3988557312ceca76bee86e2df0c34f2cdc7b2dc370846ba8390ae1d36d61e900

Analysis

max time kernel
371s
max time network
408s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

693.2MB
MD5

1afd68147ac485753917930116210a40
SHA1

8c8deec48a8a7c3d4e5af8e26e8b3d09decad08b
SHA256

3988557312ceca76bee86e2df0c34f2cdc7b2dc370846ba8390ae1d36d61e900
SHA512

4cd02d60b7f30c7b5e08e312330342c124c9fb4cda01ba99e8d765a4040ee7832760a25c1d9e32a5e5a3a4521a4bd2c2a75a6b48395f32da1959f2117dadeacb
SSDEEP

12582912:bGbk9hNMUyBXnkRSuLBCF8WwX2VX0I/wY3jCMQRoMCb+RSGcYHqEtZF8:lM5XnVTSX2VX0I/fjCpob+RSGdx8

Score

10^/10

persistence ransomware

Malware Config

Extracted

Path

C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\LICENSES.chromium.html

Ransom Note

<!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <title>Credits</title> <link rel="stylesheet" href="chrome://resources/css/text_defaults.css"> <style> body { background-color: white; font-size: 84%; max-width: 1020px; } .page-title { font-size: 164%; font-weight: bold; } .product { background-color: #c3d9ff; border-radius: 5px; margin-top: 16px; overflow: auto; padding: 2px; } .product .title { float: left; font-size: 110%; font-weight: bold; margin: 3px; } .product .homepage { color: blue; float: right; margin: 3px; text-align: right; } .product .homepage::before { content: " - "; } .product .show { color: blue; float: right; margin: 3px; text-align: right; text-decoration: underline; } .licence { background-color: #e8eef7; border-radius: 3px; clear: both; display: none; padding: 16px; } .licence h3 { margin-top: 0; } .licence pre { white-space: pre-wrap; } .dialog #print-link, .dialog .homepage { display: none; } input + label + div { display: none; } input + label::after { content: "show license"; cursor: pointer; } input:checked + label + div { display: block; } input:checked + label::after { content: "hide license"; cursor: pointer; } </style> </head> <body> <span class="page-title" style="float:left;">Credits</span> <a id="print-link" href="#" style="float:right;" hidden>Print</a> <div style="clear:both; overflow:auto;"> <div class="product"> <span class="title">Abseil</span> <span class="homepage"><a href="https://github.com/abseil/abseil-cpp">homepage</a></span> <input type="checkbox" hidden id="0"> <label class="show" for="0" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. </pre> </div> </div> <div class="product"> <span class="title">Accessibility Audit library, from Accessibility Developer Tools</span> <span class="homepage"><a href="https://raw.githubusercontent.com/GoogleChrome/accessibility-developer-tools/master/dist/js/axs_testing.js">homepage</a></span> <input type="checkbox" hidden id="1"> <label class="show" for="1" tabindex="0"></label> <div class="licence"> <pre> Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original ver

Emails

<[email protected]&gt

URLs

http://www.apache.org/licenses/

http://www.apache.org/licenses/LICENSE-2.0

http://code.google.com/p/y2038

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2

http://mozilla.org/MPL/2.0/

http://www.torchmobile.com/

https://cla.developers.google.com/clas

http://www.openssl.org/)"

https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS

http://www.opensource.apple.com/apsl/

http://www.mozilla.org/MPL/

http://www.apple.com/legal/guidelinesfor3rdparties.html

http://developer.intel.com/vtune/cbts/strmsimd/922down.htm

http://skal.planet-d.net/coding/dct.html

http://developer.intel.com/vtune/cbts/strmsimd/appnotes.htm

http://www.elecard.com/peter/idct.html

http://www.linuxvideo.org/mpeg2dec/

https://firebase.google.com/terms/analytics/

https://www.freetype.org

https://www.khronos.org/registry/

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
40	4308	msiexec.exe
42	4308	msiexec.exe

Executes dropped EXE 4 IoCs

pid	Process
3264	vegas180.exe
2244	ErrorReportLauncher.exe
2400	vegas180.exe
4804	ErrorReportLauncher.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA2-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E881-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA1-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\mchammer_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA2-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74D54F5E-CE55-11EA-BD9E-00155D43CFCE}\LocalServer32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E1-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\xpvinyl_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA2-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4101-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\mchammer_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224541-6F92-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\mchammer_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0B-10E8-11D2-9B89-00104B8D13C2}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe

