File name:

vegaspro14edit_dlm.exe

Full analysis: https://app.any.run/tasks/d303620a-f371-4525-8b32-d56023ef6290
Verdict: Malicious activity
Analysis date: May 15, 2025, 20:50:09
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

123D789749ADED25E80BB5AFD501AF03

SHA1:

D4047FE2147AB386EDB7A0BB228E286C2B30D928

SHA256:

DA9D91AB887E7915BAC3BF19E76A996C1208047B169FFFAA8D19E573ABA6BB9C

SSDEEP:

98304:FgSEdfJ1ScyM4+FMU0ZQdIFZx0CaPbJSSgmNFsS6rvpSmG46LEHSi/cKLdyMspi5:L3J

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • vegaspro14edit_dlm.exe (PID: 7372)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Reads security settings of Internet Explorer

      • MxDownloadManager.exe (PID: 7536)
      • vegaspro14edit_dlm.exe (PID: 7468)

    • There is functionality for taking screenshot (YARA)

      • vegaspro14edit_dlm.exe (PID: 7468)
      • MxDownloadManager.exe (PID: 7536)

  • INFO

    • Create files in a temporary directory

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Checks supported languages

      • vegaspro14edit_dlm.exe (PID: 7468)
      • MxDownloadManager.exe (PID: 7536)

    • Reads the computer name

      • vegaspro14edit_dlm.exe (PID: 7468)
      • MxDownloadManager.exe (PID: 7536)

    • The sample compiled with czech language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with english language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with spanish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with french language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with Italian language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with korean language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with japanese language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with polish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with portuguese language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with russian language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with swedish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with turkish language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with german language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • The sample compiled with chinese language support

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Process checks computer location settings

      • vegaspro14edit_dlm.exe (PID: 7468)

    • Reads the software policy settings

      • MxDownloadManager.exe (PID: 7536)
      • slui.exe (PID: 7968)

    • Checks proxy server information

      • MxDownloadManager.exe (PID: 7536)
      • slui.exe (PID: 7968)

    • Creates files or folders in the user directory

      • MxDownloadManager.exe (PID: 7536)

    • Reads the machine GUID from the registry

      • MxDownloadManager.exe (PID: 7536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:02:20 16:55:50+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 12
CodeSize: 664064
InitializedDataSize: 787456
UninitializedDataSize: -
EntryPoint: 0x4ead6
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.3.40.36
ProductVersionNumber: 1.3.40.36
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: MAGIX Software GmbH
FileDescription: VEGAS Pro 14 Edit (en-US)
FileVersion: 1.3.40.36
LegalCopyright: Copyright © MAGIX Software GmbH
ProductName: VEGAS Pro 14 Edit (en-US)
ProductVersion: 1.3.40.36
MX_Culture: en-US
MX_StubConfig: Release
MX_StubVersion: 1.4.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
129
Monitored processes
4
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start vegaspro14edit_dlm.exe mxdownloadmanager.exe slui.exe vegaspro14edit_dlm.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
7372"C:\Users\admin\Desktop\vegaspro14edit_dlm.exe" C:\Users\admin\Desktop\vegaspro14edit_dlm.exeexplorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
MEDIUM
Description:
VEGAS Pro 14 Edit (en-US)
Exit code:
3221226540
Version:
1.3.40.36
Modules
Images
c:\users\admin\desktop\vegaspro14edit_dlm.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
7468"C:\Users\admin\Desktop\vegaspro14edit_dlm.exe" C:\Users\admin\Desktop\vegaspro14edit_dlm.exe
explorer.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
VEGAS Pro 14 Edit (en-US)
Version:
1.3.40.36
Modules
Images
c:\users\admin\desktop\vegaspro14edit_dlm.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7536"C:\Users\admin\AppData\Local\Temp\mgxviir7z2p\MxDownloadManager.exe" -s VEGAS_Pro_14_Edit_trial -r -ic -it TRIALVERSION_INSTALLERC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\MxDownloadManager.exe
vegaspro14edit_dlm.exe
User:
admin
Company:
MAGIX Software GmbH
Integrity Level:
HIGH
Description:
Installationsmanager
Version:
1, 3, 40, 36
Modules
Images
c:\users\admin\appdata\local\temp\mgxviir7z2p\mxdownloadmanager.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7968C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
7 205
Read events
7 167
Write events
38
Delete events
0

