d5866fd43e413fb9002d9f44257292ba6ef459c664d5364d6040b5d195b1ee4e

Analysis

max time kernel
151s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2023, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vegas Pro 19/VEGAS_Pro_19.0.0.341.exe
Size

864.5MB
MD5

71633df0330f63b93f2325281024da55
SHA1

b887377e96399a28e845e46fda04419f52857a3e
SHA256

54cf2ddd57cc5d7a6936471f5ae3a6fb6d67e079245e0d007db70c1c13514890
SHA512

dc4cad00537a9ce0c04b885fcebc8ce1235a5bd4a558a178a292857de94af5b0315c30885ec60ca331f5c20c1da2b799783f2049de280e232fac454b413ee93b
SSDEEP

25165824:EcVc7FTsoHGLgRbigcho7xLM0GYj11+m29JR16:dVc7FTsom8RbiggoNo0GiOm29JRo

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

flow	pid	Process
48	1912	msiexec.exe
50	1912	msiexec.exe

Loads dropped DLL 5 IoCs

pid	Process
1640	MsiExec.exe
1640	MsiExec.exe
2900	MsiExec.exe
1640	MsiExec.exe
2900	MsiExec.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Drops file in System32 directory 47 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110enu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBControl.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangFR.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangDE.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110ita.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp110.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangRU.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangJA.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBUI.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangES.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110u.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\de\AjaVideoProperties.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Resources\TitlesAndText.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BMDPocketFilm_to_REC.709.cube	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\sctplug\sctplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\Sony Video Capture - ShuttlePRO v2.pref	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\Script Menu\Render Audio Tracks.cs	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mxfplug\mc_config_mp2m.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\bdmux\Vegmuxmc.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\spica_resizer.ofx.bundle\Contents\Resources\spica_resizer.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\32.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\stl2plg\stl2plg.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\Standard Layouts\Add and Arrange Media Mode.VegasWindowLayout	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Resources\Filters.fr-FR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\Vfx1.ja-JP.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\38.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\VEGAS Pro 19 -- ShuttlePRO v2.pref	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mxfplug\mc_enc_mpa.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mxfplug3\mc_mux_mxf.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_N-Log.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\fr\ScriptPortal.Vegas.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Resources\TitlesAndText.ja-JP.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\5.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Resources\MagixCVFx.de-DE.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.fr-FR.xml	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\spconsoleopt4.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Presets\PresetPackage.zh-CN.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\fr\ScriptPortal.MediaSoftware.FileExplorer.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mcaacplug\mcaacplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Win64\VegasOfxStitch.ofx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.pt-BR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\BT.2020HLG_to_C-Log2.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\ScriptPortal.MediaSoftware.clrshared.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\ControlLibrary.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\CoreGraphics.Native.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mp4plug3\mp4plug3.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\ErrorReport.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\Script Menu\Remove Letterboxing.cs	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mcmp4xavcs\mc_cpu\mc_enc_aac.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\dbghelp.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\Joystick Profiles\Logitech WingMan Extreme Digital 3D (USB).ini	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\readme\HTML_ASSETS\rbg.gif	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\networkhost.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mxfplug3\mc_enc_mpa.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\External Control Drivers\networkXML.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\vdlxipp61_x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\1.cube	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfxpfx2_x64.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\readme\HTML_ASSETS\release-banner_esp.jpg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\ScriptPortal.MediaSoftware.XDCAMExp.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mxfplug3\mc_config_mp2m.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\redplug\REDCuda-x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.zh-CN.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\34.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\40.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Resources\TitlesAndText.fr-FR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Resources\gui.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\MAGIX Plugins\essentialFX\x64\eFX_DeEsser.dll	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sfppack1_x64.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\Vidcap Plug-Ins\stl2plg\stl2plg.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mvcplug\sonyjvtd.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\ScriptPortal.MediaSoftware.TextGen.OFXInterop.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 19.0\FileIO Plug-Ins\mcaacplug\mc_cpu\mc_enc_aac.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\InstallTemp\20230101101905231.0\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140jpn.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140_2.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vcomp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140cht.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vccorlib140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140ita.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\F_CENTRAL_msvcp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vcamp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140.dll.AF4EABEE_4589_3789_BA0A_C83A71662E1D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140enu.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140jpn.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vcruntime140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\F_CENTRAL_vcomp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vccorlib140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140deu.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140esn.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140ita.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140cht.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140_codecvt_ids.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\F_CENTRAL_msvcr100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI17AA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE4AF.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101904996.1\msvcr90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101905434.0\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e.cat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\F_CENTRAL_vcomp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfcm140u.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140enu.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140ita.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140rus.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101905434.0\msvcm90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101905903.0\8.0.50727.4053.policy	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\F_CENTRAL_atl100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vccorlib140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140_2.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101904996.1\msvcm90.dll	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140fra.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140ita.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101905340.0\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101905793.0\ATL80.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140deu.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\concrt140.dll.AF4EABEE_4589_3789_BA0A_C83A71662E1D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vcamp140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vccorlib140.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101905199.0\9.0.30729.4148.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101906106.0\8.0.50727.4053.cat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfcm140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140u.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\vcamp140.dll.AF4EABEE_4589_3789_BA0A_C83A71662E1D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140_1.dll.DFEFC2FE_EEE6_424C_841B_D4E66F0C84A3	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140cht.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230101101905668.1\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_22d6ba8a.cat	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140u.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\msvcp140.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\1E746BDF36AFBE1108BF0051D5AEC5DE\1.0.0\mfc140chs.dll.F1670FCA_6780_3657_9C04_AF8005AC8143	msiexec.exe

