faf416a42199707bb6a33297ac7ba0102d82b65ef17db1064369dfc253d5be75

Analysis

max time kernel
141s
max time network
170s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
22/05/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sony Vegas Pro 18.0/Setup.exe
Size

693.2MB
MD5

1afd68147ac485753917930116210a40
SHA1

8c8deec48a8a7c3d4e5af8e26e8b3d09decad08b
SHA256

3988557312ceca76bee86e2df0c34f2cdc7b2dc370846ba8390ae1d36d61e900
SHA512

4cd02d60b7f30c7b5e08e312330342c124c9fb4cda01ba99e8d765a4040ee7832760a25c1d9e32a5e5a3a4521a4bd2c2a75a6b48395f32da1959f2117dadeacb
SSDEEP

12582912:bGbk9hNMUyBXnkRSuLBCF8WwX2VX0I/wY3jCMQRoMCb+RSGcYHqEtZF8:lM5XnVTSX2VX0I/fjCpob+RSGdx8

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3416	vegas180.exe
4272	ErrorReportLauncher.exe
976	vegas180.exe
3284	ErrorReportLauncher.exe

Loads dropped DLL 64 IoCs

pid	Process
4992	MsiExec.exe
4992	MsiExec.exe
2100	MsiExec.exe
4992	MsiExec.exe
2100	MsiExec.exe
1488	MsiExec.exe
1488	MsiExec.exe
1488	MsiExec.exe
4264	MsiExec.exe
4264	MsiExec.exe
4264	MsiExec.exe
3556	MsiExec.exe
3556	MsiExec.exe
3556	MsiExec.exe
1480	MsiExec.exe
1480	MsiExec.exe
1480	MsiExec.exe
4504	MsiExec.exe
4504	MsiExec.exe
4504	MsiExec.exe
544	MsiExec.exe
544	MsiExec.exe
544	MsiExec.exe
2256	MsiExec.exe
2256	MsiExec.exe
2256	MsiExec.exe
1784	MsiExec.exe
1784	MsiExec.exe
1784	MsiExec.exe
3200	MsiExec.exe
3200	MsiExec.exe
3200	MsiExec.exe
4300	MsiExec.exe
4300	MsiExec.exe
4300	MsiExec.exe
492	MsiExec.exe
492	MsiExec.exe
492	MsiExec.exe
1516	MsiExec.exe
1584	MsiExec.exe
2292	MsiExec.exe
1336	MsiExec.exe
1336	MsiExec.exe
4672	MsiExec.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
3416	vegas180.exe
2100	MsiExec.exe
2100	MsiExec.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA1-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F59DD74A-14E1-11D2-B3B2-00A0C90642CC}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sffrgpnv_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A21-79BE-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{824AFE10-2098-4254-B2C3-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{260DF3E2-AC77-11D2-9E93-00C04F68BE44}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224541-6F92-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5FF5B4A1-858F-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E70F0382-64B1-44C0-8F7C-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{70046AFD-C0B1-4EB0-9D13-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5204E8B8-4657-4733-A6EB-00AA006BA2BA}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224541-6F92-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC26-0F62-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC2A-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E1-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BA97FC22-0F62-11D2-9887-00A0C969725B}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28D9F1E1-6ECC-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sftrkfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{87FF3E97-AD64-4363-88C1-D28521C362F1}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\mchammer_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29261-79B1-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7227EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA1-9BB9-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack3_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F09F6981-7845-11D0-AEBC-00A0C9053912}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
9	3024	msiexec.exe
10	3024	msiexec.exe
11	3024	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in System32 directory 52 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110cht.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\DLLDEV32i.dll	vegas180.exe
File opened for modification	C:\Windows\SysWOW64\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110esn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangFR.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp71.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangDE.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110.dll	msiexec.exe
File created	C:\Windows\SysWOW64\DLLDEV32i.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBUI.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangRU.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangES.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110chs.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr70.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr71.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBControl.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangJA.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp110.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Resources\Stabilize.ja-JP.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Bitmaps\MxAutoUpdate\dialogs_main_template_hilite.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\Log2_48_nits_Shaper.RRT.P3D65_ST2084__108_nits_.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\plugins.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Presets\PresetPackage.zh-CN.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofxRotation.ofx.bundle\Contents\Resources\VegasOfxRotation.pt-BR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Resource\UnlockDialog_NL.ini	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll	msiexec.exe
File created	C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Help Files\sffrgpnv_x64.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] Intimate Room.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] Reverb_Vocal_Ambient_Room.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\ProjectNotesHolder.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_sv_SE.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\pt-BR\ScriptPortal.MediaSoftware.DeviceExp.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcmp4xavcs\mc_open_cl\mc_config_avc_opencl.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfplug\SMDK-VC110-x86-4_0_0.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\ChorusFlanger\[Sys] Acoustic Guitar.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Black Face FET-1.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_de_DE.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\fonts\huntress.otf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Filters.ofx.bundle\Contents\Resources\Filters.zh-CN.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\es\ScriptPortal.Vegas.RelinkSonyWirelessAdapterMedia.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Bitmaps\CUnlockVersionP3LicenceExpiring.ini	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfplug3\smdkwrap3.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\29484.png	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Presets\PresetPackage.ko-KR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] Classic Snare Plate - wet.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\bg.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\snapshot_blob.bin	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Gate\[Sys] Voiceover_Gate.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] Endless MonoDelay.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_ko_KR.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\ngraph.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\pt-BR\ScriptPortal.Vegas.Slideshow.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\V3_LogC_3200_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\mxmetamux_x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Loud Neighbours.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\V3_LogC_640_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Phaser\[Sys] Synth Pad Mover.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\ngen.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Gate\Default.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\V-Log_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Patchlists\ChorusFlanger\Default.epl	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\it.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\es\ScriptPortal.MediaSoftware.DeviceExp.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcaacplug\mcaacplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcplug2\mc_config_mp2m.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcplug2\mc_demux_mp4.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Black Face FET-1-Parallel comp. Vocal.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Resources\ofx360Stabilizer.ko-KR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\QuickStartLibrary.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Resources\MagixCVFx.de-DE.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_ru_RU.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\aifplug\aifplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcplug2\mc_mfimport.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_fr_FR.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Microsoft.EntityFrameworkCore.Design.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\readme\HTML_ASSETS\release-banner_rus.jpg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Online\MagixOFA-ja.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\sk.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Resource\UnlockDialog_PT.ini	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Extreme Guitar Compression.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Resources\gui.xml	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140deu.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index22.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2d.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522205818314.1\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e.manifest	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_vcomp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcamp140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF91.tmp	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\indexd.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index18.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140jpn.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP76BD.tmp\System.DirectoryServices.Protocols.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_atl100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140ita.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vccorlib140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index29.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522205818205.0\msvcp90.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522205818408.0\msvcm80.dll	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index20.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index26.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\msvcp140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\concrt140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140chs.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38D9.tmp\mux.net.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E07.tmp\System.Transactions.dll	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index29.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\SystemTemp\~DF951783A7466C9743.TMP	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522205818236.0\9.0.30729.4148.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522205818439.1\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723.cat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140enu.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140kor.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\msvcp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140ita.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfcm140u.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20240522205818392.0	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1f.dat	mscorsvw.exe
File created	C:\Windows\Installer\SourceHash{75111FE1-CE55-11EA-8B12-00155D43CFCE}	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\indexb.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1a.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcamp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5181.tmp\System.Runtime.Remoting.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2d.dat	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\msvcp140.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\{75111FE1-CE55-11EA-8B12-00155D43CFCE}\sfpca.ico	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index25.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522205818377.1\9.0.30729.4148.cat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcomp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP66A0.tmp\System.Windows.Forms.dll	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcamp140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index15.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1f.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20240522205818189.0\9.0.30729.4148.cat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140kor.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\e58b4f3.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index16.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index14.dat	mscorsvw.exe