Modification events

(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Timeout
Value:
20000
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:Retries
Value:
3
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:CallbackTimeout
Value:
250
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:BufferSize
Value:
32768
(PID) Process:(7536) MxDownloadManager.exeKey:HKEY_CURRENT_USER\SOFTWARE\MAGIX\MAGIX Installation manager\Internet_Settings
Operation:writeName:VerifyHTTPS
Value:
0
Executable files
36
Suspicious files
3
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\CMxDownloadManagerDlg.initext
MD5:ECE038087FF14D25B25E98DF73360FE6
SHA256:D4A45BD57343C2B66A62D13DE38D7E302DD8119DAFEBE3EBB3CEAE255AACD978
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\controlTemplates.initext
MD5:D18CB8459CEAA93632E05FCF8BCB6BB3
SHA256:BA50C265DE5E05F6671BBD300689671BA8D18E04F047BC6B53CA21749A05B8AC
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\Logo.pngimage
MD5:0E4712A4E4EBA8B6B6829CA21FD6DEF8
SHA256:63A0002EFBBB5698778CA16E61CD47654450614423BBD75D20F3F6E2BC3AC8AD
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\Promo.pngbinary
MD5:B09D593A80EB3B307B6A4B5DC1CC4788
SHA256:FF36D496D9098F364773929C003657C8DFE866CF58CBA49BD4D6AAA3E46A2B99
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\generalTemplates.INItext
MD5:2F3C70A69905CC6D8E413C885FA4D657
SHA256:1BA202395050FF1D2415EB23B5615611E22F0FA6C0BE0828C8220CED49A06AAB
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\ProgressDialogTemplates.pngimage
MD5:CBE0A7C1EE665C7272873C031A0C5D52
SHA256:9CF7CE3D45C97311E6A400413C61BEFCCF9BF6E9820D5886414829D1D2F2CA86
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\Bitmaps\mxgui.4.0\ProgressDialogTemplates.initext
MD5:2F93B18242003D0B58CA3C938D56A36F
SHA256:C60D3542F97EE43F99E006B34D444B25444C257318E37B1FF55764309D2A317A
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\IJL10.DLLexecutable
MD5:1FE7721489712E47631F50AE11129815
SHA256:C04F5AD4D3B34F7CBBB16853D924D005655035CD037AF5B02D8C63FAB02ABEA6
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\ijl20.dllexecutable
MD5:74472D4F18646F39D758BD6CC16558CF
SHA256:EF8C2C043CDCC960A0082076EAA21542807AD47C895FABF5ADE33F843AC0DE13
7468vegaspro14edit_dlm.exeC:\Users\admin\AppData\Local\Temp\mgxviir7z2p\dm.xmlxml
MD5:2E95FC5A7CF2CB844F65AEDC6BFCE073
SHA256:B9211D7E370E247A50495FA376CB3B9AD9D9BFD12F7722F105BDF221D66DF880
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
28
DNS requests
11
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
whitelisted
2104
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6480
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
whitelisted
6480
RUXIMICS.exe
GET
200
23.48.23.162:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
23.48.23.162:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/
unknown
whitelisted
7536
MxDownloadManager.exe
GET
301
195.214.216.160:80
http://www.magix.com/user/client_redirects/service_api/extservices_crp.utf8.php
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6480
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.48.23.162:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6480
RUXIMICS.exe
23.48.23.162:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
7536
MxDownloadManager.exe
195.214.216.160:80
www.magix.com
GTT Communications Inc.
DE
whitelisted
6480
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 216.58.206.78
whitelisted
crl.microsoft.com
  • 23.48.23.162
  • 23.48.23.194
  • 23.48.23.190
  • 23.48.23.158
  • 23.48.23.169
  • 23.48.23.156
  • 23.48.23.166
  • 23.48.23.141
  • 23.48.23.147
whitelisted
www.magix.com
  • 195.214.216.160
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
extapi.magix.com
  • 195.214.216.83
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
vegaspro14edit_dlm.exe