddafb0d78dfeb038f1e115bdb056a011e192cd95f265083f5de535f5fe0be1437e52669d53c58fcd72e23f5585c2b6e

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Limiter\Default.efx

Filesize
822B

MD5
552b44a05c0b75171f7de43086af0804

SHA1
569e1c91ec6223d312e52c397dcb5a699cba346c

SHA256
f8fcc33e67664dbdd9fcb18cef8f9b7067b2ba0ce0b3001de5574c65d4b9633b

SHA512
68e7386fde92a07a2ac68cc93d07159fb51d3b7c7b7b0f3064452f1e4ccb6d824251d0f97a2896dc1887e841b16645243d20b0a7f0e75035069f7d17e8ae9ede

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Phaser\Default.efx

Filesize
648B

MD5
6c042dbf721ed0e12755a4b749d54fe1

SHA1
ea224ebfc68c93beae7b1d6d4286baa2a4c6887c

SHA256
92fce37d38dbffd36d950b5152b8baddac80976ccb3dfe42a65b7dc302991365

SHA512
31a45b96867a207233127970ac3e55b226cfb4587e7170994171a68e2b10093584032ed9b25d9102d23fbb38a6586431dd35a9773ebe859ddeb5290ae36bae95

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\Reverb\Default.efx

Filesize
643B

MD5
e9f162b8a0773aaa96dfd7f640e67bf8

SHA1
102748d9531f592f685fbcf4eede062a43578752

SHA256
5604973bf92c7b24ed4c4152f70b1a4387a131a5db96513d361677baf3fe00ed

SHA512
cfc33df586b98e1e8d63386429cb7b261bbc219c658b573e08383f2c0a99c67a14351159fae50ba937d9379b86ee8c82ba57cd7e76851bff7e9ba84e633bd8c8

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\Default.efx

Filesize
917B

MD5
98f2fdd23aeee1807c23ec523e1f34fa

SHA1
d095b93b5a06f9aacc18855b60f0adc831dc76f8

SHA256
7ca19ddd0dea5afa2f8d27edd58ff342a07b6d49e8591fa647b3de8110874322

SHA512
36fc55cdd69c05b58ce2d1c504759f112625e723528c6803e93437c786880915dfb86b0319b59360ae225b585577aef05ebc14ec4c69a3712539f92a45a51577

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\Default.efx

Filesize
496B

MD5
65b2c0c0221a609279efa715af6b49d6

SHA1
a4a8bfff03ab7d0a28c709dc3171f16d2a37edb2

SHA256
f0f8b6637a7c78c493026e3831e7889beb7164d2c1d96d48f54820789b46ca97

SHA512
62774ab5fbbbe2b88156a0a35f183b3941c5bf89b297257bb8816d4569220d15b5b3f168f65cf2451ca8dea0b5a24103012a974368605cf47b9c61488dd32a1d

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\TubeStage\Default.efx

Filesize
563B

MD5
66a9a56d4ebf67e4a28bc1d7a34aa3fa

SHA1
9708d70d0d74e71042f4951e9a53ff709ea1eb80

SHA256
2826f342b4e98bb25b50b45511dff732f2e8416b02626c1f4f861a0d4f5d6bd7

SHA512
597c247ed4a5f50e7293b778eadeee1f11498e537d05cc0e71350287973ae70159db587fd368951482bbea8abb29ee04f4f57e7a9dd67add56b8b85db3c30d0d

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\Default.efx

Filesize
521B

MD5
cdce75f8659600cc94953fbb1bc4663a

SHA1
dd9097c7d03084bbc93330e6785ae639b47f7adb

SHA256
c0893b328831319e4fada0d53e8a41ab513a4c82deb3e769768e430b92b3fd87

SHA512
e071ea5186dfdd01734a19686c610afef9ef3407acf125a6e7c801b7d6d73950699a0fd4f9cb7ff6b85be5be5d6c5194c0221bbf5063d2f1b99abe539b028fd0

Download Submit
C:\ProgramData\VEGAS\VEGAS Pro 20.0\MAGIX Plugins\essentialFX\_config\efx.pref

Filesize
414B

MD5
85d681e8ea8b423a4d45d267dcd4ba68

SHA1
768729922904f5dcbd3d8a1d37dee7ab9a25e476

SHA256
588862123e55ea8ae8d4056da8a8e0e2111fc4b1a3483adc61c2b0c255fd82fb

SHA512
436c06026c8f510983b9ee49d5c9d70767c2a5c7f28d4874274880a892c56f6bcb769b4d775addfe3d4573b6a95afd7a5bc9f694fe6cb7e2e886c279ad9419d0

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\186ff11b-ea3e-4eab-9358-36cb63f5c112.tmp

Filesize
9KB

MD5
85292559a9cef3cfe2a9834fb690f884

SHA1
1b1dd149c3ba282df5de64c71338fb0345f35d31

SHA256
07f95a34680ce2db92a505c0446c6a35799c4ddefdbc2a347136587f7c6023c0

SHA512
ee4300060788a447cbe0d4e24431f83e74b11ab176bc595b2d75a0c58a3ab4f2c406fa2101b34fdf817ace56058827294b1102ea3f1e292ba2a48070eaf0ff94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9764893f127542b4f21b4d89d7f6179e

SHA1
9b00cfb8929cef075b1f042486b4c983d2bc3eb5

SHA256
b39a335d0aad950cec2e605597f512a97faa4ce714591429aa98890f617c80ad

SHA512
a7fbe52b9beeea06f9ad59003d4b950ca454392a9a03ca962e000cca295531369226b19d8bf8f31d424c8868bd7cea82a301610275e3c252ecec5ef3c45cec33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6e688cb35fbde6c64d8d41d7669c2fdd

SHA1
aefb06a175011d3746f6675af7941954b8807774

SHA256
a850157c76f49271e84a8167806dac25d8901b0cd8c4155a5dec2e5dd6b57b72

SHA512
003bd3b4ca171f44b29584466310d02beff9cfbf09eb4498bbb216a486e4474a4acdd6165b2a3594e6e9418e992b3e4bf49e14d316d476302d770370cbde5222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e2b14f19b412aaf7168e32e1292cfea6

SHA1
eaa7a44416ce47a1054b1760269ec24fac3726d3

SHA256
f5483b66ed724312f8024a5f415b4b8ab659a62afd5d695c09490d9ca8bf10be

SHA512
45591aef0a4566aee0dbf68731870417312cb1e496d89a316d31a5f659ddef8b63c524d4b9afe7772c7d3890cb3e0b76b161fe3de05c8d5e7e528399aa1f0d2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
edb3c94bed2741de65d6fd2ffe95058d

SHA1
51723c97aa0c8b26448b4158beedd84c2de8d2e8

SHA256
ca76d32e85bb70137b4175c81748518a0b1a15f204f58747b3b529f36fc80e5c

SHA512
7fcc7468a1440d22b515217eb2b136534d7ac154e5c9083bd612716dbe05b642d2f77663c6cf59f2bf40d84ff24db73e77a33ba1e2b7339cea29d5f0378fed66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c123f6b26beca521e4a089168940435d

SHA1
9eccc513435ca316e8aa036d1d1f526f82f2a8a7

SHA256
3036750130a8fa41e24723a4c2d5cda50d6734563c3ac5a0d5c1e62c991b53eb

SHA512
bd53dd9e20243cf2a5ab562dd4bb1cdcb0b5f4c970a87ce6347d0ed744511be757ff7a2615d64026776cfd4a02a0ead09e0cce99713fb17121edd9a66d2a0cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e6376b13d4c32ac3d9be59adf8e8a393

SHA1
8af9d9e11bac69671739142ae2dbc4d060697327

SHA256
d56fb2ea0f64db5bea8eaec36c91c85da3ab3db596af53b8f0ce8afb3921f2e9

SHA512
cbbd21e5c0af98ae6304d438f3f315d47896245af8f849aed82ffcc14f68c408db3a9b04123b791168740ebfd23e2e72a5b448f5dd7a9d77b62dabbfd8b80c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d065b56872fcb3deca55ebf97c8425a1

SHA1
7313bd6a706e024525d69ea770b22eba3da1ca19

SHA256
5d66649be6c5a1768e63c77f96cd869fe6e86f04af58c0bda4685ebf8f790a0a

SHA512
e180a5a78575a87aa6ef1bf05db799536cf966f7630cc74b856bc318a6ed9bf5fd422116ac8f961a167d3cce4a7483c90cca8b006b2848ed13185acd627ad9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25a8e2c704fa293852d011a2c2cdb21e

SHA1
ebdc16b1c3245d4e0e64e28b3e731992cba4b746

SHA256
975e7e7a43731303292b3f6c75969ca3c6974c3e8f0eab1693999f252af79b2d

SHA512
8eb78b77b84e4c35263fc06ef7d76a342822d46832977c8c6bf1c813412ce129215bb0532719d0b8f849b0482442527c8c6dfc457219f2751e0eedbcd5a86f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65a533ad39e5f99d362fe675d3a94c42

SHA1
219a38069b5409ffb884117a4f8d07d0d6d62ded

SHA256
98d699f5812c3346069eb2b9a973cda6a545d471af10a60ac6e957274e01d5bf

SHA512
85b95ba2c2459e170c1864a6f8df73021cb8678388a7903793c1d63dd2093ef9eb379afd3b878a5c459b5b75c0f891e2f986313be59ac95b33d9a4f17407da03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2afe225a6bc734c74967383a819099b