Loads dropped DLL 64 IoCs

pid	Process
1240	MsiExec.exe
1240	MsiExec.exe
4576	MsiExec.exe
1240	MsiExec.exe
4576	MsiExec.exe
1472	MsiExec.exe
1472	MsiExec.exe
1472	MsiExec.exe
3500	MsiExec.exe
3500	MsiExec.exe
3500	MsiExec.exe
2852	MsiExec.exe
2852	MsiExec.exe
2852	MsiExec.exe
1084	MsiExec.exe
1084	MsiExec.exe
1084	MsiExec.exe
3496	MsiExec.exe
3496	MsiExec.exe
3496	MsiExec.exe
2680	MsiExec.exe
2680	MsiExec.exe
2680	MsiExec.exe
444	MsiExec.exe
444	MsiExec.exe
444	MsiExec.exe
3232	MsiExec.exe
3232	MsiExec.exe
3232	MsiExec.exe
204	MsiExec.exe
204	MsiExec.exe
204	MsiExec.exe
4932	MsiExec.exe
4932	MsiExec.exe
4932	MsiExec.exe
4880	MsiExec.exe
4880	MsiExec.exe
4880	MsiExec.exe
3952	MsiExec.exe
2368	MsiExec.exe
4712	MsiExec.exe
1048	MsiExec.exe
1048	MsiExec.exe
1028	MsiExec.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe
3264	vegas180.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Drops file in System32 directory 52 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mfc110ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr71.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110cht.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangDE.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangRU.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110esn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangES.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110rus.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangJA.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr70.dll	msiexec.exe
File created	C:\Windows\SysWOW64\DLLDEV32i.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib110.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBUI.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBControl.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110esn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp71.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\DLLDEV32i.dll	vegas180.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangFR.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\de\ScriptPortal.Vegas.Slideshow.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\fr\MediaMgrNgen.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces\luts\rrt_ut33_sRGB.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Patchlists\VocalStrip\Default.epl	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Reggae Guitar Chorus.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\wmfplug4\wmfplug4_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\External Control Drivers\spconsoleopt.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfplug3\SMDK-VC110-x64-4_0_0_scs.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\V3_LogC_250_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\fr.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxavcaacplug\mc_cpu\mc_mux_mp4.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\sfld.ldd.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Microsoft.WindowsAPICodePack.Shell.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Win64\Filters.ofx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Resources\TitlesAndText.zh-CN.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_cs_CZ.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_zh_CN.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\Default.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Delete Breath.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Phaser\[Sys] Spring Fx.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormMail_en_US.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_en_UK.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\flacplug\flacplug.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\readme\HTML_ASSETS\rbg.gif	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfplug3\smdkwrap3.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\rec1886_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\fonts\SilverCharm.otf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\TubeStage\Default.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormMail_sv_SE.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\oggplug\oggplug_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\readme\HTML_ASSETS\release-banner_fra.jpg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\de\ScriptPortal.Capture.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\gnsdk_sqlite.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Presets\PresetPackage.ko-KR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] Cathedral.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\MxOfxRotation.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Flanger Pad Enhancer.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Online\MagixOFA-en.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Microsoft.Toolkit.Forms.UI.Controls.WebView.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Resources\MagixCVFx.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\VegasOfxRotation.ja-JP.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\redplug\redplug.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\readme\HTML_ASSETS\fonts.css	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcplug2\mcplug2.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcplug2\mcplug2_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Resources\Filters.fr-FR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\es\ScriptPortal.Vegas.RelinkSonyWirelessAdapterMedia.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_fr_FR.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_ja_JP.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Resource\UnlockDialog_IT.ini	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mp3plug2\mp3plug2.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\flacplug\flacplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\Log2_48_nits_Shaper_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\ms.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\2fca99749fdb49aeb121a5b63ef568f7\plugin.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxhevcplug\mp4ffsdk.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Vox Ensemble Warm.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] ShortDelay.efx	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\aviplug\aviplug_esp.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Script Menu\Export Closed Captioning for DVD Architect.cs	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\ScriptPortal.MediaSoftware.DeviceExp.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfhdcamsrplug\mxfhdcamsrplug.chm	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1d.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1f.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBD51.tmp\System.Data.OracleClient.dll	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcamp140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE06.tmp\System.Configuration.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index10.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index13.dat	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140fra.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index12.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\Installer\SourceHash{76E3BD00-CE55-11EA-B409-00155D43CFCE}	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20221028103828561.0\9.0.30729.4148.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20221028103828983.0\vcomp.dll	msiexec.exe
File created	C:\Windows\Installer\{7551F970-CE55-11EA-BB48-00155D43CFCE}\vegas.ico (new loc)	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20221028103829061.0	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140kor.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcamp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140kor.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20221028103828639.0	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140fra.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index18.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF71E.tmp\Vegmuxtw.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index29.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index27.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20221028103828373.0\9.0.30729.4148.policy	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140fra.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140ita.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfcm140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140deu.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\indexc.dat	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_vcomp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index21.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFAB8.tmp\Vegmuxrt.dll	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140enu.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	ngen.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2b.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\MSIA493.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140u.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index17.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140kor.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140u.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF36A.tmp\mux.net.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index13.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index29.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20221028103828029.0\msvcr90.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140kor.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20221028103828951.0	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1d.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20221028103828389.0\msvcm90.dll	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfcm140u.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index21.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140deu.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140ita.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfcm140u.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 7 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Microsoft Input Devices	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Microsoft Input Devices\Mouse	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Filename = "Setup.exe"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Description = "Sony Application"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Version = "4294967295"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001	Setup.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A243-301B-11D3-B030-00C04F4C0826}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0528CE3-F67E-11D2-8F8E-00C04F4C3B9F}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5F6A23B-301B-11D3-B030-00C04F4C0826}\TypeLib	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\079F155755ECAE11BB840051D534FCEC\NewVideoFXDisplay	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\079F155755ECAE11BB840051D534FCEC\SourceList\Media\143 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4BAFF01-F907-11D2-8F8F-00C04F4C3B9F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2937285E-5ACC-41E1-95F4-CDB7955C3D69}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Pins\Input\Direction = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{471D8C3F-D01A-42D5-8132-39AF8A3C0ECC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D1684A1-1023-4784-B24B-AE32D1513B70}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95B14F82-2AE0-4BD1-9705-8AB6A51DC3C6}\ = "ICddbInfoWindow2"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.veg	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}\Pins	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0528CDF-F67E-11D2-8F8E-00C04F4C3B9F}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\079F155755ECAE11BB840051D534FCEC\sonydeviceexp	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vf	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B0528CE4-F67E-11D2-8F8E-00C04F4C3B9F}\ProgID	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3836A5BF-51B3-4B37-8E96-9D429C22183C}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BB07B13-0CC8-11D3-B00E-00C04F4C0826}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\079F155755ECAE11BB840051D534FCEC\SourceList\Media\35 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\079F155755ECAE11BB840051D534FCEC\SourceList\Media\37 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList\Media\340 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D1684A1-1023-4784-B24B-AE32D1513B70}\ProxyStubClsid32	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F11C06FD-4CBB-42F1-BB87-6EED8BEA1BC3}\ID3 = "2628013585"	vegas180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.FullName\ = "CddbFullName Class"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45CCD308-F7E1-477e-A14C-CBFBB3DC07E4}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbID3TagManager.1\CLSID\ = "{DFEF3E96-F1D4-47CE-A429-2CC8C10DFDB6}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C073A662-A344-4611-8632-06452280EBB0}\ = "CddbInfoWindow Class"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B6B179D-6E42-45EE-AAD0-13B0E698799D}\ = "ICddbDisc2"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B97C0F22-196D-11D1-B99B-00A0C9053912}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0F56-11D2-9887-00A0C969725B}\ = "ExpressFX Noise Gate"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F59DD74A-14E1-11D2-B3B2-00A0C90642CC}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbSegment\CLSID	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList\Media\83 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\Pins\Input\IsRendered = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8FCA01DA-D48C-4B1C-9DD3-6C01F9D3D4AF}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74D54F5E-CE55-11EA-BD9E-00155D43CFCE}\VersionIndependentProgID\ = "vegas180"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A241-301B-11D3-B030-00C04F4C0826}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList\Media\336 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0528CDF-F67E-11D2-8F8E-00C04F4C3B9F}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Input\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbWMATag.1\CLSID\ = "{8FCA01DA-D48C-4B1C-9DD3-6C01F9D3D4AF}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{95B14F82-2AE0-4BD1-9705-8AB6A51DC3C6}\TypeLib	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9BD3160E-0464-485E-A672-D806BEB00E29}\NumMethods\ = "7"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Output\Types	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBUIControl.CddbUI\CLSID	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BBF37B9E-2F4F-11D3-B02F-00C04F4C0826}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5F6A243-301B-11D3-B030-00C04F4C0826}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8F918803-57F2-480A-9BF3-3B68F46C5B82}\ = "ICddbDataListElement"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\Pins\Input	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA1-A056-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\Pins\Input\IsRendered = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbInfoWindow	MsiExec.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	vegas180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	vegas180.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3928	Setup.exe
3928	Setup.exe
4308	msiexec.exe
4308	msiexec.exe
4308	msiexec.exe
4308	msiexec.exe
4324	msedge.exe
4324	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
872	msedge.exe
872	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4524	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4524	msiexec.exe
Token: SeSecurityPrivilege	4308	msiexec.exe
Token: SeCreateTokenPrivilege	4524	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4524	msiexec.exe
Token: SeLockMemoryPrivilege	4524	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4524	msiexec.exe
Token: SeMachineAccountPrivilege	4524	msiexec.exe
Token: SeTcbPrivilege	4524	msiexec.exe
Token: SeSecurityPrivilege	4524	msiexec.exe
Token: SeTakeOwnershipPrivilege	4524	msiexec.exe
Token: SeLoadDriverPrivilege	4524	msiexec.exe
Token: SeSystemProfilePrivilege	4524	msiexec.exe
Token: SeSystemtimePrivilege	4524	msiexec.exe
Token: SeProfSingleProcessPrivilege	4524	msiexec.exe
Token: SeIncBasePriorityPrivilege	4524	msiexec.exe
Token: SeCreatePagefilePrivilege	4524	msiexec.exe
Token: SeCreatePermanentPrivilege	4524	msiexec.exe
Token: SeBackupPrivilege	4524	msiexec.exe
Token: SeRestorePrivilege	4524	msiexec.exe
Token: SeShutdownPrivilege	4524	msiexec.exe
Token: SeDebugPrivilege	4524	msiexec.exe
Token: SeAuditPrivilege	4524	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4524	msiexec.exe
Token: SeChangeNotifyPrivilege	4524	msiexec.exe
Token: SeRemoteShutdownPrivilege	4524	msiexec.exe
Token: SeUndockPrivilege	4524	msiexec.exe
Token: SeSyncAgentPrivilege	4524	msiexec.exe
Token: SeEnableDelegationPrivilege	4524	msiexec.exe
Token: SeManageVolumePrivilege	4524	msiexec.exe
Token: SeImpersonatePrivilege	4524	msiexec.exe
Token: SeCreateGlobalPrivilege	4524	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe

Suspicious use of FindShellTrayWindow 12 IoCs

pid	Process
3928	Setup.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
3264	vegas180.exe
3264	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe
2400	vegas180.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 4524	3928	Setup.exe	91
PID 3928 wrote to memory of 4524	3928	Setup.exe	91
PID 4308 wrote to memory of 1240	4308	msiexec.exe	96
PID 4308 wrote to memory of 1240	4308	msiexec.exe	96
PID 4308 wrote to memory of 1240	4308	msiexec.exe	96
PID 4308 wrote to memory of 4576	4308	msiexec.exe	97
PID 4308 wrote to memory of 4576	4308	msiexec.exe	97
PID 4308 wrote to memory of 1472	4308	msiexec.exe	99
PID 4308 wrote to memory of 1472	4308	msiexec.exe	99
PID 4308 wrote to memory of 3500	4308	msiexec.exe	100
PID 4308 wrote to memory of 3500	4308	msiexec.exe	100
PID 4308 wrote to memory of 2852	4308	msiexec.exe	101
PID 4308 wrote to memory of 2852	4308	msiexec.exe	101
PID 4308 wrote to memory of 1084	4308	msiexec.exe	102
PID 4308 wrote to memory of 1084	4308	msiexec.exe	102
PID 4308 wrote to memory of 3496	4308	msiexec.exe	103
PID 4308 wrote to memory of 3496	4308	msiexec.exe	103
PID 4308 wrote to memory of 2680	4308	msiexec.exe	105
PID 4308 wrote to memory of 2680	4308	msiexec.exe	105
PID 4308 wrote to memory of 444	4308	msiexec.exe	106
PID 4308 wrote to memory of 444	4308	msiexec.exe	106
PID 4308 wrote to memory of 3232	4308	msiexec.exe	107
PID 4308 wrote to memory of 3232	4308	msiexec.exe	107
PID 4308 wrote to memory of 204	4308	msiexec.exe	108
PID 4308 wrote to memory of 204	4308	msiexec.exe	108
PID 4308 wrote to memory of 4932	4308	msiexec.exe	109
PID 4308 wrote to memory of 4932	4308	msiexec.exe	109
PID 4308 wrote to memory of 4880	4308	msiexec.exe	110
PID 4308 wrote to memory of 4880	4308	msiexec.exe	110
PID 4308 wrote to memory of 3952	4308	msiexec.exe	111
PID 4308 wrote to memory of 3952	4308	msiexec.exe	111
PID 4308 wrote to memory of 3952	4308	msiexec.exe	111
PID 4308 wrote to memory of 2368	4308	msiexec.exe	112
PID 4308 wrote to memory of 2368	4308	msiexec.exe	112
PID 4308 wrote to memory of 2368	4308	msiexec.exe	112
PID 4308 wrote to memory of 4712	4308	msiexec.exe	113
PID 4308 wrote to memory of 4712	4308	msiexec.exe	113
PID 4308 wrote to memory of 4712	4308	msiexec.exe	113
PID 4308 wrote to memory of 1048	4308	msiexec.exe	114
PID 4308 wrote to memory of 1048	4308	msiexec.exe	114
PID 4308 wrote to memory of 1028	4308	msiexec.exe	115
PID 4308 wrote to memory of 1028	4308	msiexec.exe	115
PID 4308 wrote to memory of 3264	4308	msiexec.exe	116
PID 4308 wrote to memory of 3264	4308	msiexec.exe	116
PID 3264 wrote to memory of 2244	3264	vegas180.exe	118
PID 3264 wrote to memory of 2244	3264	vegas180.exe	118
PID 4576 wrote to memory of 1924	4576	MsiExec.exe	120
PID 4576 wrote to memory of 1924	4576	MsiExec.exe	120
PID 4576 wrote to memory of 1924	4576	MsiExec.exe	120
PID 1924 wrote to memory of 4928	1924	ngen.exe	122
PID 1924 wrote to memory of 4928	1924	ngen.exe	122
PID 1924 wrote to memory of 4928	1924	ngen.exe	122
PID 1924 wrote to memory of 3824	1924	ngen.exe	123
PID 1924 wrote to memory of 3824	1924	ngen.exe	123
PID 1924 wrote to memory of 3824	1924	ngen.exe	123
PID 1924 wrote to memory of 4036	1924	ngen.exe	124
PID 1924 wrote to memory of 4036	1924	ngen.exe	124
PID 1924 wrote to memory of 4036	1924	ngen.exe	124
PID 1924 wrote to memory of 308	1924	ngen.exe	125
PID 1924 wrote to memory of 308	1924	ngen.exe	125
PID 1924 wrote to memory of 308	1924	ngen.exe	125
PID 1924 wrote to memory of 1996	1924	ngen.exe	126
PID 1924 wrote to memory of 1996	1924	ngen.exe	126
PID 1924 wrote to memory of 1996	1924	ngen.exe	126

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Windows\SYSTEM32\msiexec.exe
  "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi" /quiet /norestart /Liwear "C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_28102022-103816.log"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4524

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 5974228A62188DACF25C50BE6083A390
  2⤵
  - Loads dropped DLL
  PID:1240
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 0710F02B6D536319464B6BA224840552
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4576
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" Install "C:\Program Files\VEGAS\VEGAS Pro 18.0\bdmux\BdMuxServer.exe"
    3⤵
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:1924
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 228 -Pipe 234 -Comment "NGen Worker Process"
      4⤵
      PID:4928
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 238 -Pipe 2b0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3824
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 2d4 -Pipe 2b8 -Comment "NGen Worker Process"
      4⤵
      PID:4036
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2e8 -Pipe 2e4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:308
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2f4 -Pipe 2fc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1996
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 30c -Pipe 2f4 -Comment "NGen Worker Process"
      4⤵
      PID:4336
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 2cc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4064
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 314 -Pipe 2dc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3748
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 328 -Pipe 2c8 -Comment "NGen Worker Process"
      4⤵
      PID:2836
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 324 -Pipe 2b4 -Comment "NGen Worker Process"
      4⤵
      PID:4424
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 304 -Pipe 310 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3084
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 30c -Pipe 2ec -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:872
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 238 -Pipe 2f0 -Comment "NGen Worker Process"
      4⤵
      PID:4100
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2c0 -Pipe 228 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4712
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 238 -Pipe 2e8 -Comment "NGen Worker Process"
      4⤵
      PID:4764
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 320 -Pipe 308 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3736
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c0 -InterruptEvent 0 -NGENProcess 334 -Pipe 328 -Comment "NGen Worker Process"
      4⤵
      PID:2456
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 32c -Pipe 2c0 -Comment "NGen Worker Process"
      4⤵
      PID:1908
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 31c -Pipe 314 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3984
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 334 -Pipe 338 -Comment "NGen Worker Process"
      4⤵
      PID:5068
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 0 -NGENProcess 32c -Pipe 238 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:552
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 354 -Pipe 334 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2816
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 348 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3920
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 350 -Pipe 358 -Comment "NGen Worker Process"
      4⤵
      PID:808
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 364 -Pipe 360 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2860
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 30c -Pipe 318 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4520
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 320 -InterruptEvent 0 -NGENProcess 300 -Pipe 31c -Comment "NGen Worker Process"
      4⤵
      PID:3120
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 33c -Pipe 35c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4352
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1d8 -InterruptEvent 0 -NGENProcess 32c -Pipe 304 -Comment "NGen Worker Process"
      4⤵
      PID:636
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 324 -Comment "NGen Worker Process"
      4⤵
      PID:3552
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 33c -Pipe 1d8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3160
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 350 -InterruptEvent 0 -NGENProcess 33c -Pipe 300 -Comment "NGen Worker Process"
      4⤵
      PID:2400
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 36c -Pipe 340 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1836
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 364 -Pipe 37c -Comment "NGen Worker Process"
      4⤵
      PID:3232
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 2f8 -Pipe 320 -Comment "NGen Worker Process"
      4⤵
      PID:4880
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 364 -Pipe 2e0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4268
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 378 -InterruptEvent 0 -NGENProcess 380 -Pipe 374 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4432
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  PID:1472
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:3500
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:2852
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:1084
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:3496
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  PID:2680
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:444
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:3232
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:204
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:4932
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  PID:4880
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBControl.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3952
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBUI.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:2368
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\x86\sfvstproxystubx86.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:4712
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\sfvstwrap.dll"
  2⤵
  - Loads dropped DLL
  PID:1048
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 286A53A9DA023556B80D6AD482045560 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:1028
- C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe
  "C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe" /register /user 1085
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3264
- - C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe
    "C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe"
    3⤵
    - Executes dropped EXE
    PID:2244