Modifies Control Panel 7 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001	VEGAS_Pro_19.0.0.341.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Microsoft Input Devices	VEGAS_Pro_19.0.0.341.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Microsoft Input Devices\Mouse	VEGAS_Pro_19.0.0.341.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions	VEGAS_Pro_19.0.0.341.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Filename = "VEGAS_Pro_19.0.0.341.exe"	VEGAS_Pro_19.0.0.341.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Description = "Sony Application"	VEGAS_Pro_19.0.0.341.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Version = "4294967295"	VEGAS_Pro_19.0.0.341.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.ATL,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 5b0038002e0056007a00290041005b006900280065002e006d0068002900660078005100400075003e0073006b0028004400540038006500400033003400490068006f006c00740067005d0065002400780000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\119 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\397 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\41 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\123 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\133 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\457 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\71 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\412 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\65 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\87 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\289 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\351 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\411 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.ATL,version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5b0038002e0056007a00290041005b006900280065002e006d0068002900660078005100400075003e00700052005e007000580049006000510075006f00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\472 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\473 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\125 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\589 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.ATL,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5b0038002e0056007a00290041005b006900280065002e006d0068002900660078005100400075003e0072004600390039004e002c00610079007d00370030002d0079007e00460069007000780027003f0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\336 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\ProductName = "MSVCRT Redists"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\118 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\129 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\458 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\148 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\213 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\274 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\528 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SonyInstall_1\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\51 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\396 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\145 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.CRT,version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5b0038002e0056007a00290041005b006900280065002e006d0068002900660078005100400075003e0061005a004f002c0048002a004b00320060004500650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\111 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\124 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\350 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.ATL,version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5b0038002e0056007a00290041005b006900280065002e006d0068002900660078005100400075003e0036006b007d00700048004c004800240053004400650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\2 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\115 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\116 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\Language = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\120 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\523 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\539 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\Clients = 3a0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 5b0038002e0056007a00290041005b006900280065002e006d0068002900660078005100400075003e0059007e00490078005d007d006c00450053003600590041002800370057005a006e0024007e00680000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\153 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\163 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\218 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\401 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\462 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.CRT,version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5b0038002e0056007a00290041005b006900280065002e006d0068002900660078005100400075003e005f006a0030002c0059005d007300210053006f00650038004d006b0062004900640046007700550000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1E746BDF36AFBE1108BF0051D5AEC5DE	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1E746BDF36AFBE1108BF0051D5AEC5DE\SourceList\Media\61 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1E746BDF36AFBE1108BF0051D5AEC5DE\installer_data	msiexec.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4532	VEGAS_Pro_19.0.0.341.exe
4532	VEGAS_Pro_19.0.0.341.exe
1912	msiexec.exe
1912	msiexec.exe
1912	msiexec.exe
1912	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1288	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1288	msiexec.exe
Token: SeSecurityPrivilege	1912	msiexec.exe
Token: SeCreateTokenPrivilege	1288	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1288	msiexec.exe
Token: SeLockMemoryPrivilege	1288	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1288	msiexec.exe
Token: SeMachineAccountPrivilege	1288	msiexec.exe
Token: SeTcbPrivilege	1288	msiexec.exe
Token: SeSecurityPrivilege	1288	msiexec.exe
Token: SeTakeOwnershipPrivilege	1288	msiexec.exe
Token: SeLoadDriverPrivilege	1288	msiexec.exe
Token: SeSystemProfilePrivilege	1288	msiexec.exe
Token: SeSystemtimePrivilege	1288	msiexec.exe
Token: SeProfSingleProcessPrivilege	1288	msiexec.exe
Token: SeIncBasePriorityPrivilege	1288	msiexec.exe
Token: SeCreatePagefilePrivilege	1288	msiexec.exe
Token: SeCreatePermanentPrivilege	1288	msiexec.exe
Token: SeBackupPrivilege	1288	msiexec.exe
Token: SeRestorePrivilege	1288	msiexec.exe
Token: SeShutdownPrivilege	1288	msiexec.exe
Token: SeDebugPrivilege	1288	msiexec.exe
Token: SeAuditPrivilege	1288	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1288	msiexec.exe
Token: SeChangeNotifyPrivilege	1288	msiexec.exe
Token: SeRemoteShutdownPrivilege	1288	msiexec.exe
Token: SeUndockPrivilege	1288	msiexec.exe
Token: SeSyncAgentPrivilege	1288	msiexec.exe
Token: SeEnableDelegationPrivilege	1288	msiexec.exe
Token: SeManageVolumePrivilege	1288	msiexec.exe
Token: SeImpersonatePrivilege	1288	msiexec.exe
Token: SeCreateGlobalPrivilege	1288	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe
Token: SeRestorePrivilege	1912	msiexec.exe
Token: SeTakeOwnershipPrivilege	1912	msiexec.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 1288	4532	VEGAS_Pro_19.0.0.341.exe	88
PID 4532 wrote to memory of 1288	4532	VEGAS_Pro_19.0.0.341.exe	88
PID 1912 wrote to memory of 1640	1912	msiexec.exe	92
PID 1912 wrote to memory of 1640	1912	msiexec.exe	92
PID 1912 wrote to memory of 1640	1912	msiexec.exe	92
PID 1912 wrote to memory of 2900	1912	msiexec.exe	93
PID 1912 wrote to memory of 2900	1912	msiexec.exe	93

C:\Users\Admin\AppData\Local\Temp\Vegas Pro 19\VEGAS_Pro_19.0.0.341.exe
"C:\Users\Admin\AppData\Local\Temp\Vegas Pro 19\VEGAS_Pro_19.0.0.341.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\SYSTEM32\msiexec.exe
  "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi" /quiet /norestart /Liwear "C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_01012023-101853.log"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1288