SHA1
b575022974e1c3d2d77453b537e146f6697aca92

SHA256
96cbcd23004bc98a73687da3797fb664c6edaccb751964b1a89f1311a39bb72c

SHA512
af2ea637b1b803a192988c24b855b9433cbd066ee3ebe2c66366456eb9341bd76b9331221a1f763cbfa34cfaf94bc0243efae5e42ad8146fcf313c992275497a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2f7d37ea7172a4cf178fa5671b68c60

SHA1
677258d0a05d333583dea5fe1fad11cd0e75c4b0

SHA256
af4a86e3d96f31378423e6d97a0b0ccd21e8c16935e1507b981ec83962db0382

SHA512
67c1fee93dde2c2b7d97f80a228a5587a578fde84995feb95fed8b170fc574243b1a22877baef4d64e8c63a3b3de78869db996f9c079ba6f8d3e8349c6296fae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
365dd80527c762491ca0dd36f102ea52

SHA1
dbeabc8ffc2e5ed68e1b8dab782dced26614a117

SHA256
98106ff349e6800ed008959398eebf5745fa0f1a5a92589c0c4b573fad99405a

SHA512
dc860229d006d6a5eac9cc048c5cbe1a809bd2930be0facbfbcbfe04da3667e88892cc3ccd1d2b34d948babb877dc6ae539ed134764c19732952c1958c532910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b1ce913393d63adb07fb07728204807

SHA1
83c3699a5f4b7d197ab9f313496173259a32762e

SHA256
e016e5d5d1e938ece266461f1b8ddb322d6f042367b405a813e483cf8b8f8b12

SHA512
613bc34727ef97178b1da19d3d3bd58a196b34f29cbb013a2e6e899405042a7bfc2b48fe92c7e716cad5636f38dc1f4bdf1fc9d7ef28ad08c4d994a1f70fb80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b407eeda97c7a5084653040a9ad43d9e

SHA1
7f5095134972dffe580d0c493d2d784d10566c76

SHA256
71749d1ffd76a2cdb9f75d73d15cdf11bfc900aabf47a94ff1bcb1fe094b1b13

SHA512
436577041850363fb694c65fb81581d9f2ad35ac9f77526342b80a3fc6e45972c77d0846ebdc439c3681f5fc13104c418a1728001872fe2b078856820143cdf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d4bca728e2562bc6c7bf565778d186e

SHA1
52a765ebb5503efb91c1c7587c45ab197af03671

SHA256
55eba3c31a754641764a610e713803bdc79df15d7a1712d27f2d1aa75dbe3bcb

SHA512
47410666d25b0978cdd95f1bb62c42492228e97183feb13a373168cb8ea144df55a369f8051b6bc4006d2e4f192af5eb53ed8a272f194066c3b60eeba220553a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d65030dd7be21e7694e33ab5730a9ab7

SHA1
ee0abdaf06492c64febc95c332b7fab46beb1bfa

SHA256
0ecb3a796900ecb171f3c4edf2099cb89f03ba12ef67f77bd59be0ab5709c1f1

SHA512
24a5aac73f378de94cbe62b1aa418a739f48b95f2f2e38aead9acecb5f540e5efce424f71999b2881573af7f0b8a6133ba781dd25cc1bd121f040bcfd060844a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
764e8ac8dbf37cf580f65a5747b79f47

SHA1
93701be83b74c3da7cb9337142dc2df7e1e9ccb9

SHA256
b73bebad38c59b1da97d7947f2423cc98918533231e144197c03de571d670c3b

SHA512
07d7a96c47a056760c11285c765504b4ebecef4fadec2b6435f81545a2fc07ffff68ae2e6be6f63edddfac8c2a6ba8b816346dae7f655c5ab45539618214dce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e1eadf5191ed0f883c588ceafda91ab

SHA1
08007b6438d7b7b9fa82af70ce39d378b085c408

SHA256
e06d3415d91f69707e7eb0bfc9dcd3af0476db65aab3e1497bad69cbce862b40

SHA512
bb55fcb7cb12bcd23b12984cf5a280e83bf98f241d80c12b65be252c3c8a24bd4945d4304a4b3e54c9cecaf77bf2c2e1b11a80328dfef8775c979d10e1196c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b5817550517b772a840539cb83cab40

SHA1
52b0fa1fc35a69a4a6ea4274d068496dc85c3891

SHA256
3616e5e3db5db8e2de7154a18f7e1649e711c50ca9a1a0939a93d0a8c5221d7a

SHA512
a3a9a4903c550e9ddd4035c08a2c9b302c5b4f91740f6e68da4598eb4f4948b6c27ff93e364295d3b4307af56683e8aad7abfa4d413d487aee83e12cc05479dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4109bbdd6ec3350db5ae469b8de3ae4a

SHA1
a4c329420d3664aa13eff1c7c9ee1e47b5f3a237

SHA256
9151f7e3e2f225e80b8a3138a2081b65ea26d7a16f14cebd0ca2e77a490b97ff

SHA512
5bf85f8064cfede8f4a313576c72ab93df5e9fafa166e39b91aa1dba1d175e617382045c3367437b1058aff21e8235ab1f2c9374e56d606af02f282492a16859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f881fa9a0ef5502137d1af69b40f84b

SHA1
536e4ff42a0cde94f2efff57f73cbff8c03c84cd

SHA256
7b0ebb61e516a779b9cfeaf9797ff00eaad0dd8137c1a338c7c091a25bd95e59

SHA512
15e14be852045b9538a7704e9a210e83f495b4bfbb5f5c149f6b69420c77fafcb977aaba2ae36d08421d6cc99d97b077feeccc438e13264ca9dd3bc3c815ae6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2427fb8059faffaa6b7316b1d75df591

SHA1
eeddac7c0172da3d0bdbc1f244f03912636d59dc

SHA256
559717542b50260b34b7a7af47fbb7857082d2f71252c70861adb2bb6669b9ed

SHA512
64b970d1f17c0942af61f64cdad481405a4f0d8d7e3a8769c5e35a63f7d5c2a32254d1016d3b3606c72e6f457c19dd3696b03e35992dd9ea3831da58cea845d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c308c1055e1530e3ff146e1579e59ee

SHA1
d540b9f9fc846f90ad5307b4c9651c2819b65550

SHA256
f38a76d6308588b4eb0d2a4563ad0b02dda0fa01a7a91446d938d00912d0a0dd

SHA512
1f3f37b3dcf695ea18f07abb7ccbcf823dabd2cdc6d562805f5a00e10cf79c0b48babddc7965161ae4ea739745ca138c21c22647830b6d26c8b0c2a2d204b3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41dc5fddbaf8fe0f343ec1f36c5221e5

SHA1
3ad8534e2b6ecf0affe3186b053c53f75f80562a

SHA256
0e5774696246087180eb26d930ee5285165b1776a62003b027d45f5197a25892

SHA512
17479d0f750ca266bcf608c9a57a60daabb72c527ace90a8d1588fbde566f0b34eedf6eab62ab16ca38cc322abea1ff6fd847a74443e2c9b9c56e48337f6a962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
890552a0c841e863d4a2b6331f19b881

SHA1
5bf07ca90e89ebb3c1e2dee64c2af6bc43d81ebc

SHA256
72ff4f39e7b5b34bcce6bbadc5f520d633bb254bb6aed6b04c6be498cbbccca0

SHA512
004928792a337676a98448b4dab784b3e27aad166daa548c0670ba57a3a84b7e0211b5ce6cfd45d64205aa072277cc367b3c5a014bd36073d5f4705aec70a132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ae94a18cc9b1dbd4446811c3aa96ad0

SHA1
dbba21c27a326bfb6e2da1bc41695887fa0be82f

SHA256
d24b5345831f86fad3e46dac06ed8f88729fe719accf1bd578b51e2b0d52c84a

SHA512
8458b489d28e3ad58a4b6ea16cf50238a0189de072ebe30a88ca17b247a8fffe4a01fb36456bf9ffadc9e8de3d9c7a2b66e30b327dd4939e6edf994bfbdda683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4e296691b84e596e51c631f040c18fd

SHA1
d19f475c48c5f6b183b252d8ee345b588925b819

SHA256
da58006c2dc61b6f68f85cdea74813e51690ff79961e9a4746f1b8191277edc3

SHA512
fae17819482de55601e3f1866c2860abd62c97d17622466dff387b1930a03fe0997d60139afa3e8d70b9a328b97fd9a3d95343088e31c67bd4c05746a5a9d460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
245f9a6947a94ce59b3bd7427e531c62

SHA1
93f82489d93c7a4a0d2a57c66566a6a0323ed9be

SHA256
d7341a6b16bb31776bccb11472919ae5cff734094c9425ede2fea64f9cb65ec4

SHA512
2021b3f34ccbaaed9e8053bd89853b8c1bafb0e111b8843af4b4b94c5b312309ae564d30227f7ba64b38c58319e2326d9bc047c1f733d484a6d52d47c6f22eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81cb337cba4ea471b03d57f8d3b89e53

SHA1
b7665c4484bafc11d4e44c6041a9d072027234bb

SHA256
c7024de7e5f3ecafffe0ac9f63c7b943a9f3ddf8b70a7328a9f69c7c8d55e406

SHA512
89b81fc58bd5e517c49c0c912930d1c0b39fcfb2baf46a42c4f28a661e354367e156879e6e60b524ae8d444259e3b2e7958723c61d9ec5bb5e81473a348ad115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6b9681937a3d0752d4943b38e049cf5

SHA1
185494bcd7e3cc552edd98927fab0d8528330ffc

SHA256
46eafdbc9239e065149391c9a388aa5f835ff97e8a964c0f4441ec7b0831515f

SHA512
05839117a38ca65f01f6ae89890b3347cb800d1dfa9bd4024cc5bfab3ca4ec35a40173ff3af068728008b414a758ee667e2932312cf4f46fb54769b9ff971d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3dc28f628e635408a48bff1c4ae4d7e

