3988557312ceca76bee86e2df0c34f2cdc7b2dc370846ba8390ae1d36d61e900

Analysis

max time kernel
153s
max time network
181s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12/05/2023, 19:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

693.2MB
MD5

1afd68147ac485753917930116210a40
SHA1

8c8deec48a8a7c3d4e5af8e26e8b3d09decad08b
SHA256

3988557312ceca76bee86e2df0c34f2cdc7b2dc370846ba8390ae1d36d61e900
SHA512

4cd02d60b7f30c7b5e08e312330342c124c9fb4cda01ba99e8d765a4040ee7832760a25c1d9e32a5e5a3a4521a4bd2c2a75a6b48395f32da1959f2117dadeacb
SSDEEP

12582912:bGbk9hNMUyBXnkRSuLBCF8WwX2VX0I/wY3jCMQRoMCb+RSGcYHqEtZF8:lM5XnVTSX2VX0I/fjCpob+RSGdx8

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
11	1028	msiexec.exe
13	1028	msiexec.exe
15	1028	msiexec.exe

Executes dropped EXE 3 IoCs

pid	Process
2440	vegas180.exe
2560	ErrorReportLauncher.exe
2988	vegas180.exe

Loads dropped DLL 64 IoCs

pid	Process
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{824AFE10-2098-4254-B2C3-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1010333D-5114-41CE-807B-4483785EEF84}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB0F363-3A6E-485D-B39C-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\mchammer_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F24-196D-11D1-B99B-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5FF5B4A1-858F-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DE-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F59DD74A-14E1-11D2-B3B2-00A0C90642CC}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{74D54F5E-CE55-11EA-BD9E-00155D43CFCE}\LocalServer32\LocalServer32 = 5a0067002e005e004d00480061005000690028002b007400640068002900680072006d004f006b0069006e007300740061006c006c00650072005f0064006100740061003e006e002d004b00730044004800610050006900280068005d00660068002900680072006d004f006b0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA1-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224541-6F92-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986922-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65A0ED34-90A1-46F6-99B7-00AA006BA2BA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA1-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{40986926-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1010333D-5114-41CE-807B-4483785EEF84}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E1-6E21-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe

Drops file in System32 directory 51 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangES.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp71.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110enu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBUI.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangDE.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangFR.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110rus.dll	msiexec.exe
File created	C:\Windows\SysWOW64\DLLDEV32i.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr71.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110cht.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangJA.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr70.dll	msiexec.exe
File opened for modification	C:\Windows\system32\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBControl.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangRU.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\redplug\redplug.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Resources\ofx360Stabilizer.pl-PL.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\ru.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Microsoft.Extensions.Primitives.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\so4compoundplug\SonyRawDev.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Joystick Profiles\ReadMe - Joystick Profiles.txt	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\gnsdk_playlist.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Resources\VegasOfxStitch.pt-BR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\30457.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\30468.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\Protune_Flat_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\V3_LogC_1000_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\External Control Drivers\spmackiectrlopt.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcplug2\mcplug2.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Presets\PresetPackage.de-DE.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\gnsdk_video.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mp4plug3\mc_cpu\mc_enc_aac.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Bitmaps\CUnlockVersionDlgGeneralControlsBig.ini	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Presets\PresetPackage.es-ES.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\9.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\fonts\base05.otf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Video Plug-Ins\PluginWrapper.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\bdmux\StatusCodeTable.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\30449.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\30454.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Limiter\[Sys] Rock Clipper +6dB (Soft Transients).efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Phaser\[Sys] Spring Fx.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\V3_LogC_800_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\snapshot_blob.bin	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\sfpaplug\sfpaplug.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\atracplug\atracplug.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\es\ScriptPortal.Vegas.MobileSync.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcaacplug\mcaacplug.map	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\e5400a06c74d41f5b12d430bbaa23d0b\mfxplugin64_hevce_gacc.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\TremoloPan\Default.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\VocalStrip\[Sys] Bright Snare channel.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_cs_CZ.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\vegaskor.tut	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Audio Hardware Drivers\extvid_drv.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Gate\Default.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] Analog Feedback.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\sl.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\swiftcapture\libEGL.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\ffmpeg.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\RegModule_x64\mpeg2_x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Win64\VrDualStitchCpu.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\15.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Crunchy Guitar.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\Log2_48_nits_Shaper.RRT.DCDM__P3D65_Limited_.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\pl.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\wmfplug4\wmfplug4.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcmp4xavcs\mc_cuda\mc_config_avc_cuda.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] Delay_Digital_Ping_Pong.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.zip	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\discdrv.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\ScriptPortal.Vegas.MobileSync.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Resources\MagixCVFx.es-ES.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\29483.htm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\pt-BR.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\fr\ScriptPortal.Vegas.Slideshow.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mp4plug3\savce.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Microsoft.Extensions.Configuration.Binder.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Drum Buss Ambience & Fatness.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Try_On_Drums.efx	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140chs.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\msvcp140.dll.AF4EABEE_4589_3789_BA0A_C83A71662E1D	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230512221338397.0	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA7A3.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230512221338678.0\vcomp.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfcm140u.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\concrt140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB405.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB629.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfcm140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140deu.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140deu.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index135.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index13a.dat	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140jpn.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140chs.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230512221338631.0	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index138.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC3DC.tmp\Vegmuxrt.dll	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140fra.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140ita.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAC88.tmp\BdmuxServer.exe	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcomp140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140fra.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB6A3.tmp\Vegmuxdw.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\concrt140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcruntime140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index13b.dat	mscorsvw.exe
File created	C:\Windows\Installer\6d4bf9.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140fra.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140u.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140ita.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index13b.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index13c.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140u.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB481.tmp\Vegmuxmc.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140kor.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB839.tmp\Vegmuxdh.dll	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcruntime140.dll.AF4EABEE_4589_3789_BA0A_C83A71662E1D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140u.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index137.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index140.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index13f.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20230512221338491.0\9.0.30729.4148.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230512221338553.0\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_22d6ba8a.cat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\concrt140.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140u.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230512221338678.0	msiexec.exe
File opened for modification	C:\Windows\Installer\{75111FE1-CE55-11EA-8B12-00155D43CFCE}\sfa.ico	msiexec.exe