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2A9B242F26452E589E2174D06C83C769
  2⤵
  - Loads dropped DLL
  PID:1640
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 60678C19DDD905ACDD929C9E8A5AEE6C
  2⤵
  - Loads dropped DLL
  PID:2900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\EULA_enu.rtf

Filesize
27KB

MD5
910c0dac9f0759c1e60aa5b3b1856918

SHA1
963cb5c0ce4fd60c7e9d540c2851fa08f8d9a2f9

SHA256
de61cd4203c56a1b509ed2f6afecba0ef5149a8ff69df002b340ce1a70e8579e

SHA512
8be1a723da41046f58c6ae7236e85a60e40d4e77ebe3c211e148933ba8ff5dcdda771bb54774485e9e2030ac231977ebb0d004214ff43ded689987fb070801b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi

Filesize
62.8MB

MD5
127b7fd8f2cec670e1e80bff6a11066d

SHA1
a9149a81765e824381a476e08e2ac49212297f1f

SHA256
d46f9bf5ffdcab8ff9b2f1fff9ece71081f334070fff9186f4709a29ee98be5a

SHA512
df5fc1265183cab051cc1a3f2cf85ec6f732c70adfd4bc9b7bb6144750c1cb22793b78a0313e65971b92658e603e3eed16b203e8b4a817c812b910d0ec433046

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\Monitor3D.cab

Filesize
914KB

MD5
1f02c41204a2264a35dd77ffaaa6e269

SHA1
a3d5bb3811343e460e75824099c643e8e576da93

SHA256
a8ce4777c2fd5ee7f5e179e8c2a0a7db0853098f678183ce93e841527d8d6b49

SHA512
dd287b136c22b7f6606d26d913707317ca2042bbca1e4ea3e81807ab1b5cc0292b94cce299904c4a80e2da48b5ccfe23f460218687e7eb4a94a430072e1d2039

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\OFXFilters.cab

Filesize
1.1MB

MD5
87ae3401b843a94ebc52076639a833cf

SHA1
558c26faac2559e1ecda8f73f7eed57286970918

SHA256
456a289c386db4c7df1d670557932bce1d8b5582800ff2b6fe52570f4f468ccd

SHA512
af17f1fb80f55ae474010e2d3f2723c4f409dfb438fe3cd230a5fc098d2821a0c07d63f3254b0f25ae32fc24b5ccf914a5816533baf653388bd76261bd183541

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\ac3studioplug.cab

Filesize
1.7MB

MD5
9d1463005134f6db915d9fbf6ce67fd3

SHA1
e7c7647839536cda5ef389cb04cd9bde02a50b6f

SHA256
6f61625473ed159c73ab012fe01dadd830a6cab09e544e4f33021a63e3852942

SHA512
48d1e797bab517644dd626e24ef58876e125707e66f6991544151517de799a0d00b60adb9457c974b316e25c6611deaf89593659a469fbd7002212f2dc9b53ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\aifplug.cab

Filesize
2.1MB

MD5
e9da517d7c9efd97a4de2ce941022130

SHA1
8294420d44db49326ab0e5cc4ac1a38036b1c780

SHA256
e50a140acb5a8b6ee5a8c75b015099e1925ba79400fd9036cd9c57e4ff2e1f54

SHA512
528fe3fb10c00263dfd53129104c91de1a4e3654bd2d56e3e175ecca8f5fbc635c16ec09be154cf713f456924b645a4c4f58085553ab9343aa6e8166b475107f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\atracplug.cab

Filesize
526KB

MD5
9201a7cd0ac97c109c4db35fd0b287d2

SHA1
6c24d11a83c78cbae64f4a1948821fff08fe0247

SHA256
f8f3884dcdb5d540438286494350b935988695dd3e1e40f2c30e36d895dc9ced

SHA512
558383ac8a64a4327e310f1d25183f3e3e57f3167e1dd804dbd40a93c645c6d43e93d31b40b24f561321d89e64d24ea6a70ff585ec09b0f2874f690492d9a056

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\aviplug.cab

Filesize
354KB

MD5
f21deccf243751d1b6afff03a84de4ee

SHA1
90d7586179f3e59085104ed549b6cbcea7852ef8

SHA256
db586d40adbdfb199512b7511429808aeb4b29f301c5e46490925185c6cbf8e1

SHA512
a1acc0efaacbdb3e72d0216c5293103f2957c991909c5a68d4bbce8d83fa5f1eb44a3893faf6015b64e7f8417d8d96216d44925f9e664f62544c9bc0fd030abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\cddb.cab

Filesize
742KB

MD5
da4b7dc8477b507197da8bd7ea3a8164

SHA1
11c857c427c670bd2fd3986190564746e2d13f6a

SHA256
8339e3d7468c7a4f9da621187006efe4a96591e6445d94cf245d5c5c42540122

SHA512
ba80f7dd704f6f41ca000b4d9ea71e2490057aefd7f8fda300bad3098bf2781919fa8b850d214b92ff44fd98573a1d6b89ef6310b8f686b8b670324219df88f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\errorreport.cab

Filesize
6.7MB

MD5
a0624038d1fdc4204656a229e61c2986

SHA1
238d95ee9fb5a41df13711a9dad163ed06b41459

SHA256
f2a606c0869b16403fc61dbd5e1e53fa0128e15c3664e385f352b8b02f023104

SHA512
ee3466ba3d2ca6810e99156c0af34d2ef9f4c8a43e628db94753ee38b86a2222afcaa2f6c93318e80187f45b86564ca7dbf8a64772e1944127c5861bc1acc3f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\exctrldr.cab