SHA1
410b11d58d7352a669bc83dbe974542e76e1da13

SHA256
88828a9f6713eb530f1288e2053846614a6e11729bd379faf727124980153c56

SHA512
199a0167091cd28510c9eb574fbab1c31ad21e80a69ac6513969e96a3ac5bdc2836dac5413334e7160e5027fb67c0e4221ab7a2ce553dc0af3f7b42ed11499f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9d715ed164dbbebe65b4ca90d3defbb9

SHA1
0f65e07db19e0b5176d5b42a81e63d23241ad6d2

SHA256
1a7bc0122d436e88fd3c78e9c3759f2949ed7ef9387d79bc5c21ccd4d26b1c0d

SHA512
5ce1723d4ece1d9f54a61303011e3e9aef6ddbbe84d8a63f91a04c1ca2c587d4ffff2f37ded57a7185304237205545caf1ebdd2b89c8661659a5672e2a02e607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ace548a6ba34d22fbcb7e7e41918d54e

SHA1
c83bea78c50b1fb6b2cfe34a93453faa5df898c4

SHA256
bc1eb44e856a30d6d2e9c3c41296416f6c195dcaa7ccf6065c13476a10422714

SHA512
9c36a80c80230a2624d499f3f1227f084ee3b16a5b8dff3ecc35301ad217663fea94c0d964e6b5cd176c09a2c89a92aa1ba9d3e04b0d21701bb0df15089ab83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d82df1c688aa54469f98f0b72a2017ad

SHA1
dd8c31f3206f776ebdec37e47ecb24d7d3b7ddd4

SHA256
3e4e80a193df477886a7cdccfba53810e4957cfc71db1a250923ed684c8795a4

SHA512
24de5fe867ea11044d2c30592734c96f0b0d36f7a7eba8271036a5c7284cc22f1525343522ed16ff7f699912d21990bbca17c34d62d69e92937bebfc6c02a704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e96ecc65176277132d7721195d2aa75

SHA1
c5450fddf95c0fbb10ac15ff4604e897a1786a57

SHA256
bafb1af3cadba565449d16d8a8ad8918ec6c009bdb7e6df6265b200cc4f1f44c

SHA512
b642ba864c2d0bd4dec0a2f364c997ec417bd43a6e6a86c427fee392c0f26eaaceb851a48531342461b1b34345dbbeb257da68899224b8006f7ab7916a7c0026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa2de76d816e9f967c926660d74f971b

SHA1
d15466a0784fe65c1f5ebad91965f78625f62b30

SHA256
c15f6aa625cd4670640e0cad3319f7ad5df8588b6c2489d2687006c6b7c8a4f8

SHA512
481d04bea7e3715ec241d9f434f0357e5f9a40332ab80b558ab584ff76d7002532791d5f0c61421fe8e226c34a0c0b15a813a1e1572a384488a3a6ded9699aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8d445395bfb0e2960ede3053e41b71e

SHA1
bc95dbb28ace4823cdf48d7c9d3dde430f3aab4d

SHA256
4b3c71966b6491f8055522283b7041d61d260c2db79901cca17d4a10727bb6b8

SHA512
fcff2dedd7f72baad41bc7694d0053d0aeea1f9a9c5bdce94b628c6b9ca8de04f8d5a4c321edd026671c655bfad6c1174a9aed5306df8a2ff63b5e5932c96b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75c1a38ac8a3566e39e48619f6f7c61d

SHA1
16a3e88a2d31062af40389ad8813f3a9a101e7b9

SHA256
f7adab27933d9e5d7af922cbeaa7b08c32b3cc11d49e7130a7bba95d0583ac79

SHA512
a5991aae72ab45bb3674cee67d6546a1c3b18e48bbdd2946bf70662ed98b3ee888ed06c7d81c1f96f61a30409f79d837dbf3f372490e60bb03b49525cbf2c36e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf5bd949df29b52bb8329bb5d2341923

SHA1
23e00eeaaa9379aae77e85678c1db377c76f1dcd

SHA256
142675db2a41b8b12fcf644d37157f0c1edbdf776317643020b4579a93a4eaa3

SHA512
6e1956647f4dc04cc786c65f9f445e0c4a6498c13fa8ba5eb7f8e8914ab9b0a5675a7f9b58b59648e3fbe9549c198e91141654284ccb3deaa79abf140a2c6a56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
027efa7e784ff478e1cae48174be976a

SHA1
dac823baf72e77301f2bc733cb1dcce2d92906e7

SHA256
e6b6029ced955b231a03183709a04545d0bf7bdde0f947a82d08242a54c8f50d

SHA512
e4073f397dfa3bc587491da4758f02520e3fcaf01f78132e685bb7ac87ed586983fd375506f9e756cc79fa0563b96f703ca61daeef23123c9ddbdda102a399b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f0dbcde04deecd69ad62b87c12bf68e

SHA1
339cc7935ce136b4b901980e6592b04dd447d65f

SHA256
a2fa597207b6849ae07e324cdcad65da29c5a500753ab5bc1d41601dad8819b3

SHA512
ad36c11d0828b326269870a886fb8ef56e720d399bdeb1ed8fe161204f7f97d9bbf840b206616c876246397d0cb9d6f6f0bbd1e4874f40e63cbd281a6fa9c020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc07177b0199eaae6c0195bc47e835f9

SHA1
2723dfc6eb7a3ba65a4258160cbabf8ba085e34e

SHA256
a0ba5805c9ad42f656d1b3cdc25dea248f276c7515f045185d389a968d9db176

SHA512
b476996a47c78ce85a180b0479c5a445a797b7068a94eff971b105f3538ba8f70dda10dde8b54f7e8ee7dfaf157b56b2ec86e33103e65946505dd1290c004a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8c4c368c4e99a2d69440a9052150f16

SHA1
e5ed8fdf8c417ab49f2cf31c01cf34caa2ddb4c4

SHA256
0b633aa76b69b16ea1ab7a8c07377d870e25d7a5eafd648ab68a1f7be04ca35e

SHA512
47c2d8e705f32000c9a30e9f21495d73756a4ccef0c4ba72e06247b1a0c30b64ea5aacf6934e06737b30976844a5318c950c5adecfba69a74d6787a340afa2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
914dd0e0b5051464db2ff8f4e7b52bef

SHA1
8e705b5c5aafb23748ec722de3df2095e6cc515a

SHA256
c4b068cc7774272e0632bdb6afe4f03ec7eee80ab67a771b08f0434ea02533ad

SHA512
584fd0dc831a261b17eb74f3f9cdeda395102d1db2e4abc25c5f52045ab85f9e1129f54d3b4b36685b7bc96b01bfb63a1f9443e660ecade0205c3945c8e0a2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eeaf9b15c98d0fe2b8c280a81c2b53c9

SHA1
1d013f5d4bcf4c2b7a1d06b78be4683e72cd5e6b

SHA256
83249c89fe36ffd3c5d52eb41fe72e176d1d8310f6501b84440c4c3344a528ec

SHA512
0e21587a6b67ab5d9451cc1adf950b73bad6d76468d0bcbaa3bf1a6753200bdbceb4a4cc288548001aa63198b7f08bb33180f23ffa581184042877af5f974982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8fc18319b6d5c85c81a2246b94091ca

SHA1
d524b7f50ddc4f9f2ed2d2542568c21ddde76bc2

SHA256
ecf08d0ee6223e8847aa41ae98c7b0a0e3e5024d1d12d68a3205d006363c7b53

SHA512
16fda19043a4249c026debd83d115f023d34921560af8e10a2afbf9f58e1dbb4bdb6343295e287c554ba988ae1d688e479ce64e2707e6c2179885ef5011a4a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6de69ea9f76a0421489f881763ea0b7a

SHA1
4981f4f50a6dcf53b09d7dc72b75bcc554e18c06

SHA256
955dc7b5de14756a935173f2a88e9896c83f40e8fe6a460b18182b891f8069f3

SHA512
6bad034ea67ecf60a264f5c3912dd4a1e0ab596f7f6448f700af92528a709ce1e9469a6132f77021a8768d321a42f46cac9ba012f4b7f08d1ede8070e9e0449f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
899c8c04a4ae9f930d4b57f3329d1cd5

SHA1
55aff0c6d25048f557cc532af96b5c7fed7856b1

SHA256
327f1543e33e837422a9ef10ec66dfb9108e6e74852158ffaa629c53dde65161

SHA512
c230aae371cbd91435fc2e952d13558dc1a6add6868b09788dd131010ed749b029f6bdb528e17819b7677b9344000cbedfa7dc23f8caae087534994a574b2b81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8afcd895be8eb6c329de51cce4563cee

SHA1
76cd4084d1852fcd163a4118ebd274beada1451a

SHA256
9cf2be00ad5d760dc4eafad674e49a1b7f3a4cc34cc27e5b58fa94a02333439c

SHA512
3385e61439c0379e4fe124c414e16155b4164d10ee7b18d17aad209a6d58eaf372e037f6414754393ded154bf383912d17cb589b995ce9fbd306a897f16d160d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0187be112a34ee99ab56329a5a969e8c

SHA1
89f2a8b7e4185ed3df2c4178affed1af72300d0d

SHA256
005127afdafcc4aee3afe7f284f072da0a3159f0400ba29442e2d8678bfd5ff2

SHA512
94a6281d167f537c8774ccfab64bdeed8ba0aaced56547cd302d57cbc73568e36cf72d9e2b8e00d3a51e18ef9919ca4bcb6f6f6d015a62577ecce41a11c1ac7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e5d07855-78b5-4224-bd2f-84ca3b8a5d85.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
c55ffbe93d5a7decff68fb0023c8229f