Modifies Control Panel 7 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\Microsoft Input Devices	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\Microsoft Input Devices\Mouse	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Filename = "Setup.exe"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Description = "Sony Application"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Version = "4294967295"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001	Setup.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0528CE3-F67E-11D2-8F8E-00C04F4C3B9F}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5F6A239-301B-11D3-B030-00C04F4C0826}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBF37B9B-2F4F-11D3-B02F-00C04F4C0826}\TypeLib\Version = "1.0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4BAFF02-F907-11D2-8F8F-00C04F4C3B9F}\Insertable	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{EE38CA88-D78E-4BFB-B05E-577892730C83}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedMany = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CDDBControl.1\Insertable	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{12BCE7CD-A274-4B4A-8E38-C786ADFB94A4}\ProxyStubClsid32	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 40003d00780035004e004800610050006900280050005800640068002900680072006d004f006b003e006c0028006d0043002d0060003d00530052003600510038004a006100360021006d007d002400660000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DFEF3E96-F1D4-47CE-A429-2CC8C10DFDB6}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbExtData\CLSID	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4BAFF01-F907-11D2-8F8F-00C04F4C3B9F}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4BAFF02-F907-11D2-8F8F-00C04F4C3B9F}\Programmable	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B67BD60-1238-11D3-8F9D-00C04F4C3B9F}\ = "ICddbTracks"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A23B-301B-11D3-B030-00C04F4C0826}\ProxyStubClsid32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B4B4E52E-D5F1-47A4-84AE-4F01BF37E1D7}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1EF1115755ECAE11B8210051D534FCEC\joystick	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Input\IsRendered = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000A-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0528CE4-F67E-11D2-8F8E-00C04F4C3B9F}\ProgID\ = "CDDBControl.CddbDisc.1"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0528CE3-F67E-11D2-8F8E-00C04F4C3B9F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\SourceList\Media\119 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.OpenMP,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 40003d00780035004e004800610050006900280050005800640068002900680072006d004f006b003e002a00560056004b0024007d00500032004d003700350044006d004000640047006d0077005000450000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\Pins\Output\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0306D2A8-B7E2-4EA2-ADC6-78F80D65B1E2}\ = "ICddbID3Tag"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F7B9B77-62A7-424F-9650-AC8B204B72E4}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\SourceList\Media\110 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\Pins\Output	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4541-8339-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\Pins\Input\Types	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Input\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbFullName.1\CLSID\ = "{BBF37BA2-2F4F-11D3-B02F-00C04F4C0826}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8B67BD60-1238-11D3-8F9D-00C04F4C3B9F}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1EF1115755ECAE11B8210051D534FCEC\OFXAI	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{607682E0-6E21-11D0-AEBC-00A0C9053912}\FriendlyName = "VEGAS Reverb"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\Pins\Input\Direction = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\CLSID = "{260DF3E1-AC77-11D2-9E93-00C04F68BE44}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}\Pins\Input\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0F56-11D2-9887-00A0C969725B}\ = "ExpressFX Noise Gate"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBF37B97-2F4F-11D3-B02F-00C04F4C0826}\ = "ICddbLanguage"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{01894669-BF86-482D-8FA2-BC0C7FFB1D38}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}\Merit = "2097152"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Output\ConnectsToPin = "Input"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB7AB3FF-EB55-4B40-AE1D-80ECEFA32E17}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5550702B-8DE7-45A1-A530-ADCB51AE36A7}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8F918803-57F2-480A-9BF3-3B68F46C5B82}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AB7AB3FF-EB55-4B40-AE1D-80ECEFA32E17}\ = "CddbUI Class"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBF37BA3-2F4F-11D3-B02F-00C04F4C0826}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF1A9403-6CA9-11D3-B053-00C04F4C0826}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3904A18E-9F03-430F-9D80-D8FD9267DDC0}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\SourceList\Media\6 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	Setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	Setup.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1104	Setup.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe
1028	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1864	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1864	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeSecurityPrivilege	1028	msiexec.exe
Token: SeCreateTokenPrivilege	1864	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1864	msiexec.exe
Token: SeLockMemoryPrivilege	1864	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1864	msiexec.exe
Token: SeMachineAccountPrivilege	1864	msiexec.exe
Token: SeTcbPrivilege	1864	msiexec.exe
Token: SeSecurityPrivilege	1864	msiexec.exe
Token: SeTakeOwnershipPrivilege	1864	msiexec.exe
Token: SeLoadDriverPrivilege	1864	msiexec.exe
Token: SeSystemProfilePrivilege	1864	msiexec.exe
Token: SeSystemtimePrivilege	1864	msiexec.exe
Token: SeProfSingleProcessPrivilege	1864	msiexec.exe
Token: SeIncBasePriorityPrivilege	1864	msiexec.exe
Token: SeCreatePagefilePrivilege	1864	msiexec.exe
Token: SeCreatePermanentPrivilege	1864	msiexec.exe
Token: SeBackupPrivilege	1864	msiexec.exe
Token: SeRestorePrivilege	1864	msiexec.exe
Token: SeShutdownPrivilege	1864	msiexec.exe
Token: SeDebugPrivilege	1864	msiexec.exe
Token: SeAuditPrivilege	1864	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1864	msiexec.exe
Token: SeChangeNotifyPrivilege	1864	msiexec.exe
Token: SeRemoteShutdownPrivilege	1864	msiexec.exe
Token: SeUndockPrivilege	1864	msiexec.exe
Token: SeSyncAgentPrivilege	1864	msiexec.exe
Token: SeEnableDelegationPrivilege	1864	msiexec.exe
Token: SeManageVolumePrivilege	1864	msiexec.exe
Token: SeImpersonatePrivilege	1864	msiexec.exe
Token: SeCreateGlobalPrivilege	1864	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe
Token: SeRestorePrivilege	1028	msiexec.exe
Token: SeTakeOwnershipPrivilege	1028	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2440	vegas180.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1864	1104	Setup.exe	30
PID 1104 wrote to memory of 1864	1104	Setup.exe	30
PID 1104 wrote to memory of 1864	1104	Setup.exe	30
PID 1104 wrote to memory of 1864	1104	Setup.exe	30
PID 1104 wrote to memory of 1864	1104	Setup.exe	30
PID 1028 wrote to memory of 916	1028	msiexec.exe	32
PID 1028 wrote to memory of 916	1028	msiexec.exe	32
PID 1028 wrote to memory of 916	1028	msiexec.exe	32
PID 1028 wrote to memory of 916	1028	msiexec.exe	32
PID 1028 wrote to memory of 916	1028	msiexec.exe	32
PID 1028 wrote to memory of 916	1028	msiexec.exe	32
PID 1028 wrote to memory of 916	1028	msiexec.exe	32
PID 1028 wrote to memory of 980	1028	msiexec.exe	33
PID 1028 wrote to memory of 980	1028	msiexec.exe	33
PID 1028 wrote to memory of 980	1028	msiexec.exe	33
PID 1028 wrote to memory of 980	1028	msiexec.exe	33
PID 1028 wrote to memory of 980	1028	msiexec.exe	33
PID 1028 wrote to memory of 2080	1028	msiexec.exe	35
PID 1028 wrote to memory of 2080	1028	msiexec.exe	35
PID 1028 wrote to memory of 2080	1028	msiexec.exe	35
PID 1028 wrote to memory of 2080	1028	msiexec.exe	35
PID 1028 wrote to memory of 2080	1028	msiexec.exe	35
PID 1028 wrote to memory of 2104	1028	msiexec.exe	36
PID 1028 wrote to memory of 2104	1028	msiexec.exe	36
PID 1028 wrote to memory of 2104	1028	msiexec.exe	36
PID 1028 wrote to memory of 2104	1028	msiexec.exe	36
PID 1028 wrote to memory of 2104	1028	msiexec.exe	36
PID 1028 wrote to memory of 2120	1028	msiexec.exe	37
PID 1028 wrote to memory of 2120	1028	msiexec.exe	37
PID 1028 wrote to memory of 2120	1028	msiexec.exe	37
PID 1028 wrote to memory of 2120	1028	msiexec.exe	37
PID 1028 wrote to memory of 2120	1028	msiexec.exe	37
PID 1028 wrote to memory of 2144	1028	msiexec.exe	38
PID 1028 wrote to memory of 2144	1028	msiexec.exe	38
PID 1028 wrote to memory of 2144	1028	msiexec.exe	38
PID 1028 wrote to memory of 2144	1028	msiexec.exe	38
PID 1028 wrote to memory of 2144	1028	msiexec.exe	38
PID 1028 wrote to memory of 2184	1028	msiexec.exe	39
PID 1028 wrote to memory of 2184	1028	msiexec.exe	39
PID 1028 wrote to memory of 2184	1028	msiexec.exe	39
PID 1028 wrote to memory of 2184	1028	msiexec.exe	39
PID 1028 wrote to memory of 2184	1028	msiexec.exe	39
PID 1028 wrote to memory of 2208	1028	msiexec.exe	40
PID 1028 wrote to memory of 2208	1028	msiexec.exe	40
PID 1028 wrote to memory of 2208	1028	msiexec.exe	40
PID 1028 wrote to memory of 2208	1028	msiexec.exe	40
PID 1028 wrote to memory of 2208	1028	msiexec.exe	40
PID 1028 wrote to memory of 2228	1028	msiexec.exe	41
PID 1028 wrote to memory of 2228	1028	msiexec.exe	41
PID 1028 wrote to memory of 2228	1028	msiexec.exe	41
PID 1028 wrote to memory of 2228	1028	msiexec.exe	41
PID 1028 wrote to memory of 2228	1028	msiexec.exe	41
PID 1028 wrote to memory of 2248	1028	msiexec.exe	42
PID 1028 wrote to memory of 2248	1028	msiexec.exe	42
PID 1028 wrote to memory of 2248	1028	msiexec.exe	42
PID 1028 wrote to memory of 2248	1028	msiexec.exe	42
PID 1028 wrote to memory of 2248	1028	msiexec.exe	42
PID 1028 wrote to memory of 2268	1028	msiexec.exe	43
PID 1028 wrote to memory of 2268	1028	msiexec.exe	43
PID 1028 wrote to memory of 2268	1028	msiexec.exe	43
PID 1028 wrote to memory of 2268	1028	msiexec.exe	43
PID 1028 wrote to memory of 2268	1028	msiexec.exe	43
PID 1028 wrote to memory of 1088	1028	msiexec.exe	44
PID 1028 wrote to memory of 1088	1028	msiexec.exe	44

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Modifies Control Panel
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\system32\msiexec.exe
  "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi" /quiet /norestart /Liwear "C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_12052023-101324.log"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1864

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Loads dropped DLL
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 63C1AD525FCEBBAFFC998EA076575429
  2⤵
  PID:916
- C:\Windows\system32\MsiExec.exe
  C:\Windows\system32\MsiExec.exe -Embedding 5E332489C95362D9DCB2C246B1AAC42E
  2⤵
  - Modifies registry class
  PID:980
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" Install "C:\Program Files\VEGAS\VEGAS Pro 18.0\bdmux\BdMuxServer.exe"
    3⤵
    PID:2780
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 12c -InterruptEvent 0 -NGENProcess 11c -Pipe 128 -Comment "NGen Worker Process"
      4⤵
      PID:2872
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 12c -Pipe 184 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1736
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 188 -Pipe 190 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:696
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 18c -Pipe 1a4 -Comment "NGen Worker Process"
      4⤵
      PID:1960
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 1a0 -Pipe 1a8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:340
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 19c -Pipe 1ac -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2064
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 12c -Pipe 1b0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2152
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 188 -Pipe 1b4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2140
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 198 -InterruptEvent 0 -NGENProcess 18c -Pipe 1b8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2240
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 194 -InterruptEvent 0 -NGENProcess 1bc -Pipe 19c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2312
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 194 -InterruptEvent 0 -NGENProcess 12c -Pipe 1d0 -Comment "NGen Worker Process"
      4⤵
      PID:2380
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 194 -InterruptEvent 0 -NGENProcess 1cc -Pipe 1d4 -Comment "NGen Worker Process"
      4⤵
      PID:2600
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 194 -InterruptEvent 0 -NGENProcess 1c8 -Pipe 1d8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2680
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
  2⤵
  - Registers COM server for autorun
  PID:2080
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:2104
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:2120
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:2144
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:2184
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
  2⤵
  - Registers COM server for autorun
  PID:2208
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:2228
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
  2⤵
  - Registers COM server for autorun
  PID:2248
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:2268
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
  2⤵
  - Registers COM server for autorun
  - Modifies registry class
  PID:1088
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
  2⤵
  - Registers COM server for autorun
  PID:2308
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBControl.dll"
  2⤵
  - Modifies registry class
  PID:2328
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBUI.dll"
  2⤵
  - Modifies registry class
  PID:2344
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\x86\sfvstproxystubx86.dll"
  2⤵
  PID:2360
- C:\Windows\system32\MsiExec.exe
  "C:\Windows\system32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\sfvstwrap.dll"
  2⤵
  PID:2376
- C:\Windows\system32\MsiExec.exe
  C:\Windows\system32\MsiExec.exe -Embedding 05978CA7B65CDB74F44ECD4720034971 M Global\MSI0000
  2⤵
  PID:2400
- C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe
  "C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe" /register /user 1085
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2440
- - C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe
    "C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe"
    3⤵
    - Executes dropped EXE
    PID:2560

C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe
"C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe"
1⤵
- Executes dropped EXE
PID:2988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\6d4bf7.rbs