C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe
"C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2400
- C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe
  "C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe"
  2⤵
  - Executes dropped EXE
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rdir.magix.net/?page=I73QRJIS3ZY3&phash=vxHpi00xYtRQv2K3
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ff9861346f8,0x7ff986134708,0x7ff986134718
    3⤵
    PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,12857111691296884192,18333565916282581123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,12857111691296884192,18333565916282581123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,12857111691296884192,18333565916282581123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
    3⤵
    PID:1624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12857111691296884192,18333565916282581123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
    3⤵
    PID:2460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12857111691296884192,18333565916282581123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
    3⤵
    PID:3372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,12857111691296884192,18333565916282581123,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,12857111691296884192,18333565916282581123,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1336

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\EULA_esp.rtf

Filesize
14KB

MD5
7fc6d90cef9c20ebf824a3b1439b6f4f

SHA1
f776859e95036b59013290fc2b38410960fbc26d

SHA256
5a95d91246a8933595665dae0ffa01fb6414a465bea63b536e622e5c24713463

SHA512
c6e041faf8d361de4f6e5f97eb4aed6840de83efc40202fe408c7d760e7970c1638e8c12ec7f5be5bf328ee5b358fe97887c81c654b0d89f0fb68035a133cf66

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi

Filesize
49.9MB

MD5
e6801cf002699ff8cfcd2b099fcefaeb

SHA1
37b58c13c284af48a2acfcc6875944bccebe00d5

SHA256
51363501212dae8bc9b33c8aec711271d311f2f360ebc620c20d36ed714995f9

SHA512
bed4d17102288fecc044fbace08b560d3597fca962ad0eebff6f094378870843904a7afeb6e7e790da2420414950e977e1ba4a0501c958abc1b8e5a040367ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\Monitor3D.cab

Filesize
922KB

MD5
5bcd6a6e167ae358fa7de5e8ce5d497e

SHA1
bd321d42428190e03a5e6f53721caea38b41d46f

SHA256
94d23df4013482606390f5b2532c870e21cfe1b9177f566b47c7d28bfe92d19b

SHA512
80b7d0b34047fafb04a7d7ac815a34d222a7e31e3527b76f7a1a1be5485ceec479e0e5518d63131f7f0da6b7dfd58f9af263b23feeedec01d12588b95e24eac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\OFXFilters.cab

Filesize
3.1MB

MD5
1e7a33078135779ecf9e7878cce505c2

SHA1
31e6bf27a290c55cfa34c96b43e1bfaf0c20702d

SHA256
881528d4990af3ac3274dda21081585a38260f7700bb907ef60f98078dc88c13

SHA512
57e766d095aea18a9296155b85a2fdae6567d285003512db659324f50d6e8c3b636243c11c954ca2d27836fb862bc6a98f2a5d04c5aa2b19ebe2e72a705aa4e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\ac3studioplug.cab

Filesize
1.6MB

MD5
ddd0ad783e98df4e406afa6eb87d6b26

SHA1
c140cfe33cba8eeb55f6d448720f49e2809a295b

SHA256
f7ac37497b93b8c8f2d1e0dce2ada71ab08ebac623c31a2521e2bd3848a7918f

SHA512
6639c595c546f9d8295bbc4a44da205b6c1975c899d749177641670449abc6eafd62e8a699fc38f89c603c37477b697a113d3dd21ef07b850603848b1f5b1356

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\aifplug.cab

Filesize
2.0MB

MD5
034450693e67618dd3353199758a02d0

SHA1
8f7bd82c47e2d3ed7743f291144faac78338b570

SHA256
3fa579e04ae9832cae77eded7232283fc793d0dd168815d0f1e486a6850a993a

SHA512
c9c0633c5ac59df023bf97b3d3bc035669fb14ac0273a11e3c3d2cc3fefd9039a9932173ba073d9dfe316af9b5545dcfca93f88ad1ccf2d282b148c620b01c78

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\atracplug.cab

Filesize
527KB

MD5
09fa7f36e7f5444a863030c331c12926

SHA1
b275ce8795b60031391f80cf8fff2708e036be17

SHA256
72fff6844c6dcbf1cd510eeb3fd2580f5ac8f82498e13e4b5c3b76a825d4316e

SHA512
eb540025feed6d4a57e4117a1ec310a2da871ff156a2887b73dd743b7b98981f63327b05ab50618c6ed9816f7711d0c46d47fb65b9fe53a8ed08b85f10ec3d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\aviplug.cab

Filesize
355KB

MD5
69cc7216a2aff0690cc14d70f4e31362

SHA1
027b127130b1c0e1ab3378e4261ed979594bb96b

SHA256
01c50e59208d504f9c5926b929a0aa6ad8b02a5dc61141d6e9719067e5e056a4

SHA512
4fccf427f242609846c2fff5695063f737ce50b0a4cf323fb51832faea4a48e07c98d8c564a956eb09d0e3b7b45748f05dcdd0fc1e4a4bb4958466f0a0f58bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\cddb.cab

Filesize
742KB

MD5
f507dd458568b422a08e065503310e06

SHA1
296abfcd40d7d3065268b04aaae72889a80ba7dd

SHA256
8c02e481770497824a72fd3b3549dfcc21fa8ee0e1a2f645e8d0278d3d2c60f8

SHA512
4a0441c69b7e3c341746a1e78ad7b6e44865e7cc670d2ab6cc8a715d3b53b393c951dfbe83a70e3e0e95ae4180df37d8863e6187c7af6c50ac640a5567d4cf1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\errorreport.cab

Filesize
6.7MB

MD5
6b1f70a954748b02393d2021316789cb

SHA1
e0fb19813e61624d037898196d3e0ae1fd9d34dd

SHA256
a621f2cf23677a19c790577f5d4a049d3de5eb4024268dfcea39f563ba8bc753

SHA512
8984cfc04e4dbab8550e938cde51d7f7f8c6ea705a8bda2a2e0376e06564fab0f3a64354c05347995599e46787e92a6dfe00608b98a15ff1e2efa8a84525e143

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\exctrldr.cab

Filesize
11.0MB

MD5
8948b87b32e1782036d2d7b1abf3acd6

SHA1
52a6d343db02e965f037840d05b004c6b9a97afb

SHA256
d65fdb74efcbd271fd021b430414a7d1837b7ca6e6cd27bcee0e9872ffad5581

SHA512
844f1ed15122b57e6bf3e4f1878f67c1481d3c2799c34edb868fcce48ffac597f2e98c2c9b2c345fd1e69e61d45a598cdc8b86264b4dd7e1a803d2720becf729