SHA1
38aaef9bf038d9894deffe5995eb5b6486971937

SHA256
a801612f3ca5899668791d071c37b9f8a17a893652874e1184ce2625626e0f82

SHA512
c33154484ae11db5e22da5229e5ab5822e674f4a5ea92286d9ce75bde45ef7ff22d6bc6694baabfddde6c51509d05fb676bcc7752e64c9beb4ae1eee7d875278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
4d7adea24305668f8b5a01c797fd31d0

SHA1
f8f33bbd94d7be32a454f68c707304b36b698fc8

SHA256
0cc4b8a232c82a705110775208ac6a131ea1727f240bb3d8100c23dfa05e8986

SHA512
ede34a7916aac0ab23e950958d38f2f154296d561b9b29cc9dbe93193eaaa04b82bcb9f10c7f44bea4f2dcb4458da3d1daab176acc2f405f535c4590a1615868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\41037f18-55ab-4a60-a57f-25a784418382.tmp

Filesize
10KB

MD5
2b7a6ebbb51e98e002720f924aab91ac

SHA1
433d31dcb49ec72ef9d262fd81d656f3c60a51d9

SHA256
7ae693370bd34bbf7c5a33f80a3efe147dd7935c771f0740453ca6a2ee59203c

SHA512
b52c6759f6a83fb1a19693e942f09f1d04d7e1a22eef7f66fae34137a32860e6fc1f51cbe252665ef925443f73982af03d604536015abcdfca3673253cd5a44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8da3e3308b960d8b9ccdcac43e773f70

SHA1
e1f7db43b5f82671efbfeac5bf863ce0c22c3a87

SHA256
665efb8a2cf87ff6f7378c54906dbfc5cd18d37061d4074773933335c6ed6142

SHA512
8fce4f27daac4a76cdc1b4d0871d48a22d531a9050bca59bbf2ac1d62957fec42dcbec54ca7064e026e32c97cd35927800bbb23ee65d2f77b1a7f2d1e1da32d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
b69cc9b59d17b3b9764b8f91080b5854

SHA1
6a241f38c279d83ab5b58cabd078e0aadf3df6d4

SHA256
12f8279f4c5e45ad943b1226c99da0bd00223cbba0387a702159a7610dc8b4ba

SHA512
402e8c27585959a020029a81d17519b58acadd6b8377519e48046b1fd014cc1ac5c94ae0c942339b990c6758f7f6559832a0ea944c8b9ad4159e838dcf2b4433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
d0dafd5daf4c1a269aff33eeea005a33

SHA1
5789afe3ef1882503822e99a6dd6f6c7192a2046

SHA256
e714d48eb04ef8f17c2325c5c9d7287e6c0c7d698150d38db6c27db9aae4daf1

SHA512
d8eb9b2cc4829142b7e766480c5f0c6b77d0fd7a4563689fa986b1d40f4cdad81fde95893931d29078832a3034b1f80b47cbdc6463a6afb256c6d61f030fbf47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
57a906e81084d96a4aa9b15e03248039

SHA1
36087288ca3da9993558a644381453f47a0b19f4

SHA256
5bf2e8a7f7af002d5e6449d7539e946ff8889a8f37c4482c2b699ac4ec252042

SHA512
82acc337d99f7a14c08d9f87928e1bec2a5ad6afdfb585d2d5e2b708772665bf9c3b51f8846f489c4ffa7a452485262a3e31c9f9d3ffdb7fbf0161c25fab9241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
aefe5b6ed8a8600b4f64acd481e62ce4

SHA1
485e9fd3dfce6f0fa80d413c5b0ddda442f77b00

SHA256
9359faa7d8f49b53c12fdfba122e10284832f679f859b477ee85e6a292167a0d

SHA512
db590aac907d8deae4fce584575a21bd97a6599eeebbecc25dafbc977236ce886c3f5c34124ff67c4f8d74bceef4242db74bcb75d95733e17c2a9b4372c9a148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c62ee2e8b918592977c8afb50a5ca54c

SHA1
0cd87d973e02da0048c5ea1f1b7d58b72053086c

SHA256
4e00c872f0217f91057cbb0897baaf7aa9512ea67f20057f87586b460dc0d83d

SHA512
8b8fb0f2cf533102c5a7e324356edfbf124da39e07e6921abb645912c0a90dfd6ff9659db7bd3cb0759d408133b2e1eb39174b688e9650efca35a9a407a3c705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cf4cf5e3eee447990e365a94bd884fd7

SHA1
e189dfbc5a1ff08f07a3d1a8273d46898cc01a44

SHA256
916126468a9af26a94c97302a151ead18db1aa868f7a0b311adee92e9223d979

SHA512
0959b46c9aaf81a5bd5ec146e32925bc59e6fa5916703dc82baccf936aaf4b537bc3fd8992cefb0328ded6919add041d48833b42875309970dcf075780f29ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
feb7ef4faea62bad8fbc185d7de5c3eb

SHA1
ffb2d34f3e93f65aa87cb2506469788f0ca13cd6

SHA256
2db8f400425a4c47e53aa354db9be13bef02a7a1db1883d9ed830df0a8bb2b59

SHA512
c78de10408636e422fb72ebf26fd93166693b07ab4050bbf9cca1c1d978a0417d821f47c6d83fb7a1b59ac3087301be0c726334cb4ddbab3c26c56351f6d58fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d689c7bbf29d355bd6a9e53f774ea0c7

SHA1
626ab71257e68d62164ebc2f705fc47f64516eb4

SHA256
0bf18298562f497d30d588a1f839da999da6ce68c51fa7852345caac1f28436a

SHA512
4801040e345389a5b25c5efba7b82dbed49b50d6edf4f467c7d886ba80d9ae3059fe89936fe2ec6e8363a42152c9ab62c98490bb846cf9187f94b4002687a7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62062286f968019ed1fc4a10ddce75e1

SHA1
303b119f2b5202afab27da96d60caf150309eed4

SHA256
d10d0794085bddfcd45f4bc8fa20ba083bf66985daa801be599f02aeedf4b086

SHA512
9c32e106c463a92f81d222260826c9b44a7c482a90a37ccb87128cb3a02c646f586219a20e7dbc9277168faaebfc53c575338895aace05849985a6b40a9cd6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1b13113f4d843dcfe3a5b07e306a0146

SHA1
1f5a511a72752e897095d244c11701bef4b47037

SHA256
3a8f89c23741b3a0a1c707f51f6fb0a1e17b3b62b339cb2f7ef284347610d9bc

SHA512
7247e542f07b380a086d150584c9de162b0325520a16728d70b416611608fbcd63e7e5a1a20da02bdef7bae66d69ec1c57e9505cf7b0493cef7b77d30f4a80a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26b1535615f41f45571cea160f9a697d

SHA1
91b6114aa037fb510389a56eb4b10fadd25f71a6

SHA256
1d5fa1cb2db026966e2c5875385f658b05fcbdeeb3002762c0bed650c8f5258c

SHA512
e6148fe901fae036ad6e5cb03420de09bd0921368253f824ba0fa8039ed71fc128fcb68a3ab3b3c74794c7bb6bdffa0ffb44252026b5357e69a336964f46a9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e63c89dc89c193e12f31158338b1aca

SHA1
9696f0f72ad058dbec9c9076ad72ecbbdd7a4b9f

SHA256
d9777c5eb48ff31b059cb6527df3c0fb655d6b3d10416653130c8c0fd24d95df

SHA512
a1b48639ba93fd640f6b8c404655b073c285c9bb03c0dfd3187887a1e80430c84038f39fc83e87fbb6f594da0dc0b643e676bc99591da626865ee5d66e7c4eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4a69a81a4676920567e15691b1d9c06

SHA1
11b988cf51e6c5e23f2408a2d32c1a239c6583af

SHA256
ced649ffcc00f651b47e5db38d75f251ec444094815a21ce189b3b223920e500

SHA512
1d0f7c5414fa4b38deb13ce6eb9111e643a54e2837e3dd36d2621b45bf442e5dc01e8fddfa1f6fd9e1af04687e8c675def7807c9e5c1d87a9275bbd4ab580209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4d2dc92b839f68591bfda0d19454c57c

SHA1
1670cc58cc8b6aebdf815216cd605186769b2c0f

SHA256
b590d1bca8e09854118c9eda9e50609edbead7dbfa0b5325c10ba17bacf93844

SHA512
8ee642cda9c08a3f2ea9e65f2a43f2376900d2e8b9e0ad0ce49842d367461d771a7932cc04f57ddb588e0d799b51604ce0e2f4fbe95b307a6840d7fcc524b8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38c04b14788532bb7b0a7362d5fe6470

SHA1
6c0f589529be56432dfd467d626294dbbac22643

SHA256
5ee8805b6da70bfcd825b5563525094c30509e958038ca5f31ff009b1e74339f

SHA512
bec3b9d5dab93fc01e397ed4dd10f7b7d996e05c41dbd405997c29394cdf6d154426ac261598fe9c54ac69f4d122e145551733df9ed26b219ee732c82d4ecb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0274b39c78ab7a230e418d520294b408

SHA1
dadc476ccdee685851569e3d358a31f022eed4a4

SHA256
edc2466e096d63c6dada629fb3ca5e533dfd338438b1971a6238a8c0cbacdb67

SHA512
51f1097a99c53b815c53c8e21d66c493f647d09459420daabb33efc5d4653ffbbe9b05195fe6c2598b75d4e0f32e85b3d30f657664aab495dba9619e6d703e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1e2a9e192fc5c1bf9f67b84c5238ff67