Modifies Control Panel 7 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Filename = "Setup.exe"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Description = "Sony Application"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001\Version = "4294967295"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1001	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Control Panel\Microsoft Input Devices	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000\Control Panel\Microsoft Input Devices\Mouse	Setup.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\Pins\Input\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBUIControl.CddbUI\ = "CddbUI Class"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}\Pins\Output	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8722111A-DE20-48ac-832D-0CEDA23212AB}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\FriendlyName = "VEGAS Graphic EQ"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedMany = "0"	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{0000000B-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8722111A-DE20-48ac-832D-0CEDA23212AB}\TypeLib\ = "{26BF9366-95A2-463B-8237-238114494AF7}"	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.ATL,version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 40003d00780035004e004800610050006900280050005800640068002900680072006d004f006b003e0036006b007d00700048004c004800240053004400650038004d006b0062004900640046007700550000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{471D8C3F-D01A-42D5-8132-39AF8A3C0ECC}	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.OpenMP,version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 40003d00780035004e004800610050006900280050005800640068002900680072006d004f006b003e00370030002d0054002400210028002a0026004e00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas180_vf\CLSID\ = "{74D54F5E-CE55-11EA-BD9E-00155D43CFCE}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbURLManager\CurVer\ = "CDDBControl.CddbURLManager.1"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1024083A-700E-4930-8C75-DA9DFD3F4CE8}\ID3 = "2578555734"	vegas180.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\vegas180_pca\shell\Open\command\command = 5a0067002e005e004d00480061005000690028002b007400640068002900680072006d004f006b0069006e007300740061006c006c00650072005f0064006100740061003e006e002d004b00730044004800610050006900280068005d00660068002900680072006d004f006b002000220025003100220000000000	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBF37BA1-2F4F-11D3-B02F-00C04F4C0826}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B77C6368-3FFB-437D-B879-BA92D981493A}\TypeLib\Version = "1.0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2C767ED-0E50-4A1D-AF6E-EAF1F16EB1C2}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBUIControl.CddbUIOptions2\CLSID	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000A-0F56-11D2-9887-00A0C969725B}\Pins\Output\ConnectsToPin = "Input"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{69E9B473-22E6-471D-8683-84BD1E4BECE1}\ProgID	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{45CCD308-F7E1-477e-A14C-CBFBB3DC07E4}\VersionIndependentProgID\ = "CDDBControl.CddbListManager"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B67BD60-1238-11D3-8F9D-00C04F4C3B9F}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbSegment\CLSID\ = "{BBF37B9E-2F4F-11D3-B02F-00C04F4C0826}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5F6A243-301B-11D3-B030-00C04F4C0826}\TypeLib	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448721-96FD-11D0-AEBC-00A0C9053912}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfppack2_x64.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\Pins\Input\Types	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C7B5FB82-1031-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F59DD74A-14E1-11D2-B3B2-00A0C90642CC}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\sfxpfx1_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BBF37B95-2F4F-11D3-B02F-00C04F4C0826}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList\Media\335 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.FullName\CLSID	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\SourceList\Media\25 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\SourceList\Media\32 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}\{00000000-0000-0000-0000-000000000000}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}\1dc35b4830db0c7f7a56865d83814be6	vegas180.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbListManager	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A23B-301B-11D3-B030-00C04F4C0826}\TypeLib\Version = "1.0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBUIControl.CddbUI2.1\ = "CddbUI2 Class"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Input\IsRendered = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB9B3E2A-CCD4-434E-92DD-8703698B5E11}\ProgID	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0E2B8CCD-26B6-41EA-AC4E-470747C4F990}\ProxyStubClsid32\ = "{9BD3160E-0464-485E-A672-D806BEB00E29}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}\Pins	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0528CDF-F67E-11D2-8F8E-00C04F4C3B9F}\ = "ICddbDiscs"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A380AD0F-12B1-4AAA-8E4F-EAE0E446C9F4}\ = "ICddbTrack2_5"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{07D8026C-F806-459D-9797-ED72536F0EF8}\TypeLib\ = "{26BF9366-95A2-463B-8237-238114494AF7}"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}\Pins\Input\IsRendered = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\Pins\Input\ConnectsToPin = "Output"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}\InprocServer32\ = "C:\\Program Files (x86)\\VEGAS\\Shared Plug-Ins\\Audio_x64\\xpvinyl_x64.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2F27D2C8-2AA0-48A2-B082-00AA006BA2BA}\ = "MCHammer Property Page 3"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8F8A59E5-1388-11D3-8F9D-00C04F4C3B9F}\TypeLib\Version = "1.0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}\Pins\Input\Types\{73647561-0000-0010-8000-00AA00389B71}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BBF37BA2-2F4F-11D3-B02F-00C04F4C0826}\InprocServer32\ = "C:\\Windows\\SysWow64\\CDDBControl.dll"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4BAFF01-F907-11D2-8F8F-00C04F4C3B9F}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BBF37B99-2F4F-11D3-B02F-00C04F4C0826}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FB9B3E2A-CCD4-434E-92DD-8703698B5E11}\ = "CddbCacheManager Class"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3836A5BF-51B3-4B37-8E96-9D429C22183C}\TypeLib	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2C767ED-0E50-4A1D-AF6E-EAF1F16EB1C2}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	vegas180.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	vegas180.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4012	Setup.exe