Filesize
10.8MB

MD5
ad508dffd0e53129ca1a9a3bc14abfff

SHA1
b506e462282fc1a686e8fd2f8c5fa9e76d2c9118

SHA256
c98f21f4fe7c13769d07336f69378623de1d3ea43e2649d323016e91196974e4

SHA512
ef9048af5921329139494d4c49e35981e6a7c66c9613ac1bc1d7d3512b407a944bf80980ec15adbd1227edd57819ede79eab51b9a1f0bdd77620eebcc9a281e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\extvid.cab

Filesize
2.5MB

MD5
8157b1d547dfefabc4e5d85d0eb9cced

SHA1
6bee3f6bf2eda07270a257d5ccdd3b01a4f51184

SHA256
a95d5bab2d6978f4d9841ea528179408ca8f3af33f52ab81359832db76f237cd

SHA512
79984e19e54fbb701d69080e40a4871a74006d249987d7ef86fc0e3ffca9b6b06ad7e6941b360e6eca666c4697371f2dfeb3f4db101e166e22444b75f474412d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\extvid_aja.cab

Filesize
298KB

MD5
590f847c7611e792f435feee777987b9

SHA1
90236d104fe857153eb58ca748cc88db93f49ecd

SHA256
6e7ace655283c8ce3bb71f908acd683f2e543cf688d97d36bb4c8e364ebb52b1

SHA512
f835aaceec9e39c69cde21f3a41d212b940e58ed5188e1a8dc7c8d335966feb0675d1de7afd800fb302224e034fed03497e6ebcfc4870eff83d647d3f59f48e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\extvid_decklink.cab

Filesize
797KB

MD5
dbd58164a5d0875d08f209cf752ae8b8

SHA1
f765c6bf9ddfaa63fa8791934d281af01f401516

SHA256
f6f0048e24044c22767d17d2fc2da082a998b6e867881d057b3df66b849b55f3

SHA512
d21f2af0d961f9036bb07ffb420353ce9b47046de124e0955a7a4c31dd7560219ff1e535c948a5df0f49aee7f9d6960006c7e1d3b525d2938c963d6bd490131f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\fileio.cab

Filesize
4.7MB

MD5
c9b73fb506b718b307f76a53d262c395

SHA1
c20ededd4bf13cd73566b8cf5f60415c217064d0

SHA256
3d4fa4cb469e48667a6c837814bc667ecc5ca09f912f6b9e42ce6aa4c3db6887

SHA512
9127e088e757e8ebbc9436c545de32a1318be780f7b2878e7575c09b62a37dca6bfecde7848a33881eb687c76e90067067a1411fc64ee790873e39269a7ce92b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\fileiosurrogate.cab

Filesize
1.4MB

MD5
0f4ab409a930d406624cdebb59a1f2c8

SHA1
0e948b09940af4085c82c6d1fd229949294b628f

SHA256
a530bf15d09f946d503b3c6cfb893928664f7a3ceddb2776b660b7d1930c7b04

SHA512
dadb1ab92b1c72b8119c6480965e9222278b4549688443458d6bc566796437fd12d81f8b9a6ed861c2bfcfd812b6774a947a50e4ba0ad406995ada7255652fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\flacplug.cab

Filesize
308KB

MD5
0bdbc535a869a93cdbaccb2f8ee3760e

SHA1
2510174d3f8510cbd66c2db042934c25f66bcae8

SHA256
7290d09f0d4b690a18b2b692df9946199ee72cdffc1123b7e4adee14896d24b6

SHA512
f5abd673a3fca12c9d0661eb5087fd7318cc2a966c9a847375ae2283dcd7bde3627cd5deadb581013217b7a58ec311ded1ab9bea8cfd2135d2c85a304ed4dc2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\gifplug.cab

Filesize
53KB

MD5
2753dcf5040d53411a9d7e02666496bf

SHA1
646db4990151efd5868c7a4858d4de59d12655a9

SHA256
baffdf598f8b682b661f7abeb886b490b3ffbbcfe4dad50edd1a5ded69d5cb44

SHA512
cf1ceb4e65a2fdfa78fb75f9b5ed32a42880da53783e3e09398249ca86f0061f2e57fe1c67ee08c84c72f6d086114925a3fa42003fa26dfda08a51994217ad91

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\imapi.cab

Filesize
835KB

MD5
34ed8dbc3781c61e2b7bc174388cd0b1

SHA1
c87ae4d8b309cbe5e7f441ecb42604400f7331d3

SHA256
ca8a4fe5862f0bfc64110fbd1f79af2451cd330b61570a74fab222ed3f6a2cab

SHA512
f1ab372950395330b8e12d13e73b72372c654a0e125f3c14f08d8beed809a718c2e4e826d47ea5eebd7ff6d29cf966793725c9547847e978cee013ad8418001a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\joystick.cab

Filesize
2KB

MD5
9ed7a3d484ae568c4de52e7a6090e68c

SHA1
2d7097c64faceaa8c01a7fa35ca3d327050d1528

SHA256
7ae216c486e6af165df144ad823d3473def99440a8a1c1e469ea03d0fba8640f

SHA512
a67c8a4a323ff446cfe1e767e71cd7c6e78d9507a7754351f0ea63996a2f09b8fdcbd3f1739e0fe65d571db9951b23f5c1d33c4c08471363c7eb89b7f7217d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\layouts_vegas.cab

Filesize
3KB

MD5
d8ae3a201bd922f1c9ee83d20dc4e77a

SHA1
bc81a960dca8b18cba697365dfd0fff63d7c42d0

SHA256
7c609138fa3f87a84998218ce79547d41ececf20b316651047bb7d22c3b3d7c8

SHA512
663d4bff971e47df5e804956ae9f3d3c34f2e1be07d2388050f0ea52fd7c8a9295e400656f6109136794e069c71468eb26e40a1cdc34bfa2a9ef260e16459e5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\log4net.cab