SHA1
b06af45fb2acd3efaf7dd0c1e5111fe09dfebe31

SHA256
57bfbf0c3591b080f3894b8be5f046eeda3f31476d5978a157e7afb046debf9e

SHA512
1ca67e3a288d18b9fa45acab6f4c1727a14301c9d5f88c928ea94d55e4efe836d1c5130efff122ca1cb7b456375c6c432f1292abca711b0c47130332fa30c6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
268f30bf8a75672975e1e15dd6159756

SHA1
c7e1027fc96821f171d329dd2d7612c9a7c285d2

SHA256
ec6f2ee838b09cb79c842ba9f8fe508854856216ca57d98d0c40141d5bb976ac

SHA512
597d9d7ea8e1a9ce82be3e7fb2ea72a6ca97ebb94adf13280b5461f1ffb7c6d7e0365cc0684830df72604e0377817fa692559957ca01327c6aa983448605e8e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e93b6090adbcbc37f5d4b5c7311d0ac9

SHA1
9548103a80adf3d01a42f0b2ae04f5221d383729

SHA256
62df1d476d7ad238039765aaae1fd78b891684c4e3051022fd90070b687a20cc

SHA512
47ca30b150c8790e68d80ba14c998f8e5bd1db594684971676d8b8c5231826910f922e7402835b7554f31a99562a933b0b13c7d47a39031189a9c6c456af8d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\ISTask.dll

Filesize
66KB

MD5
86a1311d51c00b278cb7f27796ea442e

SHA1
ac08ac9d08f8f5380e2a9a65f4117862aa861a19

SHA256
e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d

SHA512
129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\!!msiTarget64\Protein\is-HRTLI.tmp

Filesize
400B

MD5
0c1e88ce1761b3b91a12325c4b5cd7e1

SHA1
c1cde89c8c8624e3ee80eda4bddf914ed23a71a7

SHA256
164b291826b0f96044546db925332c677245ec1035b9f53808c2d1af5f999f62

SHA512
c5aa87f78f5981002aa16a100e3a8ca37837610eb476ae5e30b87a80c722c48a4140e246375fc5c74176cb96ad634675b2c051f88e7738b7914586525bd3869c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3_10.udat

Filesize
604KB

MD5
e34227582523dd5d6450d2a48e742d79

SHA1
0e7ad3795405d5eb2122fde5f0fc66ce74e1c855

SHA256
883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932

SHA512
cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.dll

Filesize
5.8MB

MD5
36fc6c3385657831860504e811f71b53

SHA1
4022a504ff83a298c5ee8a3d18e56ebf992bd48a

SHA256
3fd04618f5ea9f59b6aaf1447602f0672b2ab76b10e2a9e613408b41931968a0

SHA512
673b228ceb40f311c7f0e63dae9c149a5c7434215ea5aa6ec0bf61304b2ca62f5d36422723b1ae5a3c8def0608db2b0edc9d233f47394863239d3f3c95b8d147

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plug.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\ac3plugrw.dll

Filesize
2.3MB

MD5
9a4bf31ef98aedbc301820fcb0f1a608

SHA1
8e3e4608f75be5f1cac1ffd0e3955e8f957b2533

SHA256
5053d52ea00511502ba832ba3b9b63f2b79dbc3fdbf0f9d0c2f7f741733992ec

SHA512
280504089de783df7d8661e55e043353d714af799afb1f750047e5fb85c4dbfb3c201f4eb18787ba38f404e4f623fba0cd9e7091800424ec8ce47b3d04cb9313

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\ac3plug\lrepacks.dll

Filesize
1KB

MD5
4f1a14e49b00be544481d943b0bcaa38

SHA1
a9649dc849df5b6713373606b3112ef729daad6c

SHA256
35ffd0cf34d46680fbe425df26df450f82cbf61784a05f4c3394981abd3cd6d0

SHA512
63ef42cf81060aadc6d04e3d4e6dbb810ab53780238f2592eb1b050acf81b0efe12dfe9cfdb46c747f6b3e20a751b0d6e1124e138396ce72a6a888e61610f885

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\ac3studioplug\ac3studioencoder.dll

Filesize
86KB

MD5
839e72f3aee74b047362ec6ba5fe3567

SHA1
57781a9d357928ac0675fe628669f4deca6b6947

SHA256
3834071314deb9b95f13e6ad606c2606d6cd123cf7ccbc536a09e46652484c7a

SHA512
6de454e366e7b8861adaeb104281c44a62489d3032af9f1128fe40bc3ccf53cc1f42352e1d86de090e5ecd7da3b1866b0b1c456438caa56f7eb8065c6b5baeda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-FDOPJ.tmp

Filesize
43KB

MD5
0f1fb541827cc6bcc3dbb777c00ca3ed

SHA1
18e68b072c1f24eadb0fe10353ca2725eb1e6869

SHA256
7c770fdb34b37cb6140c8adf3482613aa72dc51f989b9915ff7c45f882a1a81a

SHA512
d26a6d94cafb33880c4bfaa67a687e3a3d68a3851ebacead9a590d611b23e8c1194bb99296f4ac540c0e39790716a80deda52686fb335a2b1611f6abc8c7f8f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-GIEHB.tmp

Filesize
16KB

MD5
d403b68f94df24047f1f5c06ceb438ff

SHA1
fd41dd09cab1c9b522826715876fc050d3b444ae

SHA256
48a9e9e9a1e5acb2d9afc5622b7decee6b9842a7c639b596247e3dee294b4421

SHA512
45e080281977fad0ce4e2bd268824309d1edca0ff97720ba0aa10d11cab2c0699fbf8746fe68ffc97657787b4bd051a006f48cc28ceb7bd4a2b882eb19e498bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-I5M17.tmp

Filesize
16KB

MD5
24bacd15fc74bb26c48bc6d5b8ce4c98

SHA1
d1f1366025fd2bf0dd5d0a0b3508bc352e77a940

SHA256
c0ca2de16679f5b6f62359cd22bdf69bd5b92dbea96909d6d5537d08c426fc4f

SHA512
fa714f4e227c4e0ab6bf055bf8df7c60f59e3c3dc9f36120c770894cba67eb258269d2a3a285f730b1cbd2544811f504aff64c318fd32fba0fbe562317193f0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\FileIO Plug-Ins\mxavcaacplug\is-SGV0R.tmp

Filesize
16KB

MD5
b28fb870f7ac1fc58835cd538f0b3827

SHA1
6535d439db0938e9ca0779e07c6751a111c00183

SHA256
a21893c188660edbfc3700f646316d496bcf7ded8603ef6c9f7852d02ed437ef

SHA512
88fe27c5ee62293ea08f54d0e30d96e37123590ce80dc8b77dc4bb338e03e11c363dce7c75a41824596ea2e55e290bf4d69b9e48e66e870d6bb4e10323d2a78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\Language\is-PQR0P.tmp

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\is-21N02.tmp

Filesize
123KB

MD5
d5c1877b824a8a99dd911891695e3352

SHA1
5942c1c6a6fec16014aa59c3620be1d344a2ea13

SHA256
0313f51c713f2fd18ff3c008e80cb36a55e30c9b8655c54b02c08be7da319c0c

SHA512
39c4d6ca223b39cc9a015005b2a042fa8dbcddf91ba31f435f597319640724754596c0eb0becb9ac51b2efbc0b7ff2be23e8b5ac123beeab77c6502d99175edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\PluginWrapper_deu.chm

Filesize
434KB

MD5
28189fe033f82b794cd4c787949b295b

SHA1
3bc70c77da4be191b1f9f29086d6bbeac93eaa27

SHA256
20700008e101f12f468052230f1cfc0f0312b61b81e9a2e309e8965f3b51117a

SHA512
4e0be27a4d152ada6a51521c975236f3108f23e5c2f5c40a248e71dab6cdd986fd4d6a354f07d721457634edc49427274b74141581cc72120244e201af96d77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\is-NGCOR.tmp

Filesize
11KB

MD5
174a41bafb43045e170b4419c3f518cb

SHA1
69150c318384d2109b286f5c195abee5212a7830

SHA256
b3fa12b21aa606ad6b8fe57141a081c675acf9ff078349859eb7eaf20cea7792

SHA512
e3f1db1bcd21c2aadf0fc805ab63223a296e77d076b72d32764f154c15cd67744b5194be096d8701199ea0b12ccf8edd1e72b358cc93538297227a8c4a560acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\mchammer_x64_deu.chm

Filesize
42KB

MD5
9d0f926ca5d507617b2c9980940a4ec1

SHA1
19d57c14156482f0b9d4b9ac6e756dc3a2260821

SHA256
59be8d099b496c1f8784ef6fdb05bae981ea12d93c1e92f48cf96afbd55c73e0

SHA512
848e460ff2d573e92355e41f2630dd25f6c910bef2b850f49097e7bd156500a4196f004f3f9961d281fe295903c24b5e58f6ee85d354aa93548263d1dc6ade2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64_deu.chm

Filesize
183KB

MD5
7449d3c7a273366788882e044d736755

SHA1
46cd34f8abe3a12521b314fd8082bc01bff56bf6

SHA256
2c09932992c928c400ab8bbc96f9bc031558f4f8db0f01a69c6f0327a172cae7

SHA512
c3ce978606d6fe56b90767898b8a5af462ebd5cf1c63d73bbb5f4b0ade6f2e043c72a061eb4d16c722f5e2bb4688aa266e42c9b4b06b392fd3275edd40db99b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64_deu.chm