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\extvid.cab

Filesize
2.5MB

MD5
1b02be6464c5b77333860ce189ba8d2c

SHA1
286037eb03910d6a7a25f9618d9458040e670fe1

SHA256
5b1173cbe86c5ed15628796f6aa8f0ca767a982e5cc58a9d3702bd80e47915cd

SHA512
5b5fddb08e8dc1e8c64c5c6895b7eb07fa2046db79b5dddf069a3ff1e74120ea5a0f2c84e0c758ee476d08ef7d24d600b674c9fbff664235540498f9d5c8beba

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\extvid_aja.cab

Filesize
306KB

MD5
a92d425f7af1b7c64a0eebe09d492eea

SHA1
78374be2cb8956d39225dd78a419501ee33d434b

SHA256
fb0667908415dcf91bffdf8c2acda16048ccc139a3aceae7f7f2700075f4eef2

SHA512
34c5eb8f63c205825588e64384462834a5c72f68fd6f30b83863a0b2b6ceb09989fb4c6a7de1241bcbe1cbe9689fa0c33926a04de9ec698d8e3337d59f4bd5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\extvid_decklink.cab

Filesize
803KB

MD5
f426b90f1fbc49473315d5214e51a8bd

SHA1
232d631a552b54a07eaf1a8773b26181c60b44dd

SHA256
e842465e8c741d7cc2d7a691e804d451f62fdd109da0f0505ca763779c41761f

SHA512
352459fd79a405cc0e8afbc823959d20478b2649e7d98262f882f5f21c820d3f3532e01706e5fa3eb5d7853290b70a0c176dd198a4f47c0a11baf6939a048f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\fileio.cab

Filesize
4.6MB

MD5
c5092228e8cbd1046af8965556814030

SHA1
b4bc6f046be6e534cc2a48fa1fb87d81a3986dab

SHA256
2e98ddff14f14fe71bb673751b202664f0b127c742a4187da763ddba550541db

SHA512
0f084daf64b1c370df3ee4c061845523b32abf2a4dbba1942a8646835255a291a4127fa2680afa7df89dd1cd89bef20b13575530dd96eabacd10939b12ec540e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\fileiosurrogate.cab

Filesize
1.4MB

MD5
fa929cb3fd73e5bd508728c816a64ce5

SHA1
bc4cbb28b86daf56fa1c4ba952bedb086f5d9c63

SHA256
a41d0d7179eff616e1bebe014ff65562f42c4db18f707a27cbf4f26068200781

SHA512
d29522b803ed63274e2326d6a6d81cedf7dc886646874681278c7e76d783489c2e9f5880966c6946c908ea4a6bcb2074843ff7639e894edb17d628992b5e052d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\flacplug.cab

Filesize
309KB

MD5
a3c97d14693fa9a433f81957a8cf3f4f

SHA1
bf4e919146992cb42e7fe11fa25fabd796916218

SHA256
40941492c774bb15051a7a2f8f4a6d861e951cd57c40f0bb33f8c5d1446a9d3e

SHA512
d65d0faa7b6f7c1141af6c71a47e15a2e9c6a5bcab90ba916cd5028182536ab8b1282b42546295bfdef368f629c3e49d9bc853610a05d1c46e6bd85ee3d35b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\gifplug.cab

Filesize
54KB

MD5
adee6ca6a96a827a3026e0604eb6e00f

SHA1
849d6b2a32de5d157bcef59a8771067d7c0218db

SHA256
ff28c6ab201ff93412fe235c91ffdfd45a86362bd082533d047ee387cf6bc4c3

SHA512
2f5afcf053e296cb16ab7e6f0f4b3be98ace50174dbe14c049f3104103daffde56e6755759eb061dd4c38212efffaf9b7334fd0dad5dd73e31b5439dca5b76dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\imapi.cab

Filesize
838KB

MD5
b2bb0de58aafc9dc980dabf3d36551c8

SHA1
4bbd398342202656b037cdfb156b4967d9311b72

SHA256
66c985004edb1765516068b60e477ebe91d4d00bfe1697dde4530246b5b2ddcf

SHA512
9fa552965870c1844134168278c1c10eeccf8419cfb7c25d16cf49f54b1f004af81802cd5b85dcd4f7de202155a6cabd610a4a9d3a95f68a6c71bcdc36cfa5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\joystick.cab

Filesize
2KB

MD5
5fee4e7cb96af2ada8ca385abe8eb415

SHA1
77f11b444be7bf6f1756e8770f9da8b2ce289b77

SHA256
70f6c803dd90c33302a9961544af414b6a5a08fdbf55f670252f3fc000fd03ef

SHA512
24dbe9e9a4b2f38cf380f1e055ae939d293d90d37b712de88cc481e0bd623bec438682294bb7d8a5b694a1e2c9bb5fb5f0d6978d13d3140c9dd2ec024502e536

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\layouts_vegas.cab

Filesize
3KB

MD5
932e86b3584b516ff25ec040027ac838

SHA1
3b4a867998fd4ac2cd77d84f2c36c68364005545

SHA256
9e6c11f3fe2fe294771c9495399cdd33463286e45259300a72d3c1e6eb01659b

SHA512
d70e7f2fa83d807435b30ac9dbefff7c7f5238853c3210c8306380ab3bc242f185d47f24dd70cd5fee724798001e5d093904b9abd520cae58ef42ae6b4dcc37b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\log4net.cab

Filesize
88KB

MD5
b1048dca918ae1ec5a2358cd0309b272

SHA1
008a68adb6ab30dc103c8aaeb1dbc651be3925cc

SHA256
8eebce8fc808071cad07f9e241fc55cde8290edfa8ed6ac3cef4f12301719c49

SHA512
063e4cb329f35f397660f6ad11451e7ee20e5a3de2b7c0a837d6ff7e981d1391b3c8e7a28a3babee2bdf0c2820a94bd460de0815cb63c575f647878d2411e2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\mchammer.cab

Filesize
1.1MB

MD5
cc0cf9299c3492c232a79fdd5c72677e

SHA1
a096b3dc402722ea68bee54e779f83743f9c55d6

SHA256
93962182e3a212a43a6cf2d7c1aeee5a6d8a1f2a86377d4be63a775c69fc84cd

SHA512
28b78ee8b96a8423327962a8ef8a807f5536e12768a93bfb662b0e2d56bef41a1a431d71f19df469ab7a62411942f409100e35446a0b9283c4e887ead4aec7af

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\mcplug2.cab

Filesize
5.4MB

MD5
36ec2c68aad12f2b0a656edf531f4f94

SHA1
da2177b426c3445d60d1e8c00a412db67c6dccba

SHA256
8a391aae8ffc5d0dfdd97b423583daa21b21408c665d8cd1c7d42ddb83e17f85

SHA512
9fff509a292def126ad5e46d95f8698a3e983e9990f5eb67d17399e3d282d767db6bb7d5c7dd4b506f9ac7bee7cb17c3d4700fc9ba44a2611606364ce9f38d21

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\mp3plug2.cab

Filesize
553KB

MD5
7811797e6276ce4fa437732fe59a6875

SHA1
89bf880976978d29257e5c5d1cb924ca0cf66d91

SHA256
5acd21c5420e4d77f47b3550d2e0977f29b679b6dc855045f2851d11e591d9af

SHA512
7996f7b5fea462febb44bef1adabba51ce8edb9dcbf94933e3fc9c606fded65090b0b9341b32938a24a04955089ac6f21ffc463dee5bd8502ce45fd347231a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\ngen.cab

Filesize
14KB

MD5
1c444923478ac477503276e9cbde010e

SHA1
0c95d5d89f2d7d41a4387fd3665ce92a98847663

SHA256
444b6a0995a16cd9cb5b84b9a5ab3c6773249e9af081a5d1372de051f21c1069

SHA512
5d77b8d03fe41eead6fe813249984169d604447aa6ed5d2b3a4584e242a6683c488a5ca2b3c6a87ec30f31fab36f10f35cabb78d5ac4342391163ef1dc90ba01