4012	Setup.exe
3024	msiexec.exe
3024	msiexec.exe
3024	msiexec.exe
3024	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4112	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4112	msiexec.exe
Token: SeSecurityPrivilege	3024	msiexec.exe
Token: SeCreateTokenPrivilege	4112	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4112	msiexec.exe
Token: SeLockMemoryPrivilege	4112	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4112	msiexec.exe
Token: SeMachineAccountPrivilege	4112	msiexec.exe
Token: SeTcbPrivilege	4112	msiexec.exe
Token: SeSecurityPrivilege	4112	msiexec.exe
Token: SeTakeOwnershipPrivilege	4112	msiexec.exe
Token: SeLoadDriverPrivilege	4112	msiexec.exe
Token: SeSystemProfilePrivilege	4112	msiexec.exe
Token: SeSystemtimePrivilege	4112	msiexec.exe
Token: SeProfSingleProcessPrivilege	4112	msiexec.exe
Token: SeIncBasePriorityPrivilege	4112	msiexec.exe
Token: SeCreatePagefilePrivilege	4112	msiexec.exe
Token: SeCreatePermanentPrivilege	4112	msiexec.exe
Token: SeBackupPrivilege	4112	msiexec.exe
Token: SeRestorePrivilege	4112	msiexec.exe
Token: SeShutdownPrivilege	4112	msiexec.exe
Token: SeDebugPrivilege	4112	msiexec.exe
Token: SeAuditPrivilege	4112	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4112	msiexec.exe
Token: SeChangeNotifyPrivilege	4112	msiexec.exe
Token: SeRemoteShutdownPrivilege	4112	msiexec.exe
Token: SeUndockPrivilege	4112	msiexec.exe
Token: SeSyncAgentPrivilege	4112	msiexec.exe
Token: SeEnableDelegationPrivilege	4112	msiexec.exe
Token: SeManageVolumePrivilege	4112	msiexec.exe
Token: SeImpersonatePrivilege	4112	msiexec.exe
Token: SeCreateGlobalPrivilege	4112	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe
Token: SeRestorePrivilege	3024	msiexec.exe
Token: SeTakeOwnershipPrivilege	3024	msiexec.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
3416	vegas180.exe
3416	vegas180.exe
1152	MiniSearchHost.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe
976	vegas180.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 4112	4012	Setup.exe	77
PID 4012 wrote to memory of 4112	4012	Setup.exe	77
PID 3024 wrote to memory of 4992	3024	msiexec.exe	81
PID 3024 wrote to memory of 4992	3024	msiexec.exe	81
PID 3024 wrote to memory of 4992	3024	msiexec.exe	81
PID 3024 wrote to memory of 2100	3024	msiexec.exe	82
PID 3024 wrote to memory of 2100	3024	msiexec.exe	82
PID 3024 wrote to memory of 1488	3024	msiexec.exe	83
PID 3024 wrote to memory of 1488	3024	msiexec.exe	83
PID 3024 wrote to memory of 4264	3024	msiexec.exe	84
PID 3024 wrote to memory of 4264	3024	msiexec.exe	84
PID 3024 wrote to memory of 3556	3024	msiexec.exe	85
PID 3024 wrote to memory of 3556	3024	msiexec.exe	85
PID 3024 wrote to memory of 1480	3024	msiexec.exe	86
PID 3024 wrote to memory of 1480	3024	msiexec.exe	86
PID 3024 wrote to memory of 4504	3024	msiexec.exe	87
PID 3024 wrote to memory of 4504	3024	msiexec.exe	87
PID 3024 wrote to memory of 544	3024	msiexec.exe	88
PID 3024 wrote to memory of 544	3024	msiexec.exe	88
PID 3024 wrote to memory of 2256	3024	msiexec.exe	89
PID 3024 wrote to memory of 2256	3024	msiexec.exe	89
PID 3024 wrote to memory of 1784	3024	msiexec.exe	90
PID 3024 wrote to memory of 1784	3024	msiexec.exe	90
PID 3024 wrote to memory of 3200	3024	msiexec.exe	91
PID 3024 wrote to memory of 3200	3024	msiexec.exe	91
PID 3024 wrote to memory of 4300	3024	msiexec.exe	92
PID 3024 wrote to memory of 4300	3024	msiexec.exe	92
PID 3024 wrote to memory of 492	3024	msiexec.exe	93
PID 3024 wrote to memory of 492	3024	msiexec.exe	93
PID 3024 wrote to memory of 1516	3024	msiexec.exe	94
PID 3024 wrote to memory of 1516	3024	msiexec.exe	94
PID 3024 wrote to memory of 1516	3024	msiexec.exe	94
PID 3024 wrote to memory of 1584	3024	msiexec.exe	95
PID 3024 wrote to memory of 1584	3024	msiexec.exe	95
PID 3024 wrote to memory of 1584	3024	msiexec.exe	95
PID 3024 wrote to memory of 2292	3024	msiexec.exe	96
PID 3024 wrote to memory of 2292	3024	msiexec.exe	96
PID 3024 wrote to memory of 2292	3024	msiexec.exe	96
PID 3024 wrote to memory of 1336	3024	msiexec.exe	97
PID 3024 wrote to memory of 1336	3024	msiexec.exe	97
PID 3024 wrote to memory of 4672	3024	msiexec.exe	98
PID 3024 wrote to memory of 4672	3024	msiexec.exe	98
PID 3024 wrote to memory of 3416	3024	msiexec.exe	99
PID 3024 wrote to memory of 3416	3024	msiexec.exe	99
PID 3416 wrote to memory of 4272	3416	vegas180.exe	101
PID 3416 wrote to memory of 4272	3416	vegas180.exe	101
PID 2100 wrote to memory of 2480	2100	MsiExec.exe	103
PID 2100 wrote to memory of 2480	2100	MsiExec.exe	103
PID 2100 wrote to memory of 2480	2100	MsiExec.exe	103
PID 2480 wrote to memory of 1868	2480	ngen.exe	105
PID 2480 wrote to memory of 1868	2480	ngen.exe	105
PID 2480 wrote to memory of 1868	2480	ngen.exe	105
PID 2480 wrote to memory of 3204	2480	ngen.exe	106
PID 2480 wrote to memory of 3204	2480	ngen.exe	106
PID 2480 wrote to memory of 3204	2480	ngen.exe	106
PID 2480 wrote to memory of 1796	2480	ngen.exe	107
PID 2480 wrote to memory of 1796	2480	ngen.exe	107
PID 2480 wrote to memory of 1796	2480	ngen.exe	107
PID 2480 wrote to memory of 3748	2480	ngen.exe	108
PID 2480 wrote to memory of 3748	2480	ngen.exe	108
PID 2480 wrote to memory of 3748	2480	ngen.exe	108
PID 2480 wrote to memory of 1080	2480	ngen.exe	109
PID 2480 wrote to memory of 1080	2480	ngen.exe	109
PID 2480 wrote to memory of 1080	2480	ngen.exe	109