Filesize
238KB

MD5
e4306c3bad1148bd3917fcda912254e7

SHA1
09be8be0f26da548b8528c6fe50933d504e5bec4

SHA256
7c9c1e154e6eca6d90f5809440fcb64e3c845257db806954ddcbaf1f247ac99a

SHA512
6d8dfa3d1533bdc78743c7072c40d201d0a9b5c9dd75fcca6d86ec90a7a91dafa2d2018a11c32c8780579c4d18f2ae9e7956a42cc6ca912916dd3115b4eff4b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack2_x64_deu.chm

Filesize
240KB

MD5
d96c5c1d2791f5b740b5b742239cc14d

SHA1
f0cd9075d983fe059c39a46ec7c8255a34acf362

SHA256
203d202642e917d6175c28e684d0df0bb6b94fd5644af99571f2becb19d19096

SHA512
6d4f9d312ebab1c19bf35725d8775e4545a1de81f57c979e635617854eb63116565c96c7fc7c8da25f3e393ddbb8aa30e89d31466be9c1a170ca0d8ab7c0e71c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfppack3_x64_deu.chm

Filesize
254KB

MD5
05ec141b5d879f94a1fc4fb63dab7c90

SHA1
cd376464d523dbd969e1d459861de8b8b059d3ba

SHA256
686e522a6d0503cee89b31f28e6ce6d3b1af734b32f3be46d9b394535be1e9cc

SHA512
d3af9421171df4185ee5badc269d80943c1455b33d4223970128ae4841b51ce393084dadaede5f19b8aff89c91bd109e1e7a83b8dbed624970a1831b03b30355

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfresfilter_x64_deu.chm

Filesize
184KB

MD5
bdead6dd7d517b6551d6949273fafb38

SHA1
d388b3f6440454c7ab39c9f0aefc4420005b035f

SHA256
bdf4dc7b2d3416f157a0ff16161e4db34e37b9bf9f3936eb442ca4ae9536d782

SHA512
a01b9fd3099eeac05dc36e0768bb9439736076448621d1117d74090321f01a78ea50e25e442b59185872b1f1a4bd1e39036fc1d70b10cc1685ab690dddf5ae9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sftrkfx1_x64_deu.chm

Filesize
46KB

MD5
1f28955e3548fd0d125366ff897f4486

SHA1
2ce2e126216bab27a87f13ba0c3196dd3e69b40e

SHA256
2a2c5d5324f1838fd204206c513b72c36afaa3a7ac81bd1ef53cf6bde90227b7

SHA512
69129f9ae19b2a0c55aeb9871aea074f30dae0c1ac931484e7a9975345b1942720d30a33443ed82200a2e2721cd1da96a751d7f086e66b841be37741deb2153a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx1_x64_deu.chm

Filesize
221KB

MD5
ced225cf1ddc86d43d722fe3f43395cf

SHA1
af1c71b436d2f555092b8e95b48fe9d280f77b77

SHA256
7172285a843dfea02861a0ceb37df09420fe63c7cd57d7b4c78a510dc5e781e1

SHA512
0598400db2feb94fd4aa97d336eb7aeb1c2fd868c4a0b53d943ae84d122138a676da5a2bc9693c90ffdaa9dee5802a26474eedc18db3ffec1ccc5769bf6d0cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64_deu.chm

Filesize
191KB

MD5
b6c8248c7ead44d8f29f9e45654266c7

SHA1
0451c6a06b6fe85067775e1f17f8f1e03a2de79e

SHA256
7fca06a0d9f9b38e5dfc1536f7e9be5ab60573857d90d51cb817b0fd3bdfdb57

SHA512
ef19e040ec8b9ae3cc4944122492b75cdcff41a801fdb988cedda3ef8b20a57a3e99ef83c042dd51bea5b3249125978d549476493a0a6ddc613f66ff9f5c91da

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\sfxpfx3_x64_deu.chm

Filesize
195KB

MD5
38d74b2342a9750ddc419162a3b4bf8a

SHA1
b59125ad03290f87e8e1dc8fdbcd02ca3cc15a09

SHA256
55c48b9e003aa26c618db119af868bdfd958a5f55553d06d3f19ed5483622059

SHA512
9c98b02b2088a9ee15b891db56e2cf43ed6e12ac9464ae16528195e36c14b516c9c2ff8637f5e3f3feac400783625d2e88e8e0dcf41f49ff08514771efc10382

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4_deu.chm

Filesize
367KB

MD5
05fba5470961d350729077f24f2e226c

SHA1
8199bf209bf6923d4185fb960ef8624b3d8a22a6

SHA256
8706882eb4f2d42a63da17daddea5a5a7186ee4b4292f4489624ca30d61d8662

SHA512
d7b7dc117922df0447577cba07d762fdd88a1b6f6cdac93169304e7724399ef5afcb49d2e888bc0b073099fb672397ba4a28162871e501b8290aa11e57fa01bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vegas_deu.chm

Filesize
10.5MB

MD5
ad71246de2a860f980b7298519510c21

SHA1
420d54a1b88039d4f554f2e567b27c5377df53e6

SHA256
65cae474ca7fbd4cb3f49f6cc2a871fcd97be3f67c995af83be35ed5c60ef9ed

SHA512
1ec0e10c4113f859f628905838d6622cdd963973d208e85d5135dc35bb2b48274ad4129329fc4fdd56254f89ca4119e63c6be4c576838da12f3e8d0d479681b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\vfx1.ofx_deu.chm

Filesize
4.3MB

MD5
02a37529c636b810f022d92ea9280403

SHA1
02a1ce65fed7436bd7b28edb4ea55425107c5d12

SHA256
52846b9e45a1bf9b1d301ae04c6c9fcec31ca6f90c73af10138087efc49b387e

SHA512
2e0e46120b972aa1927ad58fa79e4f3c2cd170781c671fdd7e3e81020395359c1b1c78442dd0dce655fd0eba40b9cc394ae91338189d81effe9f7b9c3e2f22b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS\Shared Plug-Ins\Help Files\xpvinyl_x64_deu.chm

Filesize
45KB

MD5
9ff814b3438a27e4b9922cd6a456c841

SHA1
9093622fa91ab1329a7e97485356e1462a7f1021

SHA256
d1c5d986e115c180373673668f2cf341070d0e7b9c02549c439370fd8436952c

SHA512
ca383b963455572ce920266591c71a6eb0baae3fd301a8b7877767baf890bad9c15b09e692cd0a06e9edb6ac62ea580d02549c38b09a8455ccc70d2cf6dac421

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS_Pro_20_SetupInfo.ini

Filesize
2KB

MD5
5aed38cac4aee2451084ba9f7db572f7

SHA1
739c98415873849be1f71113d5fdb32b76da3574

SHA256
1a7c7cef33fbadb9852130fc572332967155aea944abc643c611bf6b11715513

SHA512
b00055438db706bfc3dd20b96b0b9735f6128119a5ef9909892fb6ff95f0ccaf5cf665ccf62005c81288166f37d347f39cc457b8c90fb816137e565f4f09321f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS_Pro_20_SetupRes.mxres

Filesize
2.3MB

MD5
ee1b40a2626fe8569cf2e308ac9ece86

SHA1
c8d5f636fc54bbc5e51517acf9f94a32719a4834

SHA256
c9142b66b8327d9fe069899b0c45481b92e42ae4c6a3cfcbb22680d3d4c716f2

SHA512
357fd7a4db00e6dcf886ccede2802733418d3d285c8b2822fe3dc89a2f3b3ce7236d3672bc65032a6dcaa809b77b3696eec0f4d6d93a6cdbc0b56d088d7555bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS_Pro_20_setup.exe

Filesize
4.6MB

MD5
909ed3f54e1c1bcf8ad2d887816be955

SHA1
f0f40742ccb27f7d9650d3cbcf02594df8be4e79

SHA256
01d56e1648c7ca07b86a0aaed0ccc78ab54e47aae2e70adce8cb41011d4cff7b

SHA512
4653964efef10751d058a2cc8cc2dab69d650c3e810e0c41f01cd75c0cd5a025377dc5a671c9e4b1ed3ba66bd5d256411af504876ba74a2ec0297473764fd469

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\VEGAS_Pro_20_setup_x64.msi

Filesize
2.8MB

MD5
a10d0ac8c4614ef272608231cfbf9868

SHA1
b384cffbb523acd9a239eacb485f2a6d6fd6219f

SHA256
5532c0712476d8e05a45db481ad144f26a3ab9fa365e820887789a091728a171

SHA512
3e9286a8a11ac6368b50fd151b94ffd353357d99ec6beacdc8820bd04b14d563e78106539242cec6fb11dd41e16e4678d9f37efcbd7bf10407309fa51fd802ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VEGAS20\readme\is-5MQI2.tmp

Filesize
36KB

MD5
1ba8587cefe8e58a10ad9a0a768a980d

SHA1
477d08b74f2780d655eaa25f5df8c68bac884f83

SHA256
ba449d762cedb1b2b4f129a7401367ebaeea58fd93355589df6d5af05af83152

SHA512
fcce2a978dc5c03cc9f2a5ca7a0ddef403f28eff1a834a46dfbc873b305187d2665480d5b830c4ff69d7dd4016c448b10a5b91d0de1c7e4d1fdb25058728ddf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JQAP9.tmp\VclStylesInno.dll

Filesize
3.0MB

MD5
b0ca93ceb050a2feff0b19e65072bbb5

SHA1
7ebbbbe2d2acd8fd516f824338d254a33b69f08d

SHA256
0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246

SHA512
37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N5II3.tmp\MAGIX Vegas 20.0.326.tmp