Filesize
479KB

MD5
268817935d28b5b05adfcce5c200ea07

SHA1
bcd0b3683439a69b8a4a669986ff76944d374a14

SHA256
a9a782782876a873784522dfa22a7f59b578c7367a87c961ac62975c5a714e89

SHA512
19eb8bf8eab2cd86c4f2c923f243d4c43cae32949d8b5575f8c6356631be42940cbc6b0b5443f245290411206d41fe7d726f857b296ff2dc440118450da55a11

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\so4compoundplug\mc_dec_mp4v.dll

Filesize
1.3MB

MD5
3c8a67f6443ca685751c14e1f8650107

SHA1
a14f7014e54aa5a6aac716be64ea55286fa5854a

SHA256
984530397a0239cf5ccfcddbe77664c4cd84978080d41daecbedf6782eb22aee

SHA512
24d3b2334592b8b756ecd1a00fa77075698be3ad7e169d7dc0b691a59244356514730eb77d22417e32fa38b65cd303997b28541ed9a7197aa5b223c8864134b5

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
12KB

MD5
41f942668af1fb38431359a18160615a

SHA1
be8eca9d8b3d8642b811b4eef03bd1cbe1dfd877

SHA256
06ed8cb8e11c56b0dd7795bdd67e41285ff18cce4eb6cc6431736242ad0efd83

SHA512
6d5730a2cf391eb8adbf235821a0581798b21bbd29740b5bc2c9547702071417539278cd816f536705d0142e17c3de0c58017200522b6241c5b3b029c475b334

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
12KB

MD5
41f942668af1fb38431359a18160615a

SHA1
be8eca9d8b3d8642b811b4eef03bd1cbe1dfd877

SHA256
06ed8cb8e11c56b0dd7795bdd67e41285ff18cce4eb6cc6431736242ad0efd83

SHA512
6d5730a2cf391eb8adbf235821a0581798b21bbd29740b5bc2c9547702071417539278cd816f536705d0142e17c3de0c58017200522b6241c5b3b029c475b334

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
12KB

MD5
41f942668af1fb38431359a18160615a

SHA1
be8eca9d8b3d8642b811b4eef03bd1cbe1dfd877

SHA256
06ed8cb8e11c56b0dd7795bdd67e41285ff18cce4eb6cc6431736242ad0efd83

SHA512
6d5730a2cf391eb8adbf235821a0581798b21bbd29740b5bc2c9547702071417539278cd816f536705d0142e17c3de0c58017200522b6241c5b3b029c475b334

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
12KB

MD5
41f942668af1fb38431359a18160615a

SHA1
be8eca9d8b3d8642b811b4eef03bd1cbe1dfd877

SHA256
06ed8cb8e11c56b0dd7795bdd67e41285ff18cce4eb6cc6431736242ad0efd83

SHA512
6d5730a2cf391eb8adbf235821a0581798b21bbd29740b5bc2c9547702071417539278cd816f536705d0142e17c3de0c58017200522b6241c5b3b029c475b334

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
4KB

MD5
7e9d40606c2fe09236f71be8b5403e7a

SHA1
0e29c6076cf856a6b9e3ae5861f970895f4ed8b4

SHA256
23ea9beeca50e50835372e0b4bf6717b914f8dc588bbf4ea596831777b990354

SHA512
60a866cf35e7023ab48f80e41888f065d37b6a65adbb0f73f7fa2fa095cb064d195caddaf559b184416da71eda41ad2e59a7f8e733b6b4ab67dc9cb9893f7fe2

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
12KB

MD5
cc2746ecdca2cab32217d29252ee2678

SHA1
40c203969660201a60f9c9e0f7d425a6412e8f2c

SHA256
29f531b75ceee1e4d886a4c733de17b839e57ef1cc70bfa7d9fcbfb442a5ba8e

SHA512
16cb43bd5e7b264c6bc97be386b7ee7ead115bf035cd4000f4a047aa2ad7edba7e62b902ae0b2b959c9f1d61a538e966daba8077a7f7c7ce151c291c2dee27de

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_fr_FR.cfg

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_fr_FR.cfg

Filesize
12KB

MD5
e3804aaa237d6c346b7d1e0fc22f2e41

SHA1
0110c55849d34fc919765a69b26bffbcc7432ff9

SHA256
3e6fc8cb364cf66978ebe5ad48776e42fcfb9f70fb8b1ec9e204f5421667eabe

SHA512
74881b64077bae6cc6aa67cb75cb5e24f48f0ad1fbb1f46bcc3b76bad991acee7acae0ea6cf5ce7b9127099c08be683504419b72c610500d8f310b7777d48f6d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ja_JP.cfg

Filesize
4KB

MD5
b2c7bfa6ce4c7bd53190f91a0895bdae

SHA1
6a5e250a1dc2f8870f435d8a57cf2b187cee3275

SHA256
5ae2fbb251b606182f0104c22861449ca17bdf5df439494a3bdaa108aae44301

SHA512
fa097d9db2fad79feeb08dc446d4252275fc2322011795238c3f94b72c1c7db302f359e3e3fe829f73c3681588ae1b72ed68b0f549c0e92f217a09fd61ad1f35

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
490B

MD5
ea32eeaa1fcc4b6f128a1e832cf85a2e

SHA1
71a6e181c964fa99a4369972b72828e38300a714

SHA256
bdfcf7068f9a46b90616a7ea5ce08101882b535492a095f57ef4d1707d711236

SHA512
71da74492eb10996d12caf71906d1353fbfc9768b768c6a3bfb612c8e4829a0364821d13241c5cd5c2a1f322783c9102eaa81ddad93f0fbb939bea1159e7083c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
4KB

MD5
a9b500ff8228bfe64991ec084adaed42

SHA1
b640ce614bda9857febf86603e34b5fa04014b26

SHA256
bf6fa34717610131d7773092b7837a31ad736618d70ffc7f83bd95c7b22506a9

SHA512
223f1d4913175e0a1b5405f50e8a12f45de2c666d850d8d87924fd2f1af2d1e363f6e5e909ad67e0bac55b9771c6248833ef0b7c79d494a3121d4ef5aadc9aeb

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg

Filesize
1024B

MD5
41c9ec7766bc0ce752eccc65be68a352

SHA1
ca0226ba622f8113c51e0939c5ca5d3eb823a467

SHA256
7ff3c188baa9f6c5fac4906f412836f120edc161a33c1ff6a16c2ffe915ac042

SHA512
13ef6b1557716fcf3f3753689beca528d1daf2a4ec330698aab8cb599309ebc1e7560c6c8c904832ec6ce761ed79b847dcbedf841e41c7d29a3236e052965538

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg

Filesize
4KB

MD5
f0f06689f028fcbe87365cf4767673cb

SHA1
9917e9ab1c15f60770fa3e3d89c5f398f4f13f86

SHA256
8d62ed6d16d4ae57ef533758d429f17c4ae911b1ceccc3429cb32094264a9c2d

SHA512
192f2cc6eef4c171df30efb9abdaff82e03c0cba1d904d10a7586cf4a13336629d8798881ff5c9871a23fa18426183a3ebc4daa2a711ea60c8dc5c1258c0f4d6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
236B

MD5
3f87afe0fe9278852fcc7e822edf75be

SHA1
c17d1da6ecde00efa666f2c3acfe8fe3684197c0

SHA256
6500d48e3dd41a9cea504d4cd11423e8451a09fbd6e952d3c477ffb07cdf0563

SHA512
e744a86be72e0407feeef78448488ba2418a5ac98b8352537945a31c85517408162b7c4f041e9c3ad55eb085a6539f8d875407f5f04d93b7d9a987341b2d350c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
2KB

MD5
f6ed651fbd878f9382e0b3be8d1b616a

SHA1
a26b76465a2979254ee9058811cf448ad22b38e9

SHA256
7986350c58fa33f4086e0409bf6816d3ca8503bcbb6e5178b6167198bfdf5f5c

SHA512
4f77c227726ac7e0449cc6c0b10bf994e20a59fa48790d45941ddf7916206c3c14fbb144c9a55698b5304c703b6eb2830c4a1a4efae517422c7881262de4bd6e

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
4KB

MD5
e2e79061dbce5b2c1c55d15e9875b0cc

SHA1
e5b179d9ee129636743137dd718590c9c6bdb60f

SHA256
1b5ae763a6e6ae3f22b085d30395ac79247cab45d5953031ab2132f1908d8f88

SHA512
f010c94bd7382635974cd8fcbee22e35f9499752a20704c1da653e1ab55df3176582a9d033e06227ab4ea8a3e72b8d560f313fb4977c4a68e0d1c7ce77909451

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.ko-KR.xml

Filesize
122KB

MD5
525763c8338bc74c4b556c2640bd1394

SHA1
7b4d894253adaca84f30147431096cb4e7ad048d

SHA256
4366790b1f64ba66f92ae7194b1e7ccd4397eacc1a65ba144d1e185fc7ee2f9b

SHA512
5a313f20e7735bede91a18ae13d5b6baba949af3bd5d121f91eb726717bdc2e132475f84c8a39fa6631099045fd338939a0482aaaa0ed7226c70c7e74a77df5d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_nb_NO.rtf

Filesize
2KB

MD5
fa703609338cc05f182d4d0d7d07fb1c

SHA1
cc34fc7d8282a2fc2bc4610ac671dce0b82661f7

SHA256
5a31feaa4bdbc96da11a4f68a7fcb36bb791dc073b41e109f7d085dd008790bc

SHA512
05e30eed8c0d921e721d3382dc26bbbef047ce77564c5926c122477500f28ae11e63522e93dd119436717878fa065d4d83e02f33d2c4e71c2c9eb1ca73412e08