C:\Users\Admin\AppData\Local\Temp\Sony Vegas Pro 18.0\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Sony Vegas Pro 18.0\Setup.exe"
1⤵
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\SYSTEM32\msiexec.exe
  "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi" /quiet /norestart /Liwear "C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_22052024-085813.log"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4112

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B2DA12BBBC36656467EBCC61860176EE
  2⤵
  - Loads dropped DLL
  PID:4992
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding E99ADBBBF68E96CCC718688817323420
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" Install "C:\Program Files\VEGAS\VEGAS Pro 18.0\bdmux\BdMuxServer.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 22c -Pipe 228 -Comment "NGen Worker Process"
      4⤵
      PID:1868
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 230 -InterruptEvent 0 -NGENProcess 304 -Pipe 2e8 -Comment "NGen Worker Process"
      4⤵
      PID:3204
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 308 -Pipe 310 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1796
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2ec -Pipe 320 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3748
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 324 -InterruptEvent 0 -NGENProcess 240 -Pipe 2f0 -Comment "NGen Worker Process"
      4⤵
      PID:1080
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 238 -Pipe 2e4 -Comment "NGen Worker Process"
      4⤵
      PID:3060
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 22c -Comment "NGen Worker Process"
      4⤵
      PID:4848
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2bc -Pipe 2c8 -Comment "NGen Worker Process"
      4⤵
      PID:2632
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2b8 -Comment "NGen Worker Process"
      4⤵
      PID:3352
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 238 -Pipe 2d8 -Comment "NGen Worker Process"
      4⤵
      PID:4540
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 314 -Pipe 2c0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1220
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 324 -Pipe 240 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3096
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 300 -Pipe 318 -Comment "NGen Worker Process"
      4⤵
      PID:3456
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 2dc -Pipe 300 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4184
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 2bc -Pipe 324 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3544
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 340 -Pipe 31c -Comment "NGen Worker Process"
      4⤵
      PID:1196
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 2d4 -Pipe 314 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3828
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 30c -Pipe 2d4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1336
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 344 -InterruptEvent 0 -NGENProcess 30c -Pipe 34c -Comment "NGen Worker Process"
      4⤵
      PID:2412
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 2bc -Pipe 32c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3092
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 338 -Pipe 2ec -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4780
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 350 -Pipe 328 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:3572
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d4 -InterruptEvent 0 -NGENProcess 308 -Pipe 344 -Comment "NGen Worker Process"
      4⤵
      PID:1372
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2d4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2332
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 350 -Pipe 308 -Comment "NGen Worker Process"
      4⤵
      PID:4748
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 30c -Pipe 338 -Comment "NGen Worker Process"
      4⤵
      PID:3432
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 354 -Pipe 360 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2564
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2dc -Pipe 33c -Comment "NGen Worker Process"
      4⤵
      PID:2904
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1528
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 354 -Pipe 2e0 -Comment "NGen Worker Process"
      4⤵
      PID:5068
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 364 -InterruptEvent 0 -NGENProcess 374 -Pipe 2d0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:1988
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 36c -Pipe 384 -Comment "NGen Worker Process"
      4⤵
      PID:784
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 390 -Pipe 368 -Comment "NGen Worker Process"
      4⤵
      PID:4496
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 36c -Pipe 398 -Comment "NGen Worker Process"
      4⤵
      PID:3064
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 390 -InterruptEvent 0 -NGENProcess 37c -Pipe 388 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:2344
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 35c -InterruptEvent 0 -NGENProcess 364 -Pipe 390 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:4264
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 37c -Pipe 2bc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      PID:904
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1488
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  PID:4264
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:3556
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1480
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:4504
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  PID:544
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:2256
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:1784
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:3200
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:4300
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:492
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBControl.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:1516
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBUI.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:1584
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\x86\sfvstproxystubx86.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:2292
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\sfvstwrap.dll"
  2⤵
  - Loads dropped DLL
  PID:1336
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding F197EEE7FEC164C78B57F480BB11A5CB E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:4672
- C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe
  "C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe" /register /user 1085
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3416
- - C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe
    "C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe"
    3⤵
    - Executes dropped EXE
    PID:4272