Filesize
911KB

MD5
3cf000f76aebe1287fbce80803691eef

SHA1
1abfd84af565006ab0eb5048c62827db64ba6d20

SHA256
2ec46149ff09b8028c0892b98c25eeb839052fae520b8692e1edbe3e1e90e555

SHA512
0aa4a80a550e1319ac49298fc9fe792b078d37d0099e2a4033d4022da44e49c4b641d07eb3cd8bfbfd9badbcf1975c3c494f790dd7151125f79a76b1ae62c6ef

Download Submit
C:\Users\Admin\AppData\Local\VEGAS Pro\20.0\FFCache_x64_1033.ini

Filesize
24KB

MD5
cfebd23b768e3704788909c43810126e

SHA1
0d2a48ab801c90591275d232ba2f1dfe28249e0c

SHA256
3193c917f4a3fd6c177014e0ea2f9d6c6d3252d96744628a9e99828eb7693597

SHA512
490c9e393107350ed271c7e1f76c8913416a5889560ca4bae3d1d7179823b1d7cbea9def6591f9bcc65c982fc37eca3c0976cae2c10c528c544aae68c65af2f3

Download Submit
C:\Users\Admin\AppData\Local\VEGAS Pro\20.0\FX Thumbnails\00000002.jpg

Filesize
1KB

MD5
94db0a3f194d8a0a45b6d870bc68ef12

SHA1
20117194a49a0e37d180ba5b73aa4d2f032291a9

SHA256
6776872944a55465c21b52c0cb0ff3c500cb6400bd6c1ca2017b71b52e8e1266

SHA512
82650ee94a7013f187a18133c385e071dc2603f7b7e8a4c62b692d704ce77c7a2f01c8a121bce841a94f3ef7d5b9746a1ba4927ec0125662d394cc08ba8e9797

Download Submit
C:\Users\Admin\AppData\Roaming\plugin_scan_state_VST2_x32.scan

Filesize
1KB

MD5
be079fb80f033c2ab334f66b46e2607b

SHA1
82fe5dd1182e1eee95bb002da0ee8c139017fca8

SHA256
e030c9dd2e4e367e271b71e276a8a071d2ec0718f0a4c701a07d85eae4af3603

SHA512
9dd9c8d767506b15e256de8d5f4f8a0e16c4d0a91b01f18da3e3a97927cb5b8b5f2b46c75340a7bb39adbcd7e279ff2c9c72e5b0190aef008974d07319d382e4

Download Submit
C:\Users\Admin\AppData\Roaming\plugin_scan_state_VST2_x64.scan

Filesize
4KB

MD5
ffc9ea082b4cc4ffa437d895f20be46a

SHA1
c6f6f8feeb96843b87b6c1af53a168b294868c98

SHA256
0542b012b7995385f42e10eec0e9ad67d93055115a28c88872776d5d43b7fab5

SHA512
5a1daa4d9aea446826f27c27bcfe6e89eea5fcc104369b249148c50c719e5b94ff74376dc84e2bc03a000de3be66883293de7567f935d341112217e06861ecd2

Download Submit
C:\Users\Admin\AppData\Roaming\plugin_scan_state_VST2_x64.scan

Filesize
4KB

MD5
8ac28b12252fcf6b9fd748e39a7ba91d

SHA1
06e31840a6677df976bfbe724879bf1397f38fde

SHA256
ba453bf9950a24851db91665b67b560f7503605fc13e1015bf2c81d3b68d3f75

SHA512
09eec2a1b1288e02e3cc420a08f7a2467780c9bcb2e840fa590f781f24850472837c83f62687e93bf645e07c9f529e449b9708c751c83848a504ecb6bcc8152f

Download Submit
C:\Users\Admin\AppData\Roaming\plugin_scan_state_VST3_x64.scan

Filesize
59B

MD5
dde53f0f5d0787d21b8e74e922bcbb03

SHA1
063b8930ac401497f8186ab1c9534c869a416649

SHA256
f28727be0cdad68a29f5064b66292dd16ec3ed92a7b7ea0cff7f55004a14b6fd

SHA512
0e6c691394820d61334d46c4a383bb504b56c6252ea4a2fab8eccea1d87ce48befd179b87b7387f69ed7190e1c41003d661efc56f14c462538333f1486a5f939

Download Submit
C:\Windows\Fonts\mark_my_words.otf

Filesize
104KB

MD5
7c63423376c2f45b7d76537c933a95cc

SHA1
58561511026f8761d1a90a6bee79d4a152b420f0

SHA256
57c478c62fb66a6dcc1281e1f92f741fedeb2e60ad42b4a06825336f1f3506eb

SHA512
e15d075df3574bd7fc9191506cb113ed17767d1a50cc918ea1d7c75b22c5165a7b5ad33ddb453c5c7d4efa6ad182f90f2a1a1857c614acbbada34202e6c79a81

Download Submit
C:\Windows\Installer\MSIAC87.tmp

Filesize
1.7MB

MD5
68332516efc84f8047dcc41195933e1c

SHA1
85049868fe758591f52e25124df75df9bf6da5e3

SHA256
b7ef5323836990782c854df55636e63c02325a24aad8bac44fdf14420f694888

SHA512
ec2224d2430810c55814bb96860792cfaa2bdc6727803893d544da594ee0f8f502a5a6473e63be915bcc564087b57c405fa3d2a731790e31897c8f83b3a8938b

Download Submit
C:\Windows\Installer\MSIADB2.tmp

Filesize
187KB

MD5
37ee40de8aae5c9353e579897ef1fce7

SHA1
8107d2adc0c0142ce94e04e41b7cc54b7d7e103f

SHA256
0460f519b521a322bea9a5f16c608b5e20d9e34a1deff05356e9dc39fb99e0b3

SHA512
4a89a32f90743dd5cbe91f21ac55ea7c501b822273b779ff23aac76a42f15b1c064a1316b04fb5024cb7d87be980492f289f9f9502eb993f8470b0cc1b7a3e0a

Download Submit
C:\Windows\Installer\MSIB749.tmp

Filesize
115KB

MD5
1d6ba5f52f57fb8ddb7a966370d5f80b

SHA1
ebb6dd99116379c55b641e48f7de79d24a3f04ec

SHA256
09d043dbde0108e601b91c83f8f1a36ec953ea484a82cb576a18b58504dce11b

SHA512
bef5557ce63f5f253ab27236dcbab95077fd110f43dcfc19518e66750e0dd19adc78898cf1093de811f4b0e4b5bcb813063889706c6826cee61a0df26b85060c

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log

Filesize
146KB

MD5
61febe282955a0b48a4c57b0ec49c2e7

SHA1
f5adcbab3299a0953f1487c47dfee4950aa5be6f

SHA256
a17d0a3074ac44ed1e1f9bf95805b4dee7bdfd9badf0b4a70b42ceb73a661573

SHA512
2b7f8b6468c10588449707cb2300971441dc267f209cbd769a4cfef6436de0b0c761522c422b889b1ab816c3f40c6319f659a0486901040055fe13efe52651a0

Download Submit
memory/700-7013-0x00000000076F0000-0x000000000776D000-memory.dmp

Filesize
500KB

Download
memory/756-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/756-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/960-6905-0x0000000006890000-0x00000000068B1000-memory.dmp