Filesize
88KB

MD5
4932fc8036a626db0f16e10d3d609b5b

SHA1
2460d406606446cc3e6112a2b3e8ab1f3e0f5f23

SHA256
b05af891214e9347d1e74a693dd36d70c6770a8aeecfbb15a147eeebd2732ae3

SHA512
6e1d8a50094cd358708e707761200da88da3744db7fae1227f641966551e9689e1791a6c3ac1329912a1e14143d1f4db2a8d910f2a9708b095fa40fe392da438

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\mchammer.cab

Filesize
1.1MB

MD5
9be991876cbada04aa31aabefaa16b77

SHA1
1acfcc0a6390539efc68cb43054fecc9464f8ab0

SHA256
882439dc405aa2bc6cb6d889143b4c9c92463cd1b5947e37635662189ee9ada3

SHA512
985f78ed3600b057e04c80a0fab05570b43faaa9357a42e64212c9a925de5ff0c6f157faeacce2fc17977a0d781b683a1d82b31835ea6ce949a07a5e145d2016

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\mp3plug2.cab

Filesize
552KB

MD5
22d502c319cbfd1a05881e0d9bd05998

SHA1
0786c77f8d288531d7a273a9d608527c1ad9b7d8

SHA256
ae4fa91310febada2d0851bbb2b04e3b56cc4a8f68f0de34bb03434416c47972

SHA512
2216b89bd380ad691c19edf9ee688c9c7a12e538ea00347e2b68e4a2b02c5bb0376bea32b39adaa435d83d01376a2dfd6f450c4ed98a61523fff620ff1c4221c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\ngen.cab

Filesize
13KB

MD5
445c80c1e90b240babd5216cfece5302

SHA1
f1aa806dfa5e49e4fbd72760d9fa4d5522f41980

SHA256
8e06984517c16dbd6e46cc9c6a7bbe00694d3f37dea3a9fa7edaf2c6f95f8717

SHA512
115691c4288a11a8131532c2772dd629444b7dcada8a1d1e36b33c36ac5a6ac071ae22d73b8846d79905e63a492739cc9238afd73d88123bfc9564f8d4d0c8a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\oggplug.cab

Filesize
1.9MB

MD5
9d9b34f59e98b55f7b4c6a6a53ed1f6d

SHA1
6751216b4e50d78cbffd59fcfdf2b529089f2469

SHA256
9ca643c7cff3c070b0e260449322e355ca61aac8ae9ad439bcbf226635a80e08

SHA512
4fca2e3ef583536b6cba27ec211819651e687d1866eeae3aa9cc262278b2f9f267907d4863a6ef73eb130f902a339790c62ff0398a984d1286240fc7af8d601b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\qt7plug.cab

Filesize
453KB

MD5
9bca56409d82940bd1904f1ff5d9867c

SHA1
7b20744ed77e4dc22ff71c0bdb1a9e192686181c

SHA256
44f6157e7a00631a8bab7111f22985b5a9d65982a4c7223a05a0704ba232a9eb

SHA512
117851d0826d7f921d58d76a0bd94c440b9689afad5f60cf6324c27974f55338f93506f8886acfbfb4b574341b25ddcf8e6c525fc487262abb25baf468f75cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\readme_vegas.cab

Filesize
57KB

MD5
1230da19002c5fe34e5a2153ab9a65f5

SHA1
a4f8ccd667960df6a836c3ba30f8bdbb056eb507

SHA256
743cf7b801d8f047db9cf449348a7754ed3bf389e60ed17411cfd4150302e463

SHA512
87a4ea74f6612fb14f1aae0147ef7ce6b9d9fdd51e8cf4ed5efe64b7c1dec8ce89ce9f16a57432e76a4e24293cf74793be0e08697db22a4f5082f72eafe5ab7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\redplug.cab

Filesize
7.2MB

MD5
db543c9a176fa030bbd3dd062fbdbb23

SHA1
46d3cad73f8e014a3a89c505e18ce1ada04ff73f

SHA256
796e217bb7536139aa39b8f59fb0cf9bc0a81f618ebf94ff33facc3f747d4fc6

SHA512
7c4024fe028811729ce082fcbec220830016cd0fd916cd653749be78c28a478e6d0de3ef0e39831d02eda6fc141214e302526cb327f649bd68fc5d7a4ba818f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\scripts.cab

Filesize
21KB

MD5
71ecf9184f58f7ccc2f33a749637ec34

SHA1
dce342e115f92939663b1e81f0c7b6345923f5ef

SHA256
f3460a93dad1ba41415a80c887573baf35ed92371aba8c2e2e2c1d7e049d1d24

SHA512
8ea39f696d45c11fa63613e29004a60a6cc020f74ae1b966136f566b16ea81ff672a12afa2cf66d4c7b6731fd3c01dc7dede7133b1797c621f367087842496b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sctplug.cab

Filesize
2.1MB

MD5
6dec87f0a211970c79203e6c36e53c58

SHA1
62009084cb7451346dad3079d23608a4c10e05b5

SHA256
7b001bfce803d49776ed2f33a694557999aa9bf24012bc503330a2780de99d37

SHA512
93ac4e940ed0686372dc896d72891fe5b86d0115e98bc821794baa03c534ee43f0d4746cc573315445448cdcb9e01d8875a87268735e14a0710cee0388260604

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sffrgpnv.cab

Filesize
1.2MB

MD5
1fb74222b692b6bf3d8b1c1dc40f3086

SHA1
8abda4a152e849031e17935e0e95036d69a9aaf1

SHA256
3e83859c51e986258fc5e32fba09703cdaf438fcfea1600951f5c17544de95fb

SHA512
717d885d7837cf92bacc51cd453aaa705799c40a36ee013cc02518c727e7c3c979d2aa84bf13817ba63740b1f063874d60f7b7bcce55cf2800781003fdd8ee10