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe

Filesize
45.3MB

MD5
920b2ea00247022915f4406566e5f308

SHA1
9ec00bd77340f1800d0208a48528ba3040bbf60e

SHA256
889e9fbdc19148e4a38a4962784844ed8217341a48ac3bcc5dd914203342442e

SHA512
bd0630a26e57f53a3a3b9c138ae534289572d6ef508b70bb738834be6e8f0b5c566d97dfa7c0ba12d2b5b2502b9cfe983f699460fe1e1bbc4fcf6d7260531b2d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.udat

Filesize
604KB

MD5
e34227582523dd5d6450d2a48e742d79

SHA1
0e7ad3795405d5eb2122fde5f0fc66ce74e1c855

SHA256
883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932

SHA512
cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

Download Submit
C:\ProgramData\VEGAS Pro\18.0.284\sonyinstall_x64.dll

Filesize
3.0MB

MD5
6cbb63c002bf04a8489ea320421e01e6

SHA1
1a8d18fb070773427343e746374c8d36c568e8c1

SHA256
7a679410002709fc21bf9a5b56c1fd097a556eb31b71547e309f24b23a9d92fa

SHA512
8b62795b0a886d3fca1c050faf89237c0b364b703cbff9c8cbc377205b8cdea0321910e268862fd0cbb3d78b362ec59066cc3f125887a00d72a073cd328272ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c94d8f8fd74da3533c4e6de29c27595d

SHA1
6343ca9915b05a52b8e8e8b383fdd235c8e34423

SHA256
d3fa8beb34d47a6fdc66a35f30e2a29dfa26b9ebecb9282ca2b7ab8f64f37650

SHA512
a37810d48217c100b9248e7b4d32f820f6f9437703ce8a0f249c1360828794fd5992515396005803477e7f4fd7e7d62691d238e03dc9a62d244f388a03cf1f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5449.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\inst_banner.bmp

Filesize
210KB

MD5
71b93e7050c89122d3a3eb37ca0b97fe

SHA1
784a170828d71fcf9b64a6542dcf9065d4b96e87

SHA256
08734a6c333d3eea6f5293ef1560d01e431a3d394122d5f48d5ab3100727e86e

SHA512
222c182df3eecb28cea5fea0e94cbd6945da59f778a1dc80a3a1f922c31ac78db2be3ebcccc4c97fdc923ae5f101979cfe91c8e2c1bebc1960bfc4ecaa8efdac

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi

Filesize
49.9MB

MD5
e6801cf002699ff8cfcd2b099fcefaeb

SHA1
37b58c13c284af48a2acfcc6875944bccebe00d5

SHA256
51363501212dae8bc9b33c8aec711271d311f2f360ebc620c20d36ed714995f9

SHA512
bed4d17102288fecc044fbace08b560d3597fca962ad0eebff6f094378870843904a7afeb6e7e790da2420414950e977e1ba4a0501c958abc1b8e5a040367ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\request.ini

Filesize
151B

MD5
fa9ff3978ffde13fec5f6cb8298e750f

SHA1
b7f9a156ad1c5ba3802e7b6e9d12575bb89530ad

SHA256
83b31db9d0fb7204373e94e64de5a0442bc951e8071ede45bbe3b548977adeb6

SHA512
de2a2a6d30d3cb3cdfcb57883c564a015ce5b784d1895f5fe0034e3b241b4a9f71a2d3492611dd31fd118c052f4190ed3e3f8cc59e606ab012e56a6aa6d1b6e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\vegas180.msi

Filesize
2.8MB

MD5
94a59313dd9592b79b3b03888167bbd0

SHA1
02f36fc109ddf9fd86924e88938410ea6f7eab2f

SHA256
30e1409e709335647a191c2a6310a5dd8909183577b8dc55168bb8d20fa71068

SHA512
7934b07f2ac3e04594c1235ac4ce72a09cd55d053c23c0ca39b42987cf65f6d3028cb10530e3c8bfcafd1f80fbb452ca899dd545291d8162d06aacafd496d839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5EBB.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_12052023-101324.log

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\6d4bef.msi

Filesize
49.9MB

MD5
e6801cf002699ff8cfcd2b099fcefaeb

SHA1
37b58c13c284af48a2acfcc6875944bccebe00d5

SHA256
51363501212dae8bc9b33c8aec711271d311f2f360ebc620c20d36ed714995f9

SHA512
bed4d17102288fecc044fbace08b560d3597fca962ad0eebff6f094378870843904a7afeb6e7e790da2420414950e977e1ba4a0501c958abc1b8e5a040367ec1

Download Submit
C:\Windows\Installer\MSI76BB.tmp

Filesize
123KB

MD5
5cb7ec6843aa69694096d98e467bc5e7

SHA1
ade3a650ccfff23264c3e95819126c4be6eb57cb

SHA256
c03b47bcbe6c28cfa612950814ca383dddd0d4a527cc17f1750b8385d4917aad

SHA512
540e905256195ab904d1313b72811ca73f9dcbdb419c28cbbb83232e9fee966c3d80ca322f3701a0468e9bb545e4ca08e1106ae6254f59e100e703c139e40ce9

Download Submit
C:\Windows\Installer\MSIB57C.tmp

Filesize
1.7MB

MD5
aa6140d90ba59625eff857dc9bf64125

SHA1
1c29f7ab92a4d6175dad72667b6d89a212349e07

SHA256
494d77dadb86b7bc5ed7fa8b6a3cfc16211104cb7a460808dc616118ad693888

SHA512
0e61051634cd825195d1d52f240bfdaefe48a64f9f9403d6e932357ea6020aa70bb1e5344fb010b16cea325c5d3023244587b5e3ddcf155a1dcd6e11e1a9e9f5

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log

Filesize
257KB

MD5
a83b416b0e863c862c2b7e5f21501272

SHA1
01af9ec3d597ac4801609e8caecb546b6dea2ca2

SHA256
5a4eba34f0d57983b91be782649584f37357b85802f405816222fbc21373c431

SHA512
cc6ed8a1386bc49c670edd4a64e52b0734ec1703937bfa4b1a02f9b22f3364e8b9e0038b4fe7550eb29b4bd478b208ccfca9921e331237662f25aafbbc450e06

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\BdmuxInterface\c29eefd9707f5863c584712dfa2fce0e\BdmuxInterface.ni.dll

Filesize
14KB

MD5
210e7e05bd0877bd6bff94c05d4fa917

SHA1
721e1b1c9551869765aa86bff70ff09f90d473f5

SHA256
da8beade13a30da8d9c3bd2fde3364d891c98dfe44169226e97dbc1576a0c61d

SHA512
04a71c497ba493c391a94345d9cf32e6e1e9b941aa71c4817c1144803ca6a1b6af7cd8550c683b46b445c8e39eaa48b891d947acd7f79ec0bd6005a359377511

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\BdmuxServer\d02b666817fae3897053bf933535d5c8\BdmuxServer.ni.exe

Filesize
19KB

MD5
33a3e64daf7d123b35718e5c9f1cb973

SHA1
eff370273f79aa22ef79e6ed1a7b91b424645068

SHA256
e8c5e668908debed0fdbe15ca57ef69822d0c9665a2e6f130341f2640607ecea

SHA512
2fa19268e5af65ee0767382ce141b5e17c1e9f405f53c3ce7da1de0cfb59981f0e42ab05468ab4474cbf3640595e3ae2cb81ea0f6b63a1351d5e037eb326353f

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxdh\7a28675395b714a0d49044ca328c7643\Vegmuxdh.ni.dll

Filesize
29KB

MD5
948a86d03f42dd868d0ea88a0a8e938a

SHA1
cdba3153ee135916331ab6504d0b19fabee85024

SHA256
61d1e60389d12c223fa585baa105b0b2e51bcd2349245944484dad5e8c2eae7f

SHA512
1dc19a8bc8a3106d37053beeef52d98118fac09c986969034475c2bb0f3a30e1f04948c86ff347a6dcdedea603462c07d02752362d5d49fd02a1f0c5b1842e9d

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxdw\de3bd76721b074bc5a4e266e097ca191\Vegmuxdw.ni.dll

Filesize
635KB

MD5
19053312566c5cd89388a13d7359467b

SHA1
34a306655841a17379d712407304f04b9da3c40e

SHA256
dc4575cef05fd88a260ffc3a6f72bc6ab43b63e1fe3b058f9b2494bace6c2d1f

SHA512
8d7216f1894fc33216294aa0114d1632e7651b2262157592a4b468e623c5610e1f7ef8cd88a487264b1bff5267675f33b139ffcae3158cde183ab6bd886a1378

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfa\9be06121afaaffd90a2b717be30ecc28\Vegmuxfa.ni.dll

Filesize
300KB

MD5
85f6e2a72aab992ae121c0995631e9c1

SHA1
c047d38f87e6bd329637bd5ab372cb002813708f

SHA256
95937dfd2f8cd4b8575a91004bf1fdf511e7f05d21ddef3319e12e670df10ffa

SHA512
0b0fcef708936162f04863fa05ba39aa2fded5efb6cce1542ad3e32b9526a768c33587c0d3f91875780b7f7de789d970850450d46bcf8f6320c60383f2e88688

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfb\a58dc14046669caa57df69e4dc21cd04\Vegmuxfb.ni.dll

Filesize
747KB

MD5
7e87caa5faa4deabecde67f9ef88d6b0

SHA1
46b03f90879921f5da8144edd14d3d41491c89e4

SHA256
4083b2042201c531546b56d3735addc4014636b9eb2b1aeff637949d1884d2d7

SHA512
451345276eefafc5bdf16fd2f32dbe0c9a31f97af502d8a64babf01df78416027d79d15ff8b25d59165113ee29c6dba94271434c0d5a1f5ecb997da3990750c7

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfc\d85108fae1ada8b59f216a9b39f6a9d2\Vegmuxfc.ni.dll

Filesize
133KB

MD5
6dc3fa2f255b6dd969ce49ee53c3b978

SHA1
4aa7b4b765482433c9cb03d6fd719b3b260eabf8

SHA256
3b25a342fe4cec0895098f63f9160a2341cfc4e358f7fadccfd6efc60f548bd7

SHA512
829beb66cfce12a096d4b2a070df6c85ec1e22cb0b64fedae3e8e79e64fca989b651763f7182f42a01eb95ae982601a566b1b271fcb173d9b1562fdf15a9cf7e