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\oggplug.cab

Filesize
1.8MB

MD5
2160af908fa3da38f5214652bc79eb9f

SHA1
0fbf51f368ec7d90d01335fe8e72588ba4484dcc

SHA256
fac164c94d0f4a86dec815159b6942cb41ffa12ec485c19c9552e960356f7b70

SHA512
c567201b1e912505ebf191cc83eadeca9b9d637ed166d260629c098ef7fdfd74504321561da0810d0450de553d4da2ae048f7df5be003ff34244fdfba78d3959

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\qt7plug.cab

Filesize
454KB

MD5
1bd834cfda1bf770a4880ad40184e58d

SHA1
63b0a1af0a475a3eb6bb15a9a4df518501e2995a

SHA256
613f529f95d9a9f2a9d0b1b4c527edab4e411c15720348bf5562fd5dc5d7801d

SHA512
e47bbb611cee5442470095f12c8116b52e5d3e5cfc51518e8d67a679ed13e28664e471cf924aa5d0a3f4e08b7c9c5e9185ea6de72857d141f01a232fe7891add

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\readme_vegas.cab

Filesize
58KB

MD5
1897cbbb03a46fe81737e5f513903511

SHA1
f1113487157054836667cc8c0719b440a23e2dbe

SHA256
a5ee79e73a8d89ef76a1d402cd666d35e9ca398a2f972179bcb2123d5086b959

SHA512
0ecf30d3235b52b1e99c97d7e209c922136989777d235ba5f2a47c872f23eaa6d1ee824f6af7ec60ac08a2f85cb9908198accde064713bdc82b471673850ed22

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\redplug.cab

Filesize
7.2MB

MD5
c2471d461dad0397e321322e3532ec47

SHA1
5bf0338e633768f3114f2b7809baff711ff568ce

SHA256
a402e1ad66c069a5917362da6adb0a689271288e98ff2630088dd4eb81275380

SHA512
123cd1fd81beb7ec3635a262921eed9b824a0ffc27af6232910645a30921a79afc96f976e31675f730f1a4301f5c2285900bb6ec91475127061d334532c33c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\scripts.cab

Filesize
21KB

MD5
30a4e33914cfdec94038ee609f85f67b

SHA1
13f1318033e88e43c7ffe5c655d8c1678da33824

SHA256
d0c2b5839cbbeae0b67136bf11c2bb253fb02ca4e9206115e84b5faf5af5f197

SHA512
7191e5827e467b307bfe89453470abf5f4df48d2353018c9b26bd7e7e774b6b3a129f76d7eb16702ac746054b4ab0b94a9513b2ef3c9f85ebd941d109f741326

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sctplug.cab

Filesize
2.0MB

MD5
58efe8e18686538956f665bfb80db4b4

SHA1
0a703b7186214d19c2046aa3552ec51cd054379b

SHA256
06e3abf6fdaa037c128faf94c9cc6781d619fdfab2f5ce8910925f4eafb4ad26

SHA512
b0497d23e4d0890de4dc380a0bf92d8b847c02f97c63324494478836c52d594968b242d0fcdc7912b73e053f1bfbc30e3be6e387888df0b4aa2ee5fb1a785e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sffrgpnv.cab

Filesize
1.2MB

MD5
e97a61f59b5d9a9faa6cf950b6cb69e6

SHA1
536a9d80d5728068b7f60ddcb5fa4c754f7581e9

SHA256
313f87dbd4de26b236736c6364aa6eb6d7e486ec9dcb855f5e0c9de912640348

SHA512
c296dab03ef6d4e6426b59e08e560ef3d6ca010570fd427c253b22e8f091db14429092321d3b8a323bf60ebceb96362c3a95f7b09266a93914aee3dc845511e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfpaplug.cab

Filesize
2.0MB

MD5
91cc20ba424f606daa79f5a72284636d

SHA1
2420d65ba1c6d602c8dd20ef1438baa49bb7f1cf

SHA256
2ec8502a787062c61284065b9600428f89032fce8745bfc748623515266522cd

SHA512
9b7d0e136d4cbf414774c314cdcfc780088d93ebfd4e5ce5a98dbfa6f3befb7bc8cfe52558bc10c6b9373d6913a9769cf2f2377e41ee86aaacd535ef69aaf161

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfppack1.cab

Filesize
2.0MB

MD5
8a9c33b527c031ea38db9ab32e3346f0

SHA1
1e122a100fdca00c859783d26ecba86e0230c766

SHA256
eafa97e73c19cb532075b64a65dd5c79af5e9b7c12c35d70860d24c3449bb83d

SHA512
fe059ed1253b25c25f6b8713c9793e50f3326b1790ac646fe401588cf1d7e81bb5b819d412daf649b66d5884884a8a6c245c2fe6f58d4157484385e218a47663

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfppack2.cab

Filesize
2.1MB

MD5
8b477059d3bb59d1b78d619e666ea971

SHA1
f69c1d8d8bbfe9a85feea80a10f4867331fee93c

SHA256
347fc982ab5aa0172da2551113791351f3eb7e4060eee69e1e763e99d825993e

SHA512
7f22f586d10ce3771d25cb2061cd73db32e9ac15bcd0f9d84fa3c2ed076c569afe260f0c619eecd406ba34074ed37cc9722917f2bc740e41c541914a2c579b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfppack3.cab

Filesize
1.9MB

MD5
32d05310e05a1664d5abcdf220e4e63d

SHA1
151da26229e83b1114a2cc329cada299d0363900

SHA256
6e6c31a6e343c719e44974fb979b15ba23e09c809d92769e02241a68855a33a5

SHA512
83d06fef7c21530257032939ae68bfb348849283693d73cdc9b72be05f1a239e026045a4d36a526bc6e60a0bc8c235773976b64787b64193c5eb71e38f4dfc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfresfilter.cab

Filesize
1.6MB

MD5
9f1b20a1b9d4390c2febeaf99ad9d2f6

SHA1
736a3bcd9bee05370dc52920a501d9fe183db984

SHA256
aa7cd77022b3f9f58efa44d0e3593b59f7f4f96d7e86a38bf38e212578fb1262

SHA512
bd5cf985afe7ca0e406a857b7d21e1001d91a3880c6d7df1b29f13da1b066e3936c5affc9a0a7a10d50dc4f79561593d3dcd364102a791edad41af3fecbf98c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sftrkfx1.cab

Filesize
1.6MB

MD5
c28993b0a9852c054db55bb49b43e167

SHA1
acfe77c3c409fca4d4731b916de6c1b147107beb

SHA256
01b67095a92a093c78bc47b7669b68a68e6885a0f1f9afb749eabf3341b52e02

SHA512
7c59572529dec097492c6664791404246554f662ce7bf9ef899f0dd7d5e87b5123f1e8caf681eb8ff058d8cd05c0f08031a96a89319e025463c7fd83c0906008

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfvstwrap.cab

Filesize
3.1MB

MD5
2031c9b18d6adc2a6d9852f3b2a6a040

SHA1
2cfd3a91842e90018bacf74f44208db6b38a4fdc

SHA256
610f9bd1e8be637a0b0fe4618b91c2da0640a898dbd1ec829949790683e4e594

SHA512
bfa2e3f273b10f43db5bee509f85f597f095cf1361a749accb36269ff802dd9dd0fbced95b2ac5105e131b49caeba24830d353368ea81e5a7c39b4f710c908dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfxpfx1.cab