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfpaplug.cab

Filesize
2.1MB

MD5
b8c4ed9273085a03607d6f8432db422b

SHA1
e3073ddac0e958d15c6af408a68a02ce9b1d625a

SHA256
d28d9bf871f8dc523ec7df00f94bf889e141c81ad2dd7f32f38ddd20622f81ac

SHA512
10a32882a69665efbfbefebbd6dd960c97d2064f1a229a79f6c53b818d6684aa8b0fe535dabd3eced0ebd7e22100bd08f28e4252c99f61cb2eeaa15b7cabeff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfppack1.cab

Filesize
2.0MB

MD5
d9ed2ea7260f7770e7088af958718924

SHA1
6ff2dea6e51a42fefe4227e889c2f3f288edd936

SHA256
433bb1a9b36d27aa1b62bb8982235486b7416077a32db7a7151f02305996098c

SHA512
f1d4602ae2c353aefd5ae25990af6183723f4967e65b929c9b2270da250f4fa31340c7cc93c5a216db84bfa0128dd5695d67e8bba4f7fe6fb7f9112589e80769

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfppack2.cab

Filesize
2.1MB

MD5
75f10fa2de49b88dde7046640f0aa020

SHA1
ab3bafa32afaadee52105a8599e6d5f3441cdcb2

SHA256
a1c9fc7429119d104c55ec6f1aa35a383a8a37fc83b04c0c206fbf903cb23a03

SHA512
e036b13ba249b6a6ae8a49293e3da5733b15eed68905750e7a4daed6c4604cffd90faaf31009dda082cb93107ea63244225254ba1be4d1d94f4a8ff961747eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfppack3.cab

Filesize
1.9MB

MD5
aa7d3f0c7e69beff47e284fbe0ba8df7

SHA1
c367dc20e85f5f29f5d56ddf84ad99f964dc01eb

SHA256
2c5ebd36a747960e09c104b1930b6e38f7685879aaa88b9ef08517150dc26121

SHA512
112eedb70057107f4565b332312341ec117959bd176aaaa9900a0138fe926506f1178273e5582784c1624628c8322aff83c304d6b867a6fa2458a41f4d0cb04c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfresfilter.cab

Filesize
1.6MB

MD5
a216980370b04804c04797439cf109c8

SHA1
60993484f429e8458fdeb42abd6ae6f6f4f3268a

SHA256
2d0f8d59fe5503cee8de08bf914605da91bb3ad417f99ce24f025e97b2bd0cce

SHA512
4c348954fd81c5c9644019a42a077e5cddcae0a9569abae3f8f0e410572d2f320bb47995a70a434cb6e66eb4b87520a90bf9ead44dc788500a224ce7bf4c59de

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sftrkfx1.cab

Filesize
1.6MB

MD5
750f4fcd2598384b1a91d48da42c7906

SHA1
1a2f4cbf188d1c4201ab377b9916d1e009f5fd5e

SHA256
4a2560a7edf56b6a1ce36911c6e1e44fb77f2a74aa33894bad2b4ded7ce6b2c8

SHA512
04af3250f5290cb0c818c954570cf4d4dc31d7d02e0e40f58e7d520e5170a9fbc0437e958fbd46a384489e52ed85124278e7cc821c34c9a314736161cc89c9ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfvstwrap.cab

Filesize
3.2MB

MD5
279cb3b0f61e6dc7f477539c579fe366

SHA1
e10cd92e29b906970ebb2b1647c2cda342c012e2

SHA256
9b2a0e72c6dbff19ee14dc147e7723add0568c6592058e462e070b7edac2228f

SHA512
e312047ed82b511afe8d0885903349b051f39b28848c45599b56cb9d40bc78a13175f87d43fe5563c7299b5645a2ca4879d08fa754ee473ae6ea9b1fadbd3e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfxpfx1.cab

Filesize
1.4MB

MD5
76aeffdc59b58093c3c929b29ef9af4a

SHA1
91e23750c83d399b9cd37f48788490a4d2cbe1a3

SHA256
26fd7c44190565c987e56959de0ee46258e1ed06981b483280a00805ff6a2c5d

SHA512
36dba3862c019ec3dcb4a983208c32cc8477146ce0293c7d4cfa442d6e5b0b59cf2948cf5823c489db46db4910f68d3c723cca8259a402dc132949364a83c65e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfxpfx2.cab

Filesize
1.2MB

MD5
05c767db387ea6508f9e478eccb4cc8b

SHA1
4eeffc37e4037fa4c7fb47c02ed362b24aa095b4

SHA256
dcabf3b2d9dbd9c774426f38d16001ff7f883fa710f0f75e860f92ecf88e0d92

SHA512
cf61bfb80dff9163061a730cab0d417701234b1bbc1e9a235f8934297e3497f55c5615e41ef2f94861bc277634b8fd0150e1ce6adc0bf8638999e4ef9dff44c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sfxpfx3.cab

Filesize
1.3MB

MD5
f2ca8e2bfe7bd419269ffb05c12a8e0e

SHA1
1e77748393976b337dec4f0d0a6e74f25323b1e2

SHA256
5b4d33884d17e55e18782f55063af892864ff50312bde289d3bf58e1d637c65d

SHA512
fe91cff3f869928085887e55fcbc8f19d4b63c13589562aea9151c77dd22bf0cccc0e368d6f2249953fcd4b205bc2a8c0d245be15f4f4d2c72a69f801678567d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\shuttle_vegas.cab