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfo\9a0e8b3d470cacbf3c195830d3331dea\Vegmuxfo.ni.dll

Filesize
1.1MB

MD5
2e62cfdc8503c7ed18ea111017ca9860

SHA1
8170b125e9bc5c86e1357aa76ed497091f230d83

SHA256
06a920555dae5498a535463960b5dee9494505a003f521c2aa45f48fcb43e70d

SHA512
34e3373cee18c9b0e3111b64c0e2078b37f311b735c57c2843399fb16b8b2d52d9de1d00bf6f59a8f7c7ca55dad4fa9fa99f65f96d06ce1b182bfffccf133fa8

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxmc\14c31b7571e9968d2eb92b7963f4d9e2\Vegmuxmc.ni.dll

Filesize
139KB

MD5
0d96b681e7029d551d6d5014e7529d27

SHA1
9f7ced523f30968a0212a78f0db5fb00fce80315

SHA256
1d126d9aed83d0eee1221cc84faa9e79e6b6f97e47c3bbc46383db9ad1a55992

SHA512
5b421807180556176f64145f8166e05f196a9e585d49e1d433044dd97b93d483bba68f2e267c9589e67b8b049540c3965942b8c6a2b49fea457bdaba0bf89e04

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxrt\9704ecb2402cda6438fa53165e570f7b\Vegmuxrt.ni.dll

Filesize
35KB

MD5
c6780c1322cb54126995091ac3f7a175

SHA1
4a8789ea2073a1c5ca92c32abeefa2ab3f4aad23

SHA256
a28fe5f4fd8a5111ea4eee1fe9af0594e839f74d8c38a038e5202269006cb89b

SHA512
177ac7b34ed7fd4ef496fae9fda8aebe5730e766d607668baec09e83378ce1b8ef46dc120e17185d02b4aed4a433f5364c551e0a536a0d87176fcd8d7b069f17

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxtw\0276eb0da873f35756a957a1732b1a34\Vegmuxtw.ni.dll

Filesize
207KB

MD5
0e43303e6449519d6c503febfd096425

SHA1
55c094d9ae4a97d0778ab1a13c3e6e6bc67b8ae3

SHA256
fd9e59bc2912df52de869c746890219ad082f843258423bf7b1a3c4560268977

SHA512
1d2abb7458a0bce6ac6f57f1c6a5b17ce6ad93204acde870559d08b6d15ff1a67d2e1aaaec458a3e7f25bb2dcc2dd8c68394049bc87acc5a55f6dfb57c38d349

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\mux.net\c65d6534547ab1a721c05dd946c88d19\mux.net.ni.dll

Filesize
311KB

MD5
13abecea6b0878bd756f70f61b91dc8d

SHA1
8771e71c15e5a98c39c7b366b8bfe6029cea0930

SHA256
92265a4b434809621a31cb40c39794c36ae6a46c951b3c76660f6262a7c4ff70

SHA512
8f2c0de1cf590422170f0adc50a39cbb3ece137994e0b17122b537df0a699b234e5103d870256ecf1ed464cbb454a016cfefd07ae51678c464755121a58a400e

Download Submit
\Windows\SysWOW64\mfc110chs.dll

Filesize
45KB

MD5
25da02155472aa28f83b643304b5ccfb

SHA1
ee8bc7858f5adf69dc046d09dd49a18f2cda7289

SHA256
b4f2c910e6e4197f20008db4f652dbcffc7e7b0eed0f8c8ba571de06c617de75

SHA512
c901429d2b2db8e972603977fa6b0d8eacd421ad2916741e46cd20d91f87693d451a436d19b552770f778aacef9e172d92fa2d5db6619965f1fa8ed71a7fb27a

Download Submit
\Windows\SysWOW64\mfc110chs.dll

Filesize
45KB

MD5
25da02155472aa28f83b643304b5ccfb

SHA1
ee8bc7858f5adf69dc046d09dd49a18f2cda7289

SHA256
b4f2c910e6e4197f20008db4f652dbcffc7e7b0eed0f8c8ba571de06c617de75

SHA512
c901429d2b2db8e972603977fa6b0d8eacd421ad2916741e46cd20d91f87693d451a436d19b552770f778aacef9e172d92fa2d5db6619965f1fa8ed71a7fb27a

Download Submit
\Windows\SysWOW64\mfc110cht.dll

Filesize
45KB

MD5
02e7d3d61f01adedbb539064708c68b1

SHA1
8df261a71ddd1d5737aeebbb7176a256860ed838

SHA256
eb7d071593afb1c8d985096393687c8e6b00a2c47074d57b90678976ee0b1ad8

SHA512
cb92f49b68ec87c493266e056a2d63eefe5569abfbb809ec493fb171142b043fbc90cb878ed462d45f5aadc431221f4e288b047b360f53a792182148d2a3e6b4

Download Submit
\Windows\SysWOW64\mfc110cht.dll

Filesize
45KB

MD5
02e7d3d61f01adedbb539064708c68b1

SHA1
8df261a71ddd1d5737aeebbb7176a256860ed838

SHA256
eb7d071593afb1c8d985096393687c8e6b00a2c47074d57b90678976ee0b1ad8

SHA512
cb92f49b68ec87c493266e056a2d63eefe5569abfbb809ec493fb171142b043fbc90cb878ed462d45f5aadc431221f4e288b047b360f53a792182148d2a3e6b4

Download Submit
\Windows\SysWOW64\mfc110deu.dll

Filesize
73KB

MD5
74228936b1444740fce4f037f8244983

SHA1
c891215bd4d80b74b56f62680edda82ce9c78aef

SHA256
c4ab4a92c35084d268190fed624c632665d7395847b75f3ba364d85c5b4e5499

SHA512
f6f772c9ec58f43b9fafe33f9310d4ffe3f2d2b3a695fa22568ec357d17d05d4054d162d52cd3117b91e869d18185f0d26a04db95c803b85e51480936ca4a8be

Download Submit
\Windows\SysWOW64\mfc110deu.dll

Filesize
73KB

MD5
74228936b1444740fce4f037f8244983

SHA1
c891215bd4d80b74b56f62680edda82ce9c78aef

SHA256
c4ab4a92c35084d268190fed624c632665d7395847b75f3ba364d85c5b4e5499

SHA512
f6f772c9ec58f43b9fafe33f9310d4ffe3f2d2b3a695fa22568ec357d17d05d4054d162d52cd3117b91e869d18185f0d26a04db95c803b85e51480936ca4a8be

Download Submit
\Windows\SysWOW64\mfc110enu.dll

Filesize
63KB

MD5
57a9e201f60dcde8d5d2ee2679e57c06

SHA1
c780465fdf2f6c72e571975aaa12f3ab534a264c

SHA256
bdb8a368842a9ca914b8dd26697907e8048d8dab5c567594abcd46c7677cbb8d

SHA512
3382d1b1572ff268871ff2f2108ed02a13cdcd6ea1a1a465cc9c5aa7f143b487d3e1fb42647c2148a64abbd5962d25d47c8bc74a7733712cec602cd5e5cea8d4

Download Submit
\Windows\SysWOW64\mfc110enu.dll

Filesize
63KB

MD5
57a9e201f60dcde8d5d2ee2679e57c06

SHA1
c780465fdf2f6c72e571975aaa12f3ab534a264c

SHA256
bdb8a368842a9ca914b8dd26697907e8048d8dab5c567594abcd46c7677cbb8d

SHA512
3382d1b1572ff268871ff2f2108ed02a13cdcd6ea1a1a465cc9c5aa7f143b487d3e1fb42647c2148a64abbd5962d25d47c8bc74a7733712cec602cd5e5cea8d4

Download Submit
\Windows\SysWOW64\mfc110esn.dll

Filesize
72KB

MD5
f90edef2727dd8ca9b3f8c589c9b0cbe

SHA1
15f07c1faa87babbac8b08e65a1c190b956a8e93

SHA256
d87b87630c1b79ec9544240b82965bfd0faae65cbde02aff37a42e4d44e8041a

SHA512
988affd86c76471a4b9d64aa518741c4f44cb8a7b70c60d9dff6f54ad43a85206bb02100ed381bdd239fede37f1fdeb675e48ce067f2b9e60cc682f7532c3580

Download Submit
\Windows\SysWOW64\mfc110esn.dll

Filesize
72KB

MD5
f90edef2727dd8ca9b3f8c589c9b0cbe

SHA1
15f07c1faa87babbac8b08e65a1c190b956a8e93

SHA256
d87b87630c1b79ec9544240b82965bfd0faae65cbde02aff37a42e4d44e8041a

SHA512
988affd86c76471a4b9d64aa518741c4f44cb8a7b70c60d9dff6f54ad43a85206bb02100ed381bdd239fede37f1fdeb675e48ce067f2b9e60cc682f7532c3580

Download Submit
\Windows\SysWOW64\mfc110fra.dll

Filesize
73KB

MD5
cb18433e9782c6e255a54c5a83ca5e12

SHA1
a5e444b24031444ed80c46bd05936afad481bb3d

SHA256
4caf47a2eb865dd75ce258ccfe62a8de804425a8616b8d8b0b43285554f26adb

SHA512
3990801cf48fe48182925c6fadb10981300aa960dff13cac55f307555c83cc1d25069f4c8641fda6fcf6e7c46b03da9a4bf9e8e54f90e8dcb787b28335a6a73a