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe
"C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:976
- C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe
  "C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe"
  2⤵
  - Executes dropped EXE
  PID:3284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58b4fb.rbs

Filesize
504KB

MD5
6fedc1dc2a679f4f0047246a0f03e244

SHA1
eb96633a86e1c5bc605eb4f484f6113a43c11d0f

SHA256
352ca1347071c258f69fc1d25890cfa191b5eaf8b78b8ff277858872013e944f

SHA512
73fe87bfbfcaa4c424fc6182ed36ff7589e9502dfb5bdbac555fc3d857a477b45a70fe06d92ac81f30d95d0f638cf3b1b712712a8780b528131d09a033393527

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\so4compoundplug\mc_dec_mp4v.dll

Filesize
1.3MB

MD5
3c8a67f6443ca685751c14e1f8650107

SHA1
a14f7014e54aa5a6aac716be64ea55286fa5854a

SHA256
984530397a0239cf5ccfcddbe77664c4cd84978080d41daecbedf6782eb22aee

SHA512
24d3b2334592b8b756ecd1a00fa77075698be3ad7e169d7dc0b691a59244356514730eb77d22417e32fa38b65cd303997b28541ed9a7197aa5b223c8864134b5

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
850B

MD5
dbd78a11facc1c782a71427fd1a879cf

SHA1
677d5768c6bff40e3dde60f624df1d6c074ecf3e

SHA256
618a084f6a753286f891ddf153bbb0eb9b285ac9e0ec62d4da9205e50a82b8b0

SHA512
75a8f5813540aaf6d020908167454076d03dae5830b8f3ee66c4fd5fb7160e0364a4fcab3f78d17f468db9cac5cad5898c85616e55f122da2b715b69e42b26c3

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
1022B

MD5
c5dda0db146dfdc37da2f518de9dc987

SHA1
01ce960a6020983a83d7a5a2e1fed4aa1c34309a

SHA256
67f64622ec29127de8512071a591010e70d7d6237221d31f534add6702b8787b

SHA512
d119de14231ed67eb2b53e686a164e9194f8bf28967f802032abe6d8eb7af345f1546df62dc37f8e664992ab7e9f28be3e3cf866ab6f002e3de982a3e0dc9c06

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
4KB

MD5
f7f329de05c1d27aea93726d24d448b4

SHA1
b326b507a094f4ca103b0aef30893416ea0185b2

SHA256
c0f288435dc1be0382783368863f71db2a17b992b6af89884c34824a07c8813e

SHA512
08c31d8da98fa3a47c3bef3b7c83e85106e0b2bae0898764bb851ca0cc0575f71b5b74cc0f6b63909cea6cf020a203d355027c1a3e9c22866f099da3dae554c0

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
7KB

MD5
d756c8e81a5bb3e9444905fcdbc89486

SHA1
305f411a67669875fe497c1df91f1f4d66e1484a

SHA256
7fb3a647f975db0189829c1078a653b0e2e7e18d1f9888f5caf5889ea06ac97a

SHA512
1f18ecb483916cd89fd4ebfbbf2eb3bdbe9fba27708dc52ff0dd2df93dfc07f115fd8f369de84462444f6b42d75f65dc8b55ddea65245a853b948a52ee86fd6c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
8KB

MD5
724e53b8b366786810c9720f3c0c9336

SHA1
8fd096f799008ccef6691dcdcf8d986106c0327d

SHA256
676fd4d960ed840d4574f9d8afd31a5942acb1b6e52ea5db29317a269dae597f

SHA512
616342d1772a931aa3a60a1b7beb7cafb0f6f9aeb1830413c07816de42b7869e010633c3df1455a19fd505dc46431a14dc12af872496a25f4bb9a335ab80816c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
66B

MD5
07ed4ee4417494dd308b41be90ffe60f

SHA1
26ecb8a80034561830a78fa1ef7028ac04b00ae3

SHA256
29deb5cf1069418d89bf302b18356e7588c93d7167ff888f73dc91aea71dc1a4

SHA512
1c28eac12d3226bb43ba05ecc060f2c1d3dce03edaad2ef390ae2cd918fd7fe1abee96fa94f91a0d1e06204dc4ce46d8746211c0fb0c8c953c7c36ede03e2233

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
168B

MD5
c8f5ad45f8a858b0d38d2666c9c4b673

SHA1
e9c419c0b05e2b1a95a810e4ac13bcfc126aee54

SHA256
8a38a6f79d0af0bdf33fd2e11c1ce0d28cf43243ef2233a3c435b58a88e8fd17

SHA512
23664c6f3cfa37e20969ecbfb2e01a5e2348076f16d2f5897e9f1740f1d66b87e2d8c6c5ef37b59c723a1374b0a8061ea5d14efba7f28eb7b96e8d416406c8a9