Filesize
1KB

MD5
21fa6b6370c1fefd1af629627a9e8f62

SHA1
93409848fe66ceb18d4c43ece8786cc7ae431c9b

SHA256
2b26dd6172e23dca733a7792349b625d557188fcc859721931b77bebbd6c34ee

SHA512
bf1b12a72a47e636b0ed5735caffd4eccaeb7151ea13fe38961cb43ccff52938c266d62d7b5d406c2d962478ac90d80889b77137e177768caf99c20430c1c257

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\skins.cab

Filesize
33KB

MD5
d1a5555c7e783eb527ed1f47155a4fe3

SHA1
82a653c7745c0096a8aa31fb64902f0a8978ed47

SHA256
0c0c5c9777f23b04569d7c061f5bcc47de67fcfda1e31451d6b7f5685c356412

SHA512
243d990ec3268adaaf7be5be88711262543e227ec151d290fd6a93f8956f1e4beb146a10152a6a87c796e50b7bb419508bf0af89b1f6bb8e4454e760c96da120

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sonycapture.cab

Filesize
143KB

MD5
183f718580a7febe7cecb25ce0bbe9cc

SHA1
33d050a8eba23fcfe689628d47f63bdce18f8539

SHA256
9537302c03136a97f2a14116d2a264665b5cd8cc5c1a59670069d4d0b9fa672e

SHA512
1c6d51f4ff6a5dc32d61f4a41414095d32dde6315c0beb6aad0ffbfad9c978d1b37a5bd0a17423a9bb2b5a51299bb4e7ecbab36232751e9c8fcaa4b8186f873c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sonyclrshared.cab

Filesize
199KB

MD5
2e01331c8d9214c1826eb6dd669686b0

SHA1
0bb7e4c41e8cf48573d303ed270d177faf44bbdd

SHA256
208350fe186f83617479e8729fbc89e33c8f8103c6702d18c974f807a68d0c60

SHA512
741958b536919a0b7ee7733fa3b0d812b4b5f521bcd5ff5848f00c9b797cdb688f5ee3e6ae05f81729b71f4d616014e2eb7b59dcf8cacc9a4216dc75f2f794dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sonydeviceexp.cab

Filesize
213KB

MD5
6faeef131cbe3bfe4d50fd2a760af014

SHA1
0566847d42aeaf3a9fd9bd6713d003695331c4db

SHA256
611c4119324f16a468caf66d2924909df76d95cbcbecd2541406df9459af889a

SHA512
1d39c3f64cebfc1dbf8de7ecca495da23f1dac98be3426252a81b503799495dbc0b215948852cdaf5b8b26d2d08986d4a4d745efd961daf90366f2e454dce1b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sonyexternalviddev.cab

Filesize
204KB

MD5
f5282b4ebfc08099f3daaabbc0c4edfc

SHA1
c93d445b7bcc39cc5fecbe9ccbf780471b90b6f5

SHA256
d997c58b2f3971ad411d57917018e5c0106b57074eda7f0d74f887ee35c398e1

SHA512
df39550292b2f330d508f58db76fc91142f8b1beda853b71219894a194f4efd544a8939fe96b470a760550914e33d3f6343435b4a7be021558868b37e5c09e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sonyvegasdll.cab

Filesize
336KB

MD5
e3a4d414c75472fd4cb3de86b94d1e76

SHA1
f2040e5c1d41f660e98b57bf990fb95a0097f971

SHA256
7790ab6ebf52a8e982f86b7affea9cd9886a787051d35df9b69d6660f50fc07f

SHA512
94c82303968f2a5eafb91ebdf97c089b09f692d93d057c48a6943a6995a8156f88b633dcc6ac2f19691ab1e465af4a4caf514765a2dcb5e6c2066432793df47b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\sonyvegasslideshow.cab

Filesize
133KB

MD5
42ecdf03436e70fbfefd7e24f27b2b17

SHA1
c89125651d638e615e986ae65f94b76421961dc2

SHA256
a3c21bcd84d7f1476ddedd4efa454c30babbe0e441a9789957c36ca290b1e027

SHA512
926d6939896c72981d516dc7866cc58eec872fda74fc28a84f0301aa8224a172eb89e46148564693785a3e9b3cfe9cc5e4961bdf13556fed9346807d6db1b444

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\stl2plug.cab

Filesize
2.0MB

MD5
d134ecd833462f683403c00040cb00d1

SHA1
7dcd7f7a6e42bb3e3c5bcc7b5aabbef966e04c8e

SHA256
99627d1343090f943b674262ebd3b9af1b3a5338ec32bf6eb6fd65a920acdb3c

SHA512
889a4bf814f15afc3b5934e28c5e816e692e39e34b6f8f091ed90a57386c55bb5ec874d9b4bd659781ee4738668c41baa8af042efadf71339a8502e86401525c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\tutor.cab

Filesize
35.3MB

MD5
2a2f40d0aa9f59121ea62fc90d47891a

SHA1
cc188b6a725780ead589e1bcefdf2a3546ca1923

SHA256
85d172066ea72ae812648cd2562362a5496f929e68067c3926cc0599440c2d16

SHA512
b0b17419eebe9671b07668b7dc20682cccec013f74aea5e241cb73f1443ca06922833bf6f7c6255ee2b4a4dcf3e0fe36838087f11447676b94ab18e3f6707633

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\vduplug.cab

Filesize
2.0MB

MD5
96f4678d361a5e6a6631eadaeee45ec8

SHA1
6ec46a5cbcb8a16a4a0ed0806022b684acd506ac

SHA256
7b861c292221a211117da2ff88ae77a6b876e0a5563ab0b73d264e79c278f9c0

SHA512
0977867bf45d437ad6215221981116df1085af3027d4b575ef38e5a6579cfc0d8a68f155eab4682459e04dfc4ecf3d1bad99ddbaf12db102df92ca27dda408d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\vegas190.msi