Download Submit
\Windows\SysWOW64\mfc110fra.dll

Filesize
73KB

MD5
cb18433e9782c6e255a54c5a83ca5e12

SHA1
a5e444b24031444ed80c46bd05936afad481bb3d

SHA256
4caf47a2eb865dd75ce258ccfe62a8de804425a8616b8d8b0b43285554f26adb

SHA512
3990801cf48fe48182925c6fadb10981300aa960dff13cac55f307555c83cc1d25069f4c8641fda6fcf6e7c46b03da9a4bf9e8e54f90e8dcb787b28335a6a73a

Download Submit
\Windows\SysWOW64\mfc110ita.dll

Filesize
71KB

MD5
1546c92aa0b2772613d2e31bb13aa550

SHA1
07960165a99cf7176e2cad3346d99a2c398407b5

SHA256
2103cb2e7b03f7211b0c076d4d3b904ca61ded6231b67486293d516906bf804e

SHA512
0e70e6407dda1715f933164f87011fdfa73d21dbb8baf516957f060eb9f4dc1bc2cd057c277bb806ca6007b26fbd495b2a042d049a46f0e6fa34fa1e00bff875

Download Submit
\Windows\SysWOW64\mfc110ita.dll

Filesize
71KB

MD5
1546c92aa0b2772613d2e31bb13aa550

SHA1
07960165a99cf7176e2cad3346d99a2c398407b5

SHA256
2103cb2e7b03f7211b0c076d4d3b904ca61ded6231b67486293d516906bf804e

SHA512
0e70e6407dda1715f933164f87011fdfa73d21dbb8baf516957f060eb9f4dc1bc2cd057c277bb806ca6007b26fbd495b2a042d049a46f0e6fa34fa1e00bff875

Download Submit
\Windows\SysWOW64\mfc110jpn.dll

Filesize
52KB

MD5
80ff1c7795babf6aa5956ba502de68a8

SHA1
26bacec0bd19c191f9944f9a1234a4a5e152ea88

SHA256
36b88d764caab40f9daebec20c472b765171af8ac8b22dd5fea32a65d854eb3b

SHA512
e1fc8e6fb4362fe266ab2a9f1ef1d3fb5b446cf374a467dfef51205fe529348ec2a2e794cdae1adfcf4b7338f1cb617b7d0c95fe756d4ab48ca634b4ee80d8e2

Download Submit
\Windows\SysWOW64\mfc110jpn.dll

Filesize
52KB

MD5
80ff1c7795babf6aa5956ba502de68a8

SHA1
26bacec0bd19c191f9944f9a1234a4a5e152ea88

SHA256
36b88d764caab40f9daebec20c472b765171af8ac8b22dd5fea32a65d854eb3b

SHA512
e1fc8e6fb4362fe266ab2a9f1ef1d3fb5b446cf374a467dfef51205fe529348ec2a2e794cdae1adfcf4b7338f1cb617b7d0c95fe756d4ab48ca634b4ee80d8e2

Download Submit
\Windows\SysWOW64\mfc110kor.dll

Filesize
52KB

MD5
4296447cc8b48a308958f8104c62d57f

SHA1
e71ef69d30e3c8e46b81248783920a6ab6db9211

SHA256
cb6d68392b52768668d1f77679f234f2e884bc0f0d31a6fb6f9291066368b589

SHA512
e7d9f2ee30f8a3c3820b7f96f2b80749a0f2e76a73ac5fc83c87e5326f398bff117e29bb1105dfd5ee76ea28f7dc9b6d4c17acb4ff381b604e1832b62efe1e29

Download Submit
\Windows\SysWOW64\mfc110kor.dll

Filesize
52KB

MD5
4296447cc8b48a308958f8104c62d57f

SHA1
e71ef69d30e3c8e46b81248783920a6ab6db9211

SHA256
cb6d68392b52768668d1f77679f234f2e884bc0f0d31a6fb6f9291066368b589

SHA512
e7d9f2ee30f8a3c3820b7f96f2b80749a0f2e76a73ac5fc83c87e5326f398bff117e29bb1105dfd5ee76ea28f7dc9b6d4c17acb4ff381b604e1832b62efe1e29

Download Submit
\Windows\SysWOW64\mfc110rus.dll

Filesize
69KB

MD5
fae18ffad74e6c55c905f1a630d49a98

SHA1
aa40f20b119f038a5c92093d23fda06423c4d7be

SHA256
f41a5c4537d0a653d47b5939c72a0aa1fd0408e52dec9a67d2c891c8caad4f7a

SHA512
6be4b35cb6a4cdaac018f8acb6a54026da32f6b9eadc3333830579265dc53e3135651981e96e4220b83f3c71c6950f3177e4cb3be809621220b35a45b33e55ec

Download Submit
\Windows\SysWOW64\mfc110rus.dll

Filesize
69KB

MD5
fae18ffad74e6c55c905f1a630d49a98

SHA1
aa40f20b119f038a5c92093d23fda06423c4d7be

SHA256
f41a5c4537d0a653d47b5939c72a0aa1fd0408e52dec9a67d2c891c8caad4f7a

SHA512
6be4b35cb6a4cdaac018f8acb6a54026da32f6b9eadc3333830579265dc53e3135651981e96e4220b83f3c71c6950f3177e4cb3be809621220b35a45b33e55ec

Download Submit
\Windows\System32\atl110.dll

Filesize
188KB

MD5
fe00086a2fc935af640c7f302c12fe89

SHA1
919d9e63a3ed879d04bb31dc9d43a1195e24878e

SHA256
873d57e5cd660d49b403780685e91b6e3bc9e65b6e59435e0c5a5dfa1de0422c

SHA512
b9b0642b824846090a47c31e2730a568aff79b65808439277ff1ab0c0f257236f276efb1aae71ead5f6ddc8362463a9ae6843f00266e5e82ec2720792446a786

Download Submit
\Windows\System32\atl110.dll

Filesize
188KB

MD5
fe00086a2fc935af640c7f302c12fe89

SHA1
919d9e63a3ed879d04bb31dc9d43a1195e24878e

SHA256
873d57e5cd660d49b403780685e91b6e3bc9e65b6e59435e0c5a5dfa1de0422c

SHA512
b9b0642b824846090a47c31e2730a568aff79b65808439277ff1ab0c0f257236f276efb1aae71ead5f6ddc8362463a9ae6843f00266e5e82ec2720792446a786

Download Submit
\Windows\System32\atl110.dll

Filesize
188KB

MD5
fe00086a2fc935af640c7f302c12fe89

SHA1
919d9e63a3ed879d04bb31dc9d43a1195e24878e

SHA256
873d57e5cd660d49b403780685e91b6e3bc9e65b6e59435e0c5a5dfa1de0422c

SHA512
b9b0642b824846090a47c31e2730a568aff79b65808439277ff1ab0c0f257236f276efb1aae71ead5f6ddc8362463a9ae6843f00266e5e82ec2720792446a786

Download Submit
\Windows\System32\mfc110.dll

Filesize
5.3MB

MD5
ed15189b63c78cd4453954e0c9aceab0

SHA1
4cd2b0ed839d4ce4216b179f61f8606c94ce84b4

SHA256
18fca73cf08bd9d27511b2da1ec6573c352ee7d00bc5f2504a8ff56b28a73551

SHA512
a48ad34dcc68d2afd8f06c585a3cea9a6e3fdb926feb25c89ace8fa864d56265267f0205779753d50343fcc9548cdfd5559f936e036011b33a8a6e49feecf68f

Download Submit
\Windows\System32\mfc110.dll

Filesize
5.3MB

MD5
ed15189b63c78cd4453954e0c9aceab0

SHA1
4cd2b0ed839d4ce4216b179f61f8606c94ce84b4

SHA256
18fca73cf08bd9d27511b2da1ec6573c352ee7d00bc5f2504a8ff56b28a73551

SHA512
a48ad34dcc68d2afd8f06c585a3cea9a6e3fdb926feb25c89ace8fa864d56265267f0205779753d50343fcc9548cdfd5559f936e036011b33a8a6e49feecf68f

Download Submit
\Windows\System32\mfc110chs.dll

Filesize
45KB

MD5
10ae8bff037a69718ee6f4aea2a3c752

SHA1
2909ac4ec88bdadd947c8fe82db5e1ea6f0f31f9

SHA256
ba804369560a31d6e9e623f37abaea3e5bf06cca457de3fe8a1c26786f2d1238

SHA512
3175f7e3a01159542cea1fc82257d40bff47c832a2ca2e168e31633dfc6c50bd4981784469a2deaf44309d7888276ec9d36a795c993cf2cf261baaf7d25ca9f5

Download Submit
\Windows\System32\mfc110chs.dll

Filesize
45KB

MD5
10ae8bff037a69718ee6f4aea2a3c752

SHA1
2909ac4ec88bdadd947c8fe82db5e1ea6f0f31f9

SHA256
ba804369560a31d6e9e623f37abaea3e5bf06cca457de3fe8a1c26786f2d1238

SHA512
3175f7e3a01159542cea1fc82257d40bff47c832a2ca2e168e31633dfc6c50bd4981784469a2deaf44309d7888276ec9d36a795c993cf2cf261baaf7d25ca9f5

Download Submit
\Windows\System32\mfc110cht.dll

Filesize
45KB

MD5
405e6cee49f463f406c0a51af82eb964

SHA1
3f77052afdaeb6317ce6c2b682bb65f9a5c2ca00

SHA256
06b7b1bdd83b32c621d4a9349280ab99455c830643d97a78e78ed844fb30e5ab

SHA512
2b70fba962fa1b39e1e134bf5157db7e9016808779f6413d9f9aed909b59cd11daaf85c61d3ae0862019c8c87f1d21d7b49960cfedb10fccfb5d0b5ab3754517

Download Submit
\Windows\System32\mfc110cht.dll

Filesize
45KB

MD5
405e6cee49f463f406c0a51af82eb964

SHA1
3f77052afdaeb6317ce6c2b682bb65f9a5c2ca00

SHA256
06b7b1bdd83b32c621d4a9349280ab99455c830643d97a78e78ed844fb30e5ab

SHA512
2b70fba962fa1b39e1e134bf5157db7e9016808779f6413d9f9aed909b59cd11daaf85c61d3ae0862019c8c87f1d21d7b49960cfedb10fccfb5d0b5ab3754517

