File name:

vegaspro14edit_dlm.exe

Full analysis: https://app.any.run/tasks/d303620a-f371-4525-8b32-d56023ef6290
Verdict: Malicious activity
Analysis date: May 15, 2025, 20:50:09
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

123D789749ADED25E80BB5AFD501AF03

SHA1:

D4047FE2147AB386EDB7A0BB228E286C2B30D928

SHA256:

DA9D91AB887E7915BAC3BF19E76A996C1208047B169FFFAA8D19E573ABA6BB9C

SSDEEP:

98304:FgSEdfJ1ScyM4+FMU0ZQdIFZx0CaPbJSSgmNFsS6rvpSmG46LEHSi/cKLdyMspi5:L3J

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • vegaspro14edit_dlm.exe (PID: 7372)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Reads security settings of Internet Explorer

      • vegaspro14edit_dlm.exe (PID: 7468)
      • MxDownloadManager.exe (PID: 7536)

    • There is functionality for taking screenshot (YARA)

      • vegaspro14edit_dlm.exe (PID: 7468)
      • MxDownloadManager.exe (PID: 7536)

  • INFO

    • Checks supported languages

      • vegaspro14edit_dlm.exe (PID: 7468)
      • MxDownloadManager.exe (PID: 7536)

    • The sample compiled with czech language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with spanish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with english language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Reads the computer name

      • vegaspro14edit_dlm.exe (PID: 7468)
      • MxDownloadManager.exe (PID: 7536)

    • Create files in a temporary directory

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with french language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with korean language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with polish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with russian language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with portuguese language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with Italian language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with turkish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with swedish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with japanese language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with chinese language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with german language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Process checks computer location settings

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Checks proxy server information

      • MxDownloadManager.exe (PID: 7536)
      • slui.exe (PID: 7968)

    • Reads the software policy settings

      • MxDownloadManager.exe (PID: 7536)
      • slui.exe (PID: 7968)

    • Creates files or folders in the user directory

      • MxDownloadManager.exe (PID: 7536)

    • Reads the machine GUID from the registry

      • MxDownloadManager.exe (PID: 7536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:02:20 16:55:50+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 664064
InitializedDataSize: 787456
UninitializedDataSize: -
EntryPoint: 0x4ead6
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.40.36
ProductVersionNumber: 1.3.40.36
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: MAGIX Software GmbH
FileDescription: VEGAS Pro 14 Edit (en-US)
FileVersion: 1.3.40.36
LegalCopyright: Copyright © MAGIX Software GmbH
ProductName: VEGAS Pro 14 Edit (en-US)
ProductVersion: 1.3.40.36
MX_Culture: en-US
MX_StubConfig: Release
MX_StubVersion: 1.4.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
129
Monitored processes
4
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start vegaspro14edit_dlm.exe mxdownloadmanager.exe slui.exe vegaspro14edit_dlm.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
7372"C:\Users\admin\Desktop\vegaspro14edit_dlm.exe" C:\Users\admin\Desktop\vegaspro14edit_dlm.exeexplorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
MEDIUM
Description:
VEGAS Pro 14 Edit (en-US)
Exit code:
3221226540
Version:
1.3.40.36
Modules
Images
c:\users\admin\desktop\vegaspro14edit_dlm.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7468"C:\Users\admin\Desktop\vegaspro14edit_dlm.exe" C:\Users\admin\Desktop\vegaspro14edit_dlm.exe
explorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
VEGAS Pro 14 Edit (en-US)
Version:
1.3.40.36
Modules
Images
c:\users\admin\desktop\vegaspro14edit_dlm.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7536"C:\Users\admin\AppData\Local\Temp\mgxviir7z2p\MxDownloadManager.exe" -s VEGAS_Pro_14_Edit_trial -r -ic -it TRIALVERSION_INSTALLERC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\MxDownloadManager.exe
vegaspro14edit_dlm.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
Installationsmanager
Version:
1, 3, 40, 36
Modules
Images
c:\users\admin\appdata\local\temp\mgxviir7z2p\mxdownloadmanager.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7968C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
7 205
Read events
7 167
Write events
38
Delete events
0

Modification events

(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Timeout
Value:
20000
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Retries
Value:
3
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:CallbackTimeout
Value:
250
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:BufferSize
Value:
32768
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:VerifyHTTPS
Value:
0
Executable files
36
Suspicious files
3
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg.initext
MD5:ECE038087FF14D25B25E98DF73360FE6
SHA256:D4A45BD57343C2B66A62D13DE38D7E302DD8119DAFEBE3EBB3CEAE255AACD978
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\controlTemplates.initext
MD5:D18CB8459CEAA93632E05FCF8BCB6BB3
SHA256:BA50C265DE5E05F6671BBD300689671BA8D18E04F047BC6B53CA21749A05B8AC
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg_1.initext
MD5:CC73541853CF99988AEA4E078EDD4415
SHA256:7E32961ABED918CAD096FD74779F9F151B25A7BFA9E151495602E39A10116CF8
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\CPleaseWait.initext
MD5:66FACB28AE5E5C0B14C92FC2E8C449D6
SHA256:2A4C025203881C60934FF7DE148D342AD5213335C321749CFE603C0EE91CF5C2
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg_2.initext
MD5:53F8E342EE2DA438E8CDFE939C586744
SHA256:A5D431D5E49BE24F52CB40946C3C0851C1A8E41A0B64D98385B4136290661320
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\ProgressDialogTemplates.pngimage
MD5:CBE0A7C1EE665C7272873C031A0C5D52
SHA256:9CF7CE3D45C97311E6A400413C61BEFCCF9BF6E9820D5886414829D1D2F2CA86
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\ProgressDialogTemplates.initext
MD5:2F93B18242003D0B58CA3C938D56A36F
SHA256:C60D3542F97EE43F99E006B34D444B25444C257318E37B1FF55764309D2A317A
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\magix.icoimage
MD5:6FDE1B06B71E06E44920107D08417550
SHA256:7AEF260163ED2C620530BD10D8434860964908D6432A0F4AD1D8211ACB1280F8
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\dm.xmlxml
MD5:2E95FC5A7CF2CB844F65AEDC6BFCE073
SHA256:B9211D7E370E247A50495FA376CB3B9AD9D9BFD12F7722F105BDF221D66DF880
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Install.cfgtext
MD5:3C1C800F08E18D967C1BA6075D314E55
SHA256:C8DC5D8549EAA6DB1F639075B83890F2D1DE5ADEF40D2B78BB060C58AD3105ED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
28
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.48.23.162:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6480
RUXIMICS.exe
GET
200
23.48.23.162:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
whitelisted
6480
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
whitelisted
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
whitelisted
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6480
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.48.23.162:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6480
RUXIMICS.exe
23.48.23.162:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
7536
MxDownloadManager.exe
195.214.216.160:80
www.magix.com
GTT Communications Inc.
DE
whitelisted
6480
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 23.48.23.162
  • 23.48.23.194
  • 23.48.23.190
  • 23.48.23.158
  • 23.48.23.169
  • 23.48.23.156
  • 23.48.23.166
  • 23.48.23.141
  • 23.48.23.147
whitelisted
www.magix.com
  • 195.214.216.160
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
extapi.magix.com
  • 195.214.216.83
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
vegaspro14edit_dlm.exe