Filesize
1.4MB

MD5
e0bfb0bdcb2399bcba5bbd070590da1c

SHA1
98ee02157e74d488bc7280605ddd569054fce893

SHA256
c858df38b9d663fa667d537cd05bdd18278f12c4416bc50c1cde22705d19c951

SHA512
41194bb5893c259abc5c2c9620d81eb5ee85c8e66e6ac4e75b1a3ce1a3c99a9651c530d15f6eddde12920800c4bbc7e17f85413be8609e233241cbbdc2144389

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfxpfx2.cab

Filesize
1.2MB

MD5
350e0dcc10d0aea97526d001107cd511

SHA1
79e8eb921d2c294d7eff5fdda1de19291f80a3e0

SHA256
f0715826929340866430f414a640deed290ab6ab2e79750cb08bdd4fdaef9c01

SHA512
27e3b69e517f161bada5464fe2890610126c60bdc83a2a556545d5f0bb55e6a2afca1e10055b0bf6ab4fdb6d62508bd230a804f83f9dd7d37645005a31d1615a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfxpfx3.cab

Filesize
1.3MB

MD5
8f594cddf3839a2285f69eba31f9c206

SHA1
cd66c1f9c6258c6bc2fc476f8d04409b28195a89

SHA256
714c80d2006d05f365d307d599f6053cb3e059214c37707b7c6a1d0d838df9a4

SHA512
5ae6982f54f14a20b7417d282018e1dfc3beca2049ea02dd92258606f29366b3927bf1457fb8105ccc4dd41d0b5a23fea67bbd563620ac051abd26de1a0d2031

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\shuttle_vegas.cab

Filesize
1KB

MD5
fbdd5c5d4936ffe3323603d931c4b909

SHA1
962fec19ee5ab2afb5c4a607b20498979251b674

SHA256
bb7397551440460eb4d6cc96407658f63dd7aefbf24f7dbf306009c390c3da28

SHA512
3dd716b37bd71cd277027e24a19370df902a72d50287375a94c56ac582c95adfeac950f3ec4e58f45dbb60bf609c8b59b2c5ab76f0b022eed0d84b185453bbfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\skins.cab

Filesize
35KB

MD5
e8311fb069e5de5db8608619e976300e

SHA1
e7bc847d6daaa80d152747e435dcce3178d4ff92

SHA256
09c41fc7d26fad24a59172081ebb20225bead2d57bc261ee2cd7d74a4df68f92

SHA512
d0e71e227af112be0ae069f24605667b3c17b46401d9284ae9885ebe075d709f57d27f026f27eea291c152fdb04ea7c13a60d9cd9c7842640a53063db933c598

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonycapture.cab

Filesize
173KB

MD5
7d8648d89ec6e05e6c85b8ea2a91189d

SHA1
0468961920ffddbb3694c53508fe717726e83fcd

SHA256
4caf36595134e7a6967166c4ba3ef3aa2ee72d16add183260ca6f3d853c1c9cc

SHA512
7c8ce685c7d926163c1f5fcfcadc0e0b09e67a227776e963f05c81ca83a61f9bfb62e72414114c7d87d532adfc80a80584a165eae708d201652b7921a5a05812

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonyclrshared.cab

Filesize
203KB

MD5
f7838e80060325551b3da5070f49f23e

SHA1
af180fdd5530b574940d5db142505018e2dfb5b4

SHA256
f7fac7742cfb4732acbbff5ccc233afd117b392d122a4218ef398d0d069f922a

SHA512
eba160747b00c8e76c4192416727ca2de3e67cc4d005da5875f0164b5c994a73ede8ce2cdbb29769232c7d51127b9da3376c6feaf771a018154378269adc1303

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonydeviceexp.cab

Filesize
242KB

MD5
62b4eb166835fba71c18b50b3301ea63

SHA1
0fde0a4a9d14b5abb84ac8995fdc0fc5cfaea476

SHA256
51c01d31881a0ce38828633fda25d6127de75b591cb16052dc423386fbc7fec2

SHA512
fd58c7a44ca2dd76e9ed23858da8b150faad46f0b912cc60fe37c1c98f6ab14a00bab455f072aa520f3b3577e346d262660ca44fc829fe2bea46b86fb6391442

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonyexternalviddev.cab

Filesize
206KB

MD5
b99f4e2844ce81592d85014ea5804213

SHA1
b2b15cb66752164fd514070974e36aaf3cc9efb3

SHA256
7251413ff0284780e5985941fafd50f76d90500206ef94755b39f4b2aa126942

SHA512
fc740f6684f4cb93c7d9348c9331957613b269048639c6316333c584dcdd71d6fdec42531aef204ba77966b9db6425899b6f4ef336fe467f529d2fc97120e243

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonyvegasdll.cab

Filesize
313KB

MD5
bca0d902616c837bf64db9bfc72dc967

SHA1
12e346a4125531a16f9d605aa87f7dad78d84945

SHA256
9039c56c15bde2f4a0a7b06f19210ec5daddaf8a82bcc0d711eac78fab9b9804

SHA512
18606ac5cfc71e2f6172014a5b7bb5ee3eec24f40ee915bb71beffd86df9a42c8af8072827a3ed191df0efa7722bf09f7758d5910c7a570bc0b7cf4b27d3b458

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\stl2plug.cab

Filesize
2.0MB

MD5
8fd67c99522fc625857113e456a3103b

SHA1
fa4ec407b1a07c9980a6974ec1cd7dfd893d425e

SHA256
512dc207e60326f1d278b4e2f2acefac13ad1e379994d194d6908f202810e601

SHA512
228c18ab1a0734176193961be9f5008bc8ce7c74d05d292a37c41be1cb34a0a03a2aaa8b6c84e78e866bf71d5ce49d5573f04cc3fe1706dd0f3beb4199ee1172

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\tutor.cab

Filesize
35.3MB

MD5
7b33eca2ccd5fab1cf0b553ff42f65e8

SHA1
5347bb9b4dd1f8685d6239c08c9b0380c38b408c

SHA256
b07e4291acf328cffbcccb806050125b1d2e4f82c1ecb2b37c32b5b84d49fb4e

SHA512
ef5538eaa0418aca0ba40b9c532eef3df166979c0ba100da075d5ea35e1421973a9102b5941e940da36ded547645a98db9cf0c6ba470a6487d508778688d1a5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\vduplug.cab

Filesize
1.9MB

MD5
691d932f13ba1fe6622e39b60a4a89fc

SHA1
239bb2d1528ff2b8b8c854bea93da4d75089fda2

SHA256
302ce01c132ae917d7d78edf142ffed44a7135f0bf92ef5fa5d07625b7d45729

SHA512
e496a4467f9e4d8e814fa2a194f3651058bf6f943a8512d186b60cbb6f73a47b6e20869c8a2df2437d0d805ba017f66dc6377f8acf7fb22c466e62c2e9a4d89a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\vegas180.msi

Filesize
2.8MB

MD5
94a59313dd9592b79b3b03888167bbd0

SHA1
02f36fc109ddf9fd86924e88938410ea6f7eab2f

SHA256
30e1409e709335647a191c2a6310a5dd8909183577b8dc55168bb8d20fa71068

SHA512
7934b07f2ac3e04594c1235ac4ce72a09cd55d053c23c0ca39b42987cf65f6d3028cb10530e3c8bfcafd1f80fbb452ca899dd545291d8162d06aacafd496d839

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\vidcap.cab

Filesize
4.0MB

MD5
6a9851b06684cf9bdd1036b802e1b2ce

SHA1
98b4183f70e04e14e44a617e4588e77bd4200b37

SHA256
57cb9abbc0cdadbdfc10ac5f08be1ed598741659d2b9d971bb54a8ec0cba1d7c

SHA512
a8be128451ad39a3a63d41d67a4d496e8d6e367138486be1d3f16d42e952c33f6ca82b3e865ad2c63ad7e1710cd315ead03e3dbe129209410786783a2e75775e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\wavplug.cab