Download Submit
\Windows\System32\mfc110deu.dll

Filesize
73KB

MD5
c2dcb7fd239b310896985d2b31c089f7

SHA1
ae3ecc96b21d3a3b32e8d77c3922c90f440f4913

SHA256
70969f6ffc7dddeb26588410cf3bee5c40d27761d4116859f4e25b083656bce6

SHA512
e9af9ad4b2df18b5efdf641b97fed8dbf6d528fb9737d2437e68971a8c8f1bf3d18b2480df6be41ecb05af8d96568f07894b1ff59cf4bd28820cf810ed9cf9da

Download Submit
\Windows\System32\mfc110deu.dll

Filesize
73KB

MD5
c2dcb7fd239b310896985d2b31c089f7

SHA1
ae3ecc96b21d3a3b32e8d77c3922c90f440f4913

SHA256
70969f6ffc7dddeb26588410cf3bee5c40d27761d4116859f4e25b083656bce6

SHA512
e9af9ad4b2df18b5efdf641b97fed8dbf6d528fb9737d2437e68971a8c8f1bf3d18b2480df6be41ecb05af8d96568f07894b1ff59cf4bd28820cf810ed9cf9da

Download Submit
\Windows\System32\mfc110enu.dll

Filesize
63KB

MD5
2f41fa824c59cdc2c3e057d55069f826

SHA1
67518ca99b7d14876aa560108bb48b4591e82eac

SHA256
6279e0d79f7f5cb25431de09a76d6c6db197e6b2a6713b9329a1d2273271ccd6

SHA512
82fbb139cce703381560cd4936cc9f9c3e3d7dbf6ff82034544b469c37513134a797ed1bdb103bc1d021436ac629bf35fce8c0dc17da33a1fb86b2d09f04e8c6

Download Submit
\Windows\System32\mfc110enu.dll

Filesize
63KB

MD5
2f41fa824c59cdc2c3e057d55069f826

SHA1
67518ca99b7d14876aa560108bb48b4591e82eac

SHA256
6279e0d79f7f5cb25431de09a76d6c6db197e6b2a6713b9329a1d2273271ccd6

SHA512
82fbb139cce703381560cd4936cc9f9c3e3d7dbf6ff82034544b469c37513134a797ed1bdb103bc1d021436ac629bf35fce8c0dc17da33a1fb86b2d09f04e8c6

Download Submit
\Windows\System32\mfc110esn.dll

Filesize
72KB

MD5
99542f773cc9b80e91a870ad771728b6

SHA1
0857599bca0fa9df2705d4dfc46239566fa7e815

SHA256
272cf9f204737851f31161d6e6a31347918b33dfc052d0ad046f5d7a9c2ad14d

SHA512
890b8d839748872e7503c16d66597d24ae0d36a7f0137301b15af9579dd862908d109ab9ed648c3be0749fe058be68d69845267e61db3aef6d7ec9a6855e252b

Download Submit
\Windows\System32\mfc110esn.dll

Filesize
72KB

MD5
99542f773cc9b80e91a870ad771728b6

SHA1
0857599bca0fa9df2705d4dfc46239566fa7e815

SHA256
272cf9f204737851f31161d6e6a31347918b33dfc052d0ad046f5d7a9c2ad14d

SHA512
890b8d839748872e7503c16d66597d24ae0d36a7f0137301b15af9579dd862908d109ab9ed648c3be0749fe058be68d69845267e61db3aef6d7ec9a6855e252b

Download Submit
\Windows\System32\mfc110fra.dll

Filesize
73KB

MD5
44fe45c7fb65697649cdd60f1c57e022

SHA1
b93fe4a462b6720587e898068961f6c601b57db1

SHA256
90d556905811217470a98de3d08d0b523313729dd7b799d324a9424cdb618600

SHA512
e02fb3058748b25a94eb669d69859b6b2083926c96899ad02132574f2448844f255a60589cf8152d948d2f51a899b52c0fbd1f668a81671aa92ce59c521cb954

Download Submit
\Windows\System32\mfc110fra.dll

Filesize
73KB

MD5
44fe45c7fb65697649cdd60f1c57e022

SHA1
b93fe4a462b6720587e898068961f6c601b57db1

SHA256
90d556905811217470a98de3d08d0b523313729dd7b799d324a9424cdb618600

SHA512
e02fb3058748b25a94eb669d69859b6b2083926c96899ad02132574f2448844f255a60589cf8152d948d2f51a899b52c0fbd1f668a81671aa92ce59c521cb954

Download Submit
\Windows\System32\mfc110ita.dll

Filesize
71KB

MD5
5c2cc00020b825e82217fe4fd99037fd

SHA1
aaa698a70436bf5b3963976441b727dc56558513

SHA256
5dedfc5fabb64875918cf846628a133744bb8812bc9319f517e9e584b181aada

SHA512
6fd9307e9b15a7f5f036e3f3829dbef8763764b01b26a2cbc510b42d8b68a4205f9a8136c76837a2da420e145dd5202ae707a8afdf8ef66a951eda72435461dd

Download Submit
\Windows\System32\mfc110ita.dll

Filesize
71KB

MD5
5c2cc00020b825e82217fe4fd99037fd

SHA1
aaa698a70436bf5b3963976441b727dc56558513

SHA256
5dedfc5fabb64875918cf846628a133744bb8812bc9319f517e9e584b181aada

SHA512
6fd9307e9b15a7f5f036e3f3829dbef8763764b01b26a2cbc510b42d8b68a4205f9a8136c76837a2da420e145dd5202ae707a8afdf8ef66a951eda72435461dd

Download Submit
\Windows\System32\mfc110jpn.dll

Filesize
52KB

MD5
87a1daf7680142e4962e0e7776c53877

SHA1
fd82ac55ddedb62b24b4510f65ca8bc2361d5628

SHA256
b3aab7a77d7d1379be3b5e87bc627dd933074cb6897300c479ff2a5c67fe8efd

SHA512
f9fed03fbc0120f8401caee090d2fe2559e0f765a04604aa53bdb6d535d7f2820d25bd9d3691898934e3292306328da9c9612694d5b6432cf63c2bdc01cbdd6a

Download Submit
\Windows\System32\mfc110jpn.dll

Filesize
52KB

MD5
87a1daf7680142e4962e0e7776c53877

SHA1
fd82ac55ddedb62b24b4510f65ca8bc2361d5628

SHA256
b3aab7a77d7d1379be3b5e87bc627dd933074cb6897300c479ff2a5c67fe8efd

SHA512
f9fed03fbc0120f8401caee090d2fe2559e0f765a04604aa53bdb6d535d7f2820d25bd9d3691898934e3292306328da9c9612694d5b6432cf63c2bdc01cbdd6a

Download Submit
\Windows\System32\mfc110kor.dll

Filesize
52KB

MD5
3172360933d603020c082f87a482a457

SHA1
1ff5de6b281566c6b474d073d5749bd6f137065f

SHA256
cead3aab9ec7d02c826b0701292a11222cbc213b47ac1f3f040f38730a3202e0

SHA512
b2016ace0188d6f28a28d26fbb74688412b55f94b7b13d6e46c739d8f3bf461916e3fcf1cd666d5217d868153ae3ea91a1fbe42d800f395a301667e43b4cf8ba

Download Submit
\Windows\System32\mfc110kor.dll

Filesize
52KB

MD5
3172360933d603020c082f87a482a457

SHA1
1ff5de6b281566c6b474d073d5749bd6f137065f

SHA256
cead3aab9ec7d02c826b0701292a11222cbc213b47ac1f3f040f38730a3202e0

SHA512
b2016ace0188d6f28a28d26fbb74688412b55f94b7b13d6e46c739d8f3bf461916e3fcf1cd666d5217d868153ae3ea91a1fbe42d800f395a301667e43b4cf8ba

Download Submit
\Windows\System32\mfc110rus.dll

Filesize
69KB

MD5
ed679e821b2ed9b9e38c18ef3549a292

SHA1
8f8a88fdf786117a9dff9bb528e03cd55e176833

SHA256
972e7259cb56ee54a4e5e31df1324f78fe22703535fc6ffc8e9f5eb4ae421ab5

SHA512
beaee5974ece2f92143e92e064ff470b11a842747deed2ff8f429f986635c269e004aa7330a6101e329f9bea8703531cf42382d1a4e107b759bd6e250f986113

Download Submit
\Windows\System32\mfc110rus.dll

Filesize
69KB

MD5
ed679e821b2ed9b9e38c18ef3549a292

SHA1
8f8a88fdf786117a9dff9bb528e03cd55e176833

SHA256
972e7259cb56ee54a4e5e31df1324f78fe22703535fc6ffc8e9f5eb4ae421ab5

SHA512
beaee5974ece2f92143e92e064ff470b11a842747deed2ff8f429f986635c269e004aa7330a6101e329f9bea8703531cf42382d1a4e107b759bd6e250f986113

Download Submit
\Windows\System32\mfc110u.dll

Filesize
5.4MB

MD5
f110cf19d56f58606eaae8a685279338

SHA1
1f5f9b99929fb39cb7ff002fb0d7a21fcd43063f

SHA256
49559ea7183464f3564c562e7d216ce78ef1e66ac9dea2ece32dae00905f385c

SHA512
98c6aa12a16bdb450759fe9bb344e740f51c498426011372f81cd6bf8a20ae6eabbffb131a3c6c0e0e3f2a9bf687aff98ab3cad8891f5f2b2c522f2c00456f43