Filesize
132KB

Download
memory/1980-6828-0x00000000070B0000-0x0000000007407000-memory.dmp

Filesize
3.3MB

Download
memory/2364-7537-0x0000000073FB0000-0x0000000073FB2000-memory.dmp

Filesize
8KB

Download
memory/2668-8792-0x00000000182E0000-0x00000000182FC000-memory.dmp

Filesize
112KB

Download
memory/2668-9680-0x000000001EAE0000-0x000000001EB30000-memory.dmp

Filesize
320KB

Download
memory/2668-8800-0x0000000019580000-0x00000000195B2000-memory.dmp

Filesize
200KB

Download
memory/2668-8799-0x000000001BE50000-0x000000001BF0A000-memory.dmp

Filesize
744KB

Download
memory/2668-8798-0x00000000182D0000-0x00000000182D8000-memory.dmp

Filesize
32KB

Download
memory/2668-8791-0x000000001B550000-0x000000001B88C000-memory.dmp

Filesize
3.2MB

Download
memory/2668-8790-0x0000000018650000-0x000000001867E000-memory.dmp

Filesize
184KB

Download
memory/2668-8789-0x0000000018610000-0x0000000018642000-memory.dmp

Filesize
200KB

Download
memory/2668-8787-0x0000000018100000-0x000000001810A000-memory.dmp

Filesize
40KB

Download
memory/2668-8788-0x0000000018260000-0x000000001826A000-memory.dmp

Filesize
40KB

Download
memory/2668-8786-0x0000000019F10000-0x000000001A068000-memory.dmp

Filesize
1.3MB

Download
memory/2668-8783-0x00000000180F0000-0x00000000180F8000-memory.dmp

Filesize
32KB

Download
memory/2668-8784-0x00000000185A0000-0x0000000018604000-memory.dmp

Filesize
400KB

Download
memory/2668-8785-0x0000000018310000-0x0000000018356000-memory.dmp

Filesize
280KB

Download
memory/2668-8781-0x0000000018160000-0x0000000018172000-memory.dmp

Filesize
72KB

Download
memory/2668-8782-0x00000000180E0000-0x00000000180EA000-memory.dmp

Filesize
40KB

Download
memory/2668-8779-0x0000000019D70000-0x0000000019F0A000-memory.dmp

Filesize
1.6MB

Download
memory/2668-8778-0x0000000018140000-0x0000000018152000-memory.dmp

Filesize
72KB

Download
memory/2668-8777-0x0000000018540000-0x00000000185A0000-memory.dmp

Filesize
384KB

Download
memory/2668-8776-0x00000000193E0000-0x00000000194B4000-memory.dmp

Filesize
848KB

Download
memory/2668-8775-0x0000000019330000-0x00000000193D8000-memory.dmp

Filesize
672KB

Download
memory/2668-8774-0x0000000018220000-0x0000000018258000-memory.dmp

Filesize
224KB

Download
memory/2668-8773-0x00000000180B0000-0x00000000180BE000-memory.dmp

Filesize
56KB

Download
memory/2668-8772-0x0000000018270000-0x00000000182B4000-memory.dmp

Filesize
272KB

Download
memory/2668-8771-0x0000000018110000-0x000000001813A000-memory.dmp

Filesize
168KB

Download
memory/2668-8770-0x00000000180C0000-0x00000000180DE000-memory.dmp

Filesize
120KB

Download
memory/2668-8769-0x0000000014440000-0x0000000014462000-memory.dmp

Filesize
136KB

Download
memory/2668-8768-0x0000000015C90000-0x0000000015E18000-memory.dmp

Filesize
1.5MB

Download
memory/2668-8767-0x0000000015980000-0x00000000159E2000-memory.dmp

Filesize
392KB

Download
memory/2668-8766-0x00000000140B0000-0x00000000140C8000-memory.dmp

Filesize
96KB

Download
memory/2668-8765-0x0000000013FD0000-0x0000000013FEE000-memory.dmp

Filesize
120KB

Download
memory/2668-8763-0x0000000015A40000-0x0000000015AF2000-memory.dmp

Filesize
712KB

Download
memory/2668-8764-0x0000000014080000-0x00000000140A2000-memory.dmp

Filesize
136KB

Download
memory/2668-8762-0x0000000014010000-0x0000000014060000-memory.dmp

Filesize
320KB

Download
memory/2668-8761-0x00000000158E0000-0x0000000015978000-memory.dmp

Filesize
608KB

Download
memory/2688-7094-0x00000000039E0000-0x0000000003A5D000-memory.dmp

Filesize
500KB

Download
memory/2900-6758-0x00000000053C0000-0x0000000005408000-memory.dmp

Filesize
288KB

Download
memory/2900-6759-0x0000000005420000-0x0000000005428000-memory.dmp

Filesize
32KB

Download
memory/2900-6760-0x0000000005450000-0x0000000005462000-memory.dmp

Filesize
72KB

Download
memory/2900-6761-0x0000000005470000-0x000000000548C000-memory.dmp

Filesize
112KB

Download
memory/2900-6762-0x00000000054E0000-0x000000000552F000-memory.dmp

Filesize
316KB

Download
memory/2900-6763-0x00000000055A0000-0x000000000560C000-memory.dmp

Filesize
432KB

Download
memory/2900-6764-0x0000000005690000-0x000000000570A000-memory.dmp

Filesize
488KB

Download
memory/2900-6765-0x0000000005530000-0x000000000553A000-memory.dmp

Filesize
40KB

Download
memory/2900-6766-0x0000000005D80000-0x00000000060D7000-memory.dmp

Filesize
3.3MB

Download
memory/2900-6768-0x0000000005580000-0x0000000005588000-memory.dmp

Filesize
32KB

Download
memory/2900-6769-0x0000000005780000-0x00000000057CC000-memory.dmp

Filesize
304KB

Download
memory/2900-6770-0x0000000006260000-0x0000000006282000-memory.dmp

Filesize
136KB

Download
memory/2900-6771-0x0000000006290000-0x00000000062AE000-memory.dmp

Filesize
120KB

Download
memory/2900-6772-0x00000000062F0000-0x000000000632C000-memory.dmp

Filesize
240KB

Download
memory/2900-6773-0x0000000006380000-0x00000000063D0000-memory.dmp

Filesize
320KB

Download
memory/2900-6774-0x0000000006490000-0x0000000006542000-memory.dmp

Filesize
712KB

Download
memory/2900-6775-0x0000000006550000-0x00000000065B6000-memory.dmp

Filesize
408KB

Download
memory/2900-6776-0x0000000006AF0000-0x000000000701C000-memory.dmp

Filesize
5.2MB

Download
memory/2900-6777-0x0000000006400000-0x0000000006422000-memory.dmp

Filesize
136KB

Download
memory/2900-6779-0x0000000006430000-0x000000000644C000-memory.dmp

Filesize
112KB

Download
memory/2900-6778-0x0000000006660000-0x00000000066F2000-memory.dmp

Filesize
584KB

Download
memory/2900-6780-0x00000000074F0000-0x00000000079BC000-memory.dmp

Filesize
4.8MB

Download
memory/2900-6781-0x00000000065C0000-0x00000000065D2000-memory.dmp

Filesize
72KB

Download
memory/2900-6782-0x00000000065E0000-0x0000000006600000-memory.dmp

Filesize
128KB

Download
memory/2900-6794-0x0000000007420000-0x000000000745C000-memory.dmp

Filesize
240KB

Download
memory/2900-6795-0x00000000073E0000-0x00000000073F2000-memory.dmp

Filesize
72KB

Download
memory/2900-6793-0x0000000006AC0000-0x0000000006ADA000-memory.dmp

Filesize
104KB

Download
memory/2900-6792-0x0000000007150000-0x00000000072D8000-memory.dmp

Filesize
1.5MB

Download
memory/2900-6791-0x00000000067E0000-0x0000000006800000-memory.dmp

Filesize
128KB

Download
memory/2900-6790-0x0000000006760000-0x000000000676A000-memory.dmp

Filesize
40KB

Download
memory/2900-6789-0x00000000068E0000-0x000000000695D000-memory.dmp

Filesize
500KB

Download
memory/2900-6788-0x0000000007020000-0x0000000007142000-memory.dmp

Filesize
1.1MB

Download
memory/2900-6787-0x0000000006740000-0x000000000675A000-memory.dmp

Filesize
104KB

Download
memory/2900-6786-0x0000000006790000-0x00000000067D4000-memory.dmp

Filesize
272KB

Download
memory/2900-6757-0x00000000057D0000-0x0000000005D76000-memory.dmp

Filesize
5.6MB

Download
memory/2900-6756-0x0000000002F10000-0x0000000002F20000-memory.dmp

Filesize
64KB

Download
memory/2900-6785-0x0000000006810000-0x00000000068DE000-memory.dmp

Filesize
824KB

Download
memory/2900-6784-0x0000000006630000-0x0000000006652000-memory.dmp

Filesize
136KB

Download
memory/2900-6783-0x0000000006700000-0x0000000006732000-memory.dmp

Filesize
200KB

Download
memory/2900-6755-0x00000000051C0000-0x0000000005216000-memory.dmp

Filesize
344KB

Download
memory/2900-6754-0x0000000005130000-0x0000000005155000-memory.dmp

Filesize
148KB

Download
memory/2900-6753-0x0000000002EF0000-0x0000000002EF8000-memory.dmp

Filesize
32KB

Download
memory/2900-6752-0x0000000002EE0000-0x0000000002EE8000-memory.dmp

Filesize
32KB

Download
memory/2916-6859-0x0000000006B50000-0x0000000006B9C000-memory.dmp

Filesize
304KB

Download
memory/3148-7018-0x0000000007870000-0x0000000007891000-memory.dmp

Filesize
132KB

Download
memory/4476-7511-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-967-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-350-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-98-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-97-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-92-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-89-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-88-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-87-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/4476-42-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-46-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/4476-47-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-63-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-40-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/4476-43-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/4476-44-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-45-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-48-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-49-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/4476-50-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-51-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-52-0x0000000007290000-0x0000000007291000-memory.dmp

Filesize
4KB

Download
memory/4476-53-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-54-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-55-0x00000000072A0000-0x00000000072A1000-memory.dmp

Filesize
4KB

Download
memory/4476-56-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-57-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-58-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/4476-59-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-60-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-61-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/4476-62-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-64-0x00000000072D0000-0x00000000072D1000-memory.dmp

Filesize
4KB

Download
memory/4476-65-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-66-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-70-0x00000000072F0000-0x00000000072F1000-memory.dmp

Filesize
4KB

Download
memory/4476-69-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-74-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-39-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-67-0x00000000072E0000-0x00000000072E1000-memory.dmp

Filesize
4KB

Download
memory/4476-71-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-72-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-73-0x0000000007300000-0x0000000007301000-memory.dmp

Filesize
4KB

Download
memory/4476-75-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-76-0x0000000007310000-0x0000000007311000-memory.dmp

Filesize
4KB

Download
memory/4476-77-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-78-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-79-0x0000000007320000-0x0000000007321000-memory.dmp

Filesize
4KB

Download
memory/4476-80-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-81-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-83-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-84-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-82-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/4476-68-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-41-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-38-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-27-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-25-0x0000000007200000-0x0000000007201000-memory.dmp

Filesize
4KB

Download
memory/4476-26-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-28-0x0000000007210000-0x0000000007211000-memory.dmp

Filesize
4KB

Download
memory/4476-29-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-30-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-31-0x0000000007220000-0x0000000007221000-memory.dmp

Filesize
4KB

Download
memory/4476-32-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-35-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-37-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/4476-36-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-34-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/4476-33-0x00000000070B0000-0x00000000071F0000-memory.dmp

Filesize
1.2MB

Download
memory/4476-23-0x0000000006D90000-0x00000000070AA000-memory.dmp

Filesize
3.1MB

Download
memory/4476-17-0x0000000006B60000-0x0000000006B76000-memory.dmp

Filesize
88KB

Download
memory/4476-6-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download