Filesize
3.2MB

MD5
160fb19c7d486bfed3032b38de92d266

SHA1
529d2878fe3c34da417d66bb0cde08b7b8e5aef5

SHA256
4be92d9ede913f330fbec7e2b74b67d4abfff9e0c8052370261f38967a04e63a

SHA512
44e6dbaacd48863af7d11ea7be5cf5c0a0955031d3a162c83ebc2861b25743de073ea2600a14f3df29f689b662f40cc127cc2b5a5d5a25e40c319df55f96ad46

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\vidcap.cab

Filesize
4.0MB

MD5
5908632772fabdc6dd69f6059be72883

SHA1
6ede802370db986415b5786aea34ae493aef9111

SHA256
80b24a65ce67cdd7f90f4a2982af9adc4834b42f82f9377b3bc7ccaba2c7ad6d

SHA512
0b76d54e2cee2c10bac11c13f6435e871bf150ee1b124b6fe0bfb515b58ced0d144c24bc389b0bacb63dec4e0b59e51b3da0ff5303e88cd18207111518e4ddde

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\wavplug.cab

Filesize
266KB

MD5
7fde2c0673acd3a3d4c57311f295a1a7

SHA1
517b77028c3f3485b7ca74de430f0ef3d381da2c

SHA256
5af598d3ee3314838e4cdeda2426988395c98391fab897ad8e5f02344e565083

SHA512
1ffb8949dd5bf1fe21957264eee997ac0c482e23253402904cd4f0e5fd826cce2881cad376da0fb2db5b63e6633c12a0b23618dcd4a618da8982b9cb5a25c296

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\wicplug.cab

Filesize
486KB

MD5
08bd286dc19ddf3a1cbb6fc3931a7a99

SHA1
c3faeda876d087c135f0c97dd983682cdfe45282

SHA256
61e7275e239650c4ea9501a0e5e7651cc6deab0ce6967be7e03b98b8923e7ac2

SHA512
c2547833fc1e0e8059bd20b8b1e9b698350c95322a6840ac5348cf9d9ede9e221befcdaa83e52ac937455b00a284f4ca15c536d40b9d76917c3960e1932a2698

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\wmfplug4.cab

Filesize
320KB

MD5
ee281da51715ffbe7f45fc395dc9cafd

SHA1
05b592148680e02121980349ea3e68cab90e4468

SHA256
e303c2b77f73a483ea7866c3c6e50cd83dc5543c749b2a295375f00afa477cdd

SHA512
a43fffe24aea10392501380e0b8976163585fb6724f02707d677f70a314d2acd6396122d946e446f39787cdf76c03ad36fcdfe6cace373b0b683241f0652f923

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas190\xpvinyl.cab

Filesize
1.1MB

MD5
f2bbb353a86f896a6ba73dc551f39dcd

SHA1
1f4e1993445def3dc071a3b279584a7e4d20ab2b

SHA256
7ce33cb85a0a8c39ee8c1e8a9a4fd3d117b89af78e4cf916a03fa272ab52f109

SHA512
a457fc5d5a7745b6a8b1de9cd049eccd7df5ddfde625dad586cf531a0bf7a2b92815c357ae317f473568ee64281bd386a8b750d8bb902f33ac09b774113cfe70

Download Submit
C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_01012023-101853.log

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\MSIE4AF.tmp

Filesize
1.7MB

MD5
beac8693a2cc003c2609b2b69579d82f

SHA1
6e81ae73fc05a372e282794d9b47a0f98b18894a

SHA256
e1c19ffc7d4c2521c385ed22955152b49d78cd19bbeccee36b3886a2262c5b14

SHA512
9f66748a506ea4bd2ad3d72a924f5471d0c9b039cfffc9c38e5c52b7741cbb7661047259bf984984a4c6e2bb6460469f1c83d555f07db7d347bb3fcd6a0a591e

Download Submit
C:\Windows\Installer\MSIE4AF.tmp

Filesize
1.7MB

MD5
beac8693a2cc003c2609b2b69579d82f

SHA1
6e81ae73fc05a372e282794d9b47a0f98b18894a

SHA256
e1c19ffc7d4c2521c385ed22955152b49d78cd19bbeccee36b3886a2262c5b14

SHA512
9f66748a506ea4bd2ad3d72a924f5471d0c9b039cfffc9c38e5c52b7741cbb7661047259bf984984a4c6e2bb6460469f1c83d555f07db7d347bb3fcd6a0a591e

Download Submit
C:\Windows\Installer\MSIE9B1.tmp

Filesize
1.7MB

MD5
beac8693a2cc003c2609b2b69579d82f

SHA1
6e81ae73fc05a372e282794d9b47a0f98b18894a

SHA256
e1c19ffc7d4c2521c385ed22955152b49d78cd19bbeccee36b3886a2262c5b14

SHA512
9f66748a506ea4bd2ad3d72a924f5471d0c9b039cfffc9c38e5c52b7741cbb7661047259bf984984a4c6e2bb6460469f1c83d555f07db7d347bb3fcd6a0a591e

Download Submit
C:\Windows\Installer\MSIE9B1.tmp

Filesize
1.7MB

MD5
beac8693a2cc003c2609b2b69579d82f

SHA1
6e81ae73fc05a372e282794d9b47a0f98b18894a

SHA256
e1c19ffc7d4c2521c385ed22955152b49d78cd19bbeccee36b3886a2262c5b14

SHA512
9f66748a506ea4bd2ad3d72a924f5471d0c9b039cfffc9c38e5c52b7741cbb7661047259bf984984a4c6e2bb6460469f1c83d555f07db7d347bb3fcd6a0a591e

Download Submit