Download Submit
\Windows\System32\mfc110u.dll

Filesize
5.4MB

MD5
f110cf19d56f58606eaae8a685279338

SHA1
1f5f9b99929fb39cb7ff002fb0d7a21fcd43063f

SHA256
49559ea7183464f3564c562e7d216ce78ef1e66ac9dea2ece32dae00905f385c

SHA512
98c6aa12a16bdb450759fe9bb344e740f51c498426011372f81cd6bf8a20ae6eabbffb131a3c6c0e0e3f2a9bf687aff98ab3cad8891f5f2b2c522f2c00456f43

Download Submit
\Windows\System32\mfcm110.dll

Filesize
88KB

MD5
4e3685c1423c10273102efffad418ceb

SHA1
46e59eca1fe8af6a6f4a0803492acb3b1471852a

SHA256
8d8e108ab7b57de812db4736811311595e1b785deebff1868dea739720290b84

SHA512
ab6be1bb9384435e08ebe2ca103f1e369eef5927c494c6cdfc2a223c49f49c05a47b76811acfd803b2b75394dcf9b0e675556989152534a1c4c56e82330b4560

Download Submit
\Windows\System32\mfcm110.dll

Filesize
88KB

MD5
4e3685c1423c10273102efffad418ceb

SHA1
46e59eca1fe8af6a6f4a0803492acb3b1471852a

SHA256
8d8e108ab7b57de812db4736811311595e1b785deebff1868dea739720290b84

SHA512
ab6be1bb9384435e08ebe2ca103f1e369eef5927c494c6cdfc2a223c49f49c05a47b76811acfd803b2b75394dcf9b0e675556989152534a1c4c56e82330b4560

Download Submit
\Windows\System32\mfcm110u.dll

Filesize
88KB

MD5
41a15a02c343bc5640a0a8dab6cee181

SHA1
1794f16ea26d1d214b7568787361525da8a4ae67

SHA256
4fd4dad2f823aae2f65f0ade89b22bba24edd35e0bac685c91ab3be0efa104e9

SHA512
7a0949836956b557f0ea9a8f7ea879d8002f8be8a09616a041a5c5feb6254a439eff8d82ddcfe2de3550d75d7bcf18816c3013ba7025c3c46953916dbd2aba8d

Download Submit
\Windows\System32\mfcm110u.dll

Filesize
88KB

MD5
41a15a02c343bc5640a0a8dab6cee181

SHA1
1794f16ea26d1d214b7568787361525da8a4ae67

SHA256
4fd4dad2f823aae2f65f0ade89b22bba24edd35e0bac685c91ab3be0efa104e9

SHA512
7a0949836956b557f0ea9a8f7ea879d8002f8be8a09616a041a5c5feb6254a439eff8d82ddcfe2de3550d75d7bcf18816c3013ba7025c3c46953916dbd2aba8d

Download Submit
\Windows\System32\msvcp110.dll

Filesize
645KB

MD5
7caa1b97a3311eb5a695e3c9028616e7

SHA1
2a94c1cecfb957195fcbbf1c59827a12025b5615

SHA256
27f394ae01d12f851f1dee3632dee3c5afa1d267f7a96321d35fd43105b035ad

SHA512
8818af4d4b1de913aae5cb7168dcec575eabc863852315e090245e887ef9036c81aabaf9dff6dee98d4ce3b6e5e5fc7819eccf717a1d0a62dc0df6f85b6feeb8

Download Submit
\Windows\System32\msvcp110.dll

Filesize
645KB

MD5
7caa1b97a3311eb5a695e3c9028616e7

SHA1
2a94c1cecfb957195fcbbf1c59827a12025b5615

SHA256
27f394ae01d12f851f1dee3632dee3c5afa1d267f7a96321d35fd43105b035ad

SHA512
8818af4d4b1de913aae5cb7168dcec575eabc863852315e090245e887ef9036c81aabaf9dff6dee98d4ce3b6e5e5fc7819eccf717a1d0a62dc0df6f85b6feeb8

Download Submit
\Windows\System32\msvcr110.dll

Filesize
829KB

MD5
7c3b449f661d99a9b1033a14033d2987

SHA1
6c8c572e736bc53d1b5a608d3d9f697b1bb261da

SHA256
ae996edb9b050677c4f82d56092efdc75f0addc97a14e2c46753e2db3f6bd732

SHA512
a58783f50176e97284861860628cc930a613168be70411fabafbe6970dcccb8698a6d033cfc94edf415093e51f3d6a4b1ee0f38cc81254bdccb7edfa2e4db4f8

Download Submit
\Windows\System32\msvcr110.dll

Filesize
829KB

MD5
7c3b449f661d99a9b1033a14033d2987

SHA1
6c8c572e736bc53d1b5a608d3d9f697b1bb261da

SHA256
ae996edb9b050677c4f82d56092efdc75f0addc97a14e2c46753e2db3f6bd732

SHA512
a58783f50176e97284861860628cc930a613168be70411fabafbe6970dcccb8698a6d033cfc94edf415093e51f3d6a4b1ee0f38cc81254bdccb7edfa2e4db4f8

Download Submit
\Windows\System32\vcamp110.dll

Filesize
376KB

MD5
0ab01b9ae2193fa1f3c25da163db5f36

SHA1
38d6fba7d32d3c633efb5cf5c5902ede7372384a

SHA256
b26ddd1aeaf3f81edcc5a55a1938357a466ea2b0652560c4999faa92960f6190

SHA512
0ab503ea4cda9bb9ce601a4aa9c693b58f2629aa0ceca524552e8168b9d1cee77577a20ce7afb719ef2a217286c38a67841db222a46074b3f1aa17220431311f

Download Submit
\Windows\System32\vcamp110.dll

Filesize
376KB

MD5
0ab01b9ae2193fa1f3c25da163db5f36

SHA1
38d6fba7d32d3c633efb5cf5c5902ede7372384a

SHA256
b26ddd1aeaf3f81edcc5a55a1938357a466ea2b0652560c4999faa92960f6190

SHA512
0ab503ea4cda9bb9ce601a4aa9c693b58f2629aa0ceca524552e8168b9d1cee77577a20ce7afb719ef2a217286c38a67841db222a46074b3f1aa17220431311f

Download Submit
\Windows\System32\vccorlib110.dll

Filesize
345KB

MD5
2aeb4f8e2bd49fa46e7fca142a1003a8

SHA1
64c1a86155fce5c2d0612ff6e88f625406103835

SHA256
f5f635c0cf8252b81c8283ae7063e5bdbc7d608ee8798ec6064707b489339d5d

SHA512
a85e17b2a370a1776c6e3c3a3f975bea5c1f25a5beb5a81512f77503d4098c17e838cfc04a771c1d7db203b8deafcc1335ada66cb1ba040fa5df444065e788f0

Download Submit
\Windows\System32\vccorlib110.dll

Filesize
345KB

MD5
2aeb4f8e2bd49fa46e7fca142a1003a8

SHA1
64c1a86155fce5c2d0612ff6e88f625406103835

SHA256
f5f635c0cf8252b81c8283ae7063e5bdbc7d608ee8798ec6064707b489339d5d

SHA512
a85e17b2a370a1776c6e3c3a3f975bea5c1f25a5beb5a81512f77503d4098c17e838cfc04a771c1d7db203b8deafcc1335ada66cb1ba040fa5df444065e788f0

Download Submit
\Windows\System32\vcomp110.dll

Filesize
134KB

MD5
2d73b9301db9798bd740ed393c13b9e2

SHA1
6b43b30aca5cbddb636b35ff4c6a7fa6830666c2

SHA256
30dbc138c12eca9cd0721c2208fd8c657090ac39b1cb7d20f1aa19935cdd946d

SHA512
52d4ef7563712e8620b03d350a177408d4920842b41116a65eeb235e24cd2c0cf60aadd2ea51865186d0c2077012ce2e253c58364a6ceb913371eb1721f3f4d0

Download Submit
\Windows\System32\vcomp110.dll

Filesize
134KB

MD5
2d73b9301db9798bd740ed393c13b9e2

SHA1
6b43b30aca5cbddb636b35ff4c6a7fa6830666c2

SHA256
30dbc138c12eca9cd0721c2208fd8c657090ac39b1cb7d20f1aa19935cdd946d

SHA512
52d4ef7563712e8620b03d350a177408d4920842b41116a65eeb235e24cd2c0cf60aadd2ea51865186d0c2077012ce2e253c58364a6ceb913371eb1721f3f4d0

Download Submit
memory/1736-3983-0x0000000002CF0000-0x0000000002D30000-memory.dmp

Filesize
256KB

Download
memory/1960-4007-0x0000000002AC0000-0x0000000002B00000-memory.dmp

Filesize
256KB

Download
memory/2080-3892-0x00000000002C0000-0x00000000002D6000-memory.dmp

Filesize
88KB

Download
memory/2104-3894-0x00000000001B0000-0x00000000001C6000-memory.dmp

Filesize
88KB

Download
memory/2120-3896-0x00000000002A0000-0x00000000002B6000-memory.dmp

Filesize
88KB

Download
memory/2144-3898-0x0000000000150000-0x0000000000166000-memory.dmp

Filesize
88KB

Download
memory/2184-3902-0x00000000001A0000-0x00000000001B6000-memory.dmp

Filesize
88KB

Download
memory/2208-3904-0x0000000000160000-0x0000000000176000-memory.dmp

Filesize
88KB

Download
memory/2228-3906-0x00000000003D0000-0x00000000003E6000-memory.dmp

Filesize
88KB

Download
memory/2248-3908-0x0000000000120000-0x0000000000136000-memory.dmp

Filesize
88KB

Download
memory/2268-3910-0x0000000000130000-0x0000000000146000-memory.dmp

Filesize
88KB

Download
memory/2376-3919-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2440-3925-0x000000013F930000-0x00000001428FA000-memory.dmp

Filesize
47.8MB

Download
memory/2872-3965-0x0000000002E30000-0x0000000002E70000-memory.dmp

Filesize
256KB

Download
memory/2872-3973-0x0000000004FD0000-0x0000000004FD1000-memory.dmp

Filesize
4KB

Download