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
622B

MD5
12b7c300c205a75d7f77581bc1cc9591

SHA1
15540881f8209959f86d472a2393cc94caf990d1

SHA256
a88434a7e1d730c682ecd60b849e619ac5b09cc9392b0ed6f0698fc529bf565c

SHA512
008a26dbfe9d38d01ff4ab7666a31948bb71830802940708b10fa43fb923a9f67b3520a643e0cf1036b31ba9a607381091918111e989998ad832588692457982

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
5KB

MD5
92d196fc888c7e30ddfe3ad842d89faa

SHA1
fa3921638c69f7bad325b656a3c488faddd1892c

SHA256
199ce7a6e4b73048254a923df4b8d920251da6acecba982d678670745aed2109

SHA512
9e208171caced835ac89580f1b3a09a71ee266c1031a7cad82cb19e440ef525f7f5eff39014c31a230be7e20e44f7ceb7446137a3c089432ef1a4c441366147e

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_fr_FR.cfg

Filesize
296B

MD5
4f3a807b273d7badcb1287bdb5d1e744

SHA1
77d54f66b81398032954c8bd669ddcaf0a909b82

SHA256
249329bd6e029b0c529e07faa33d8e174c8e0861c6bc4f73d5979b82e484d15d

SHA512
34cc6bb500e1471865015c8153414b78804afee0da3382158976dae276a6f59834e27e731181cb4eadcc7ec8a5e24494c1e00f42fe23167e31025351e5a9a27d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_fr_FR.cfg

Filesize
4KB

MD5
08c5078f559993008f994adc504ed729

SHA1
a874f81ebb51ee6328934a8fce4f45670bb4b6fe

SHA256
d4d352bf34db4db5d5a9fc96d499ac7ffe9900013c4872feb70fa917d2f1abd9

SHA512
48cff98d9672eecf04f3722ebe140371ef8e22b40708b4f21b5da922b1d95f4a1abebcdd7dbeab0ee01e350ab0a575496fdc37fcd67165603818685ca0e99e03

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_fr_FR.cfg

Filesize
5KB

MD5
47741c7ec83e9ff27b8f4dd675e5de37

SHA1
1022205217d72cf56c2a7caf08915bf0dbcb8fba

SHA256
6b8f461ec62bdff42d2be2622415dcd9bba08225594b406ac926ed85e23ef19b

SHA512
ff887ff0cf37e070318b0f693b3292079cc69683285b26febce694730fce83740f1a3fc0f7dccf3fd154b158020b680d25a638fa5200b197cf007a1cfd6f613c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ja_JP.cfg

Filesize
122B

MD5
48a632f92533a578b8a04776a959fccf

SHA1
b3631251c532a9a4cdd85e9c06da91f86b89053b

SHA256
f5e588dc8e4da2b8cc4bab169bea0f065817a245f3a2650aa919fe64ad388d3a

SHA512
a8f6f4df967d05dbce9878dc46db00846783a6ddbc58c6b821658deb6952b5b93e8117da2e192e44e22b9f9872ed202cddc0e3a81d10ceeb2597dfb5d2128a88

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ja_JP.cfg

Filesize
848B

MD5
394ae4fbb7241cb6767bf1dc2b28f441

SHA1
efbfedff992d0885d2a40e00a9b111fba321ed7e

SHA256
64ae1c39495bbbe43824680c19e2b1f5805949f010cbacc49996753472278212

SHA512
5450e84b40c68514e9cd0e76de5c6e9c8fcd72ae8c52f3982262e19b1089f24b7e26d9d4a69526d733a7af1cc06e22afaff63557b83a7af14a5a6fbe475d7c7c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ja_JP.cfg

Filesize
1KB

MD5
8927619bbd1a5de13d616951e22a0839

SHA1
c94f08f62351ae8a830cea74d6abfabae8ac81f6

SHA256
abb8a82a1a6d9250de0eaf9ff2a502e2d167a5134b1a1f7d66250138af4ccac7

SHA512
a519b4d64e5ef1b5a2572ab4a033ce59c065e8058080b2e992248ae5f3323f48c901b4cfc99caecc522febbc7aa33cc9c8aba3f8d50011d632379cba4a44c7f3

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
4KB

MD5
a9b500ff8228bfe64991ec084adaed42

SHA1
b640ce614bda9857febf86603e34b5fa04014b26

SHA256
bf6fa34717610131d7773092b7837a31ad736618d70ffc7f83bd95c7b22506a9

SHA512
223f1d4913175e0a1b5405f50e8a12f45de2c666d850d8d87924fd2f1af2d1e363f6e5e909ad67e0bac55b9771c6248833ef0b7c79d494a3121d4ef5aadc9aeb

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg

Filesize
1KB

MD5
a1dc91632547eeea12b0fb89059ccc92

SHA1
b0843e33903c64a23600d00badbfe451ffd5c768

SHA256
f11086062faa9a45d227dbbc9d4a19cd55afb4d242ca1a1c72aed7fc44d039a9

SHA512
52e66272f609056910d87c38e8bf44d086e061f30957f49e4ab2d4d4e53fecfa43304fe32a293b6d8e3019a899d5d582ad7ad43e343debfebb772867c581f70d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg

Filesize
4KB

MD5
f0f06689f028fcbe87365cf4767673cb

SHA1
9917e9ab1c15f60770fa3e3d89c5f398f4f13f86

SHA256
8d62ed6d16d4ae57ef533758d429f17c4ae911b1ceccc3429cb32094264a9c2d

SHA512
192f2cc6eef4c171df30efb9abdaff82e03c0cba1d904d10a7586cf4a13336629d8798881ff5c9871a23fa18426183a3ebc4daa2a711ea60c8dc5c1258c0f4d6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
392B