Filesize
268KB

MD5
0f3cbc7561f9283deeede1e30dc23f5f

SHA1
b7d2ce377238b1fc86b53c69f551a31801c795cd

SHA256
3bf724745efa5cbc45db52300661e4c66049e770acb990b558aec2c0c028a9f5

SHA512
b997d02c91acfb919058dc605f4ffac84c30810047a68dc9fc2354662d960a80078ad67286da7891f7b141eb0eb93dfb8f26f8d1b9da53d95573626ff55b540b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\wicplug.cab

Filesize
488KB

MD5
d154285db25d6f0aaf69f73c0b3e68a0

SHA1
064791f1aa6d2167b18d3c295f7857a5dc7bb0bc

SHA256
a21126d1ee724ab98de9adb36341a40b3d509c5e5261fe66c9a865686976c6e0

SHA512
421525e888db41c6879bace1fa6054c02efd2a88a2ca62f818850af26ace6a6d0b3e9d6a9faa2f09f17e8081002104700b96b6cd4773118e7cb4d03ee8d40e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\wmfplug4.cab

Filesize
322KB

MD5
b5a8677ae7be53ec7afd0b21a5d5f668

SHA1
15f645cf23dff8bac8962f8ed9747c0d869c954e

SHA256
ed5f8329b3c079e0cd288e5f278f4d21a82850e1e49f24d8728c5dda67bd6fd4

SHA512
551e3a374517057609d5521aed2d19874ea20a100d6e6c990890f336cccb29997ed2bea37d92b4a71b9e8dad654c5ff9d2fb05423269d4df93223a06915b5a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\xpvinyl.cab

Filesize
1.1MB

MD5
143c0ad1f5d1f83ec19f66d4dfcaafbc

SHA1
46ce574dc94a82c7fe15dca9216615b7aa434db9

SHA256
b608e8b8bad4c31d63426b2432f1228637d602aa6549db41f028b59275b82587

SHA512
ad5d96d607b75be8fcaa304e08a0cf95cbd9c3798f0276beca45d455a3577a57abfe7772214b4f1dfe309cb35177e6c67fe29cbd3cb34ace3440d91b47074ebc

Download Submit
C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_28102022-103816.log

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\MSIDECE.tmp

Filesize
1.7MB

MD5
aa6140d90ba59625eff857dc9bf64125

SHA1
1c29f7ab92a4d6175dad72667b6d89a212349e07

SHA256
494d77dadb86b7bc5ed7fa8b6a3cfc16211104cb7a460808dc616118ad693888

SHA512
0e61051634cd825195d1d52f240bfdaefe48a64f9f9403d6e932357ea6020aa70bb1e5344fb010b16cea325c5d3023244587b5e3ddcf155a1dcd6e11e1a9e9f5

Download Submit
C:\Windows\Installer\MSIDECE.tmp

Filesize
1.7MB

MD5
aa6140d90ba59625eff857dc9bf64125

SHA1
1c29f7ab92a4d6175dad72667b6d89a212349e07

SHA256
494d77dadb86b7bc5ed7fa8b6a3cfc16211104cb7a460808dc616118ad693888

SHA512
0e61051634cd825195d1d52f240bfdaefe48a64f9f9403d6e932357ea6020aa70bb1e5344fb010b16cea325c5d3023244587b5e3ddcf155a1dcd6e11e1a9e9f5

Download Submit
C:\Windows\Installer\MSIE4AB.tmp

Filesize
1.7MB

MD5
aa6140d90ba59625eff857dc9bf64125

SHA1
1c29f7ab92a4d6175dad72667b6d89a212349e07

SHA256
494d77dadb86b7bc5ed7fa8b6a3cfc16211104cb7a460808dc616118ad693888

SHA512
0e61051634cd825195d1d52f240bfdaefe48a64f9f9403d6e932357ea6020aa70bb1e5344fb010b16cea325c5d3023244587b5e3ddcf155a1dcd6e11e1a9e9f5

Download Submit
C:\Windows\Installer\MSIE4AB.tmp

Filesize
1.7MB

MD5
aa6140d90ba59625eff857dc9bf64125

SHA1
1c29f7ab92a4d6175dad72667b6d89a212349e07

SHA256
494d77dadb86b7bc5ed7fa8b6a3cfc16211104cb7a460808dc616118ad693888

SHA512
0e61051634cd825195d1d52f240bfdaefe48a64f9f9403d6e932357ea6020aa70bb1e5344fb010b16cea325c5d3023244587b5e3ddcf155a1dcd6e11e1a9e9f5

Download Submit
memory/204-216-0x0000018909A60000-0x0000018909A76000-memory.dmp

Filesize
88KB

Download
memory/308-247-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/444-212-0x0000021F0DB10000-0x0000021F0DB26000-memory.dmp

Filesize
88KB

Download
memory/552-293-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/636-314-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/808-301-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/872-270-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/872-268-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/1084-206-0x0000018605200000-0x0000018605216000-memory.dmp

Filesize
88KB

Download
memory/1472-200-0x000002242DA50000-0x000002242DA66000-memory.dmp

Filesize
88KB

Download
memory/1836-324-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/1908-285-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/1908-287-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/1996-249-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2400-320-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2400-337-0x00007FF6AEDE0000-0x00007FF6B1DAA000-memory.dmp

Filesize
47.8MB

Download
memory/2400-322-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2400-336-0x00007FF6AEDE0000-0x00007FF6B1DAA000-memory.dmp

Filesize
47.8MB

Download
memory/2456-284-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2456-282-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2680-210-0x000001F51DED0000-0x000001F51DEE6000-memory.dmp

Filesize
88KB

Download
memory/2816-294-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2816-296-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2836-261-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2836-259-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2852-204-0x0000021F36C60000-0x0000021F36C76000-memory.dmp

Filesize
88KB

Download
memory/2860-304-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/2860-302-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3084-267-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3120-309-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3160-319-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3232-327-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3232-214-0x00000252F7140000-0x00000252F7156000-memory.dmp

Filesize
88KB

Download
memory/3232-325-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3264-227-0x00007FF6AEDE0000-0x00007FF6B1DAA000-memory.dmp

Filesize
47.8MB

Download
memory/3496-208-0x00000234BD990000-0x00000234BD9A6000-memory.dmp

Filesize
88KB

Download
memory/3500-202-0x000001DFF25F0000-0x000001DFF2606000-memory.dmp

Filesize
88KB

Download
memory/3552-317-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3552-315-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3736-279-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3736-281-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3748-258-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3748-256-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3824-239-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3920-297-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3920-299-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3984-290-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/3984-288-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4036-240-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4036-242-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4064-255-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4064-253-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4100-272-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4268-333-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4336-250-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4336-252-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4352-312-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4352-311-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4424-263-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4424-262-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4424-265-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4432-335-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4432-334-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4520-307-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4520-305-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4712-273-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4712-275-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4764-276-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4764-278-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4880-331-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4880-329-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4880-328-0x0000000008220000-0x000000000826F000-memory.dmp

Filesize
316KB

Download
memory/4880-220-0x000001FE9E2B0000-0x000001FE9E2C6000-memory.dmp

Filesize
88KB

Download
memory/4928-237-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4928-231-0x00000000748B0000-0x0000000074E61000-memory.dmp

Filesize
5.7MB

Download
memory/4928-234-0x0000000007C40000-0x0000000007CBA000-memory.dmp

Filesize
488KB

Download
memory/4928-233-0x00000000079A0000-0x00000000079EF000-memory.dmp

Filesize
316KB

Download
memory/4932-218-0x000001CC0FA00000-0x000001CC0FA16000-memory.dmp

Filesize
88KB

Download