MD5
cf6413e12773c770d86c0a586d02d4eb

SHA1
2683d371feb1fa1d22b16a77c206d637a15a3045

SHA256
590a1886c7d064d6a2e434a8114620288dca5ec1a82029026463148e61ecb689

SHA512
30431d7cb9780c32a7a8f4cb1d3755da004adfd00a48488fb8aaa7b1d12cbd5d3611d4b1ac4847ff55eff4a004eed6803426e8297b3e1fc5122b79874fa78eff

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
1KB

MD5
71fd8abf377040ca9be616bb715ddfee

SHA1
2159a5ccba359697e6e248895fc655e017f815d3

SHA256
948d47156621532a22bc508ec95e47d1b7cea9dd71e5d05f723be22f9a026b5b

SHA512
9049e52405d53d1ab977a37b009152ab3ec18f80aafa4f108474f18d253504b6aabaea4e3804bc5faa07d952dc96f764dddfba91e8c9b87369ca48ec1b72b9c1

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
3KB

MD5
9c0f1ca9ed675b1480fe270bf744eac0

SHA1
51f8ecf9aa8d85beac9f26aea6dd17d701ce5840

SHA256
6fba2ad7ee249bef4764d048beb136e1303e18a4efee9b77424422fdd4a65773

SHA512
dd71ec3f016141f5ff9a1cf83ef921817602347c7a277b70db34270c8804e004cb2c1c3b67008120870fd48099b7b0a118c85922e5810ff6975ce02266198555

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
4KB

MD5
6530e6e011832b3908a7f8f9d62dff5d

SHA1
a8823627b6fb6d40696fb093730f4bf0fcaef217

SHA256
b3177aad717381b2bb007faf914eae694b7bbedd55d7965551717d9f7dc327a4

SHA512
79ce085fe0c7542042be06dd5ded978f4427ba20cffa0eab8c203766ca791217f47200adbc5dd906256f8cb2d263fb7723c21ca2485998659d4cfea4f86103ef

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.ko-KR.xml

Filesize
122KB

MD5
525763c8338bc74c4b556c2640bd1394

SHA1
7b4d894253adaca84f30147431096cb4e7ad048d

SHA256
4366790b1f64ba66f92ae7194b1e7ccd4397eacc1a65ba144d1e185fc7ee2f9b

SHA512
5a313f20e7735bede91a18ae13d5b6baba949af3bd5d121f91eb726717bdc2e132475f84c8a39fa6631099045fd338939a0482aaaa0ed7226c70c7e74a77df5d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\install.cfg

Filesize
134B

MD5
98d830de777bad5acf1a1c87d01c4468

SHA1
4de0feb99e75967fc36b916f36310d4631e65ad0

SHA256
2395dced50fff6e9fb3ccfab65a7c92f0a6c11fff94432f307881c78c4262c5d

SHA512
e50847027c4754c449ab0a6b44d3e90b9bbe211c3150936f2a60e7d2a5fea2f07cd2719c3fd2fa04359ef1d98acf26ca023a0d8e328ddb0da4605ba57b24bdb0

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\install.cfg

Filesize
1KB

MD5
6417fc6904f03d94f4552e40fbb3f8e6

SHA1
52a2d9890833f76af55807a2064381fd042894c7

SHA256
83186d422815d40995cea7818b693773b21e8ecdb8e37bc66e2a48484209a3fe

SHA512
8754e285f756fcd342a86c8c2f59c331f9443c06285f1cde38cb25a4fb9dccfe66dd0683f756a87bfdfb17199ada2b75c4de95c243ebeef81444e6b0795c1be1

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_nb_NO.rtf

Filesize
2KB

MD5
fa703609338cc05f182d4d0d7d07fb1c

SHA1
cc34fc7d8282a2fc2bc4610ac671dce0b82661f7

SHA256
5a31feaa4bdbc96da11a4f68a7fcb36bb791dc073b41e109f7d085dd008790bc

SHA512
05e30eed8c0d921e721d3382dc26bbbef047ce77564c5926c122477500f28ae11e63522e93dd119436717878fa065d4d83e02f33d2c4e71c2c9eb1ca73412e08

Download Submit
C:\ProgramData\VEGAS\VEGAS_Pro_18\installation.ini

Filesize
402B

MD5
d17308cbb1eade9b9766aeffd58718c6

SHA1
273fb6b5a64c9c9260c2e4bc86349143dee2c644

SHA256
9ce170f0878e9ecbc0e0aad8f526a443cb045789ba5544c880b7d15846864b4f

SHA512
babcad46f5dd451ce897373a48be594812c010fe598f469a52dd2bee5d5ce6ea576447ac72ef8d9182736a36ff72b2fa05539922d4db45c317c44de8c7e67d47

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
6547048d54f129239979a2f57865c34b

SHA1
7f3e91dbc41fc4333fa265e8595a8952fc4a2245

SHA256
8dc73166fd739c0b04029efbbe15e220911d423517010b7c48adc32bdb96f527

SHA512
be8f7321e34917d5818f9966db04cd6056523329e2c9a6bf6bded199cbc129b936dc8cf51bd5e73e558c99a89ba2872ee3d9a5f5c999a659bdfe6020be9f2768

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\EULA_enu.rtf

Filesize
12KB

MD5
f837aad5657b429f561814f4742c1f84

SHA1
5f2449c578aed744a49e42a82c16495588797d6a

SHA256
47e73f90e0af59acafa197ed07e71cd8d6c45a26a3582012c0664a3eddd99638

SHA512
bf23df16b0823e7a4ec09fba830408a6cf79540176163a558c67cdc4ad1fa495864057f60882693a76959fbb41b08b516b47beeddb95cb603abd4dae8d76f615

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\autorun.dat

Filesize
20B

MD5
1873c3760f642291c0530fedbc57a13a

SHA1
b18c0966fe4a872037c05a8c2ebf603ee1ff1af7

SHA256
1761fd6ae23db6e83ed04efb8cc9ca7c4c536e91043ac9004d443ac1eee0f533

SHA512
be1a24e15c73016a1423942e62f14a4307bd6b3136f75fa204a2ae886614de1a5a09cdcde9fd512e061b246d0e53233d040ca65e9f9739a27db27dba49416e1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\inst_banner.bmp

Filesize
210KB

MD5
71b93e7050c89122d3a3eb37ca0b97fe

SHA1
784a170828d71fcf9b64a6542dcf9065d4b96e87

SHA256
08734a6c333d3eea6f5293ef1560d01e431a3d394122d5f48d5ab3100727e86e

SHA512
222c182df3eecb28cea5fea0e94cbd6945da59f778a1dc80a3a1f922c31ac78db2be3ebcccc4c97fdc923ae5f101979cfe91c8e2c1bebc1960bfc4ecaa8efdac

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\redist.msi

Filesize
49.9MB

MD5
e6801cf002699ff8cfcd2b099fcefaeb

SHA1
37b58c13c284af48a2acfcc6875944bccebe00d5

SHA256
51363501212dae8bc9b33c8aec711271d311f2f360ebc620c20d36ed714995f9

SHA512
bed4d17102288fecc044fbace08b560d3597fca962ad0eebff6f094378870843904a7afeb6e7e790da2420414950e977e1ba4a0501c958abc1b8e5a040367ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\request.ini

Filesize
151B

MD5
fa9ff3978ffde13fec5f6cb8298e750f

SHA1
b7f9a156ad1c5ba3802e7b6e9d12575bb89530ad

SHA256
83b31db9d0fb7204373e94e64de5a0442bc951e8071ede45bbe3b548977adeb6

SHA512
de2a2a6d30d3cb3cdfcb57883c564a015ce5b784d1895f5fe0034e3b241b4a9f71a2d3492611dd31fd118c052f4190ed3e3f8cc59e606ab012e56a6aa6d1b6e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\sonyinstall_x64.dll

Filesize
3.0MB

MD5
6cbb63c002bf04a8489ea320421e01e6

SHA1
1a8d18fb070773427343e746374c8d36c568e8c1

SHA256
7a679410002709fc21bf9a5b56c1fd097a556eb31b71547e309f24b23a9d92fa

SHA512
8b62795b0a886d3fca1c050faf89237c0b364b703cbff9c8cbc377205b8cdea0321910e268862fd0cbb3d78b362ec59066cc3f125887a00d72a073cd328272ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180.msi

Filesize
2.8MB

MD5
94a59313dd9592b79b3b03888167bbd0

SHA1
02f36fc109ddf9fd86924e88938410ea6f7eab2f

SHA256
30e1409e709335647a191c2a6310a5dd8909183577b8dc55168bb8d20fa71068

SHA512
7934b07f2ac3e04594c1235ac4ce72a09cd55d053c23c0ca39b42987cf65f6d3028cb10530e3c8bfcafd1f80fbb452ca899dd545291d8162d06aacafd496d839

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180.udat

Filesize
604KB

MD5
e34227582523dd5d6450d2a48e742d79

SHA1
0e7ad3795405d5eb2122fde5f0fc66ce74e1c855

SHA256
883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932

SHA512
cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\Monitor3D.cab

Filesize
922KB

MD5
5bcd6a6e167ae358fa7de5e8ce5d497e

SHA1
bd321d42428190e03a5e6f53721caea38b41d46f

SHA256
94d23df4013482606390f5b2532c870e21cfe1b9177f566b47c7d28bfe92d19b

SHA512
80b7d0b34047fafb04a7d7ac815a34d222a7e31e3527b76f7a1a1be5485ceec479e0e5518d63131f7f0da6b7dfd58f9af263b23feeedec01d12588b95e24eac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\OFXFilters.cab

Filesize
3.1MB

MD5
1e7a33078135779ecf9e7878cce505c2

SHA1
31e6bf27a290c55cfa34c96b43e1bfaf0c20702d

SHA256
881528d4990af3ac3274dda21081585a38260f7700bb907ef60f98078dc88c13

SHA512
57e766d095aea18a9296155b85a2fdae6567d285003512db659324f50d6e8c3b636243c11c954ca2d27836fb862bc6a98f2a5d04c5aa2b19ebe2e72a705aa4e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\ac3studioplug.cab

Filesize
1.6MB

MD5
ddd0ad783e98df4e406afa6eb87d6b26

SHA1
c140cfe33cba8eeb55f6d448720f49e2809a295b

SHA256
f7ac37497b93b8c8f2d1e0dce2ada71ab08ebac623c31a2521e2bd3848a7918f

SHA512
6639c595c546f9d8295bbc4a44da205b6c1975c899d749177641670449abc6eafd62e8a699fc38f89c603c37477b697a113d3dd21ef07b850603848b1f5b1356

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\aifplug.cab

Filesize
2.0MB

MD5
034450693e67618dd3353199758a02d0

SHA1
8f7bd82c47e2d3ed7743f291144faac78338b570

SHA256
3fa579e04ae9832cae77eded7232283fc793d0dd168815d0f1e486a6850a993a

SHA512
c9c0633c5ac59df023bf97b3d3bc035669fb14ac0273a11e3c3d2cc3fefd9039a9932173ba073d9dfe316af9b5545dcfca93f88ad1ccf2d282b148c620b01c78

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\atracplug.cab

Filesize
527KB

MD5
09fa7f36e7f5444a863030c331c12926

SHA1
b275ce8795b60031391f80cf8fff2708e036be17

SHA256
72fff6844c6dcbf1cd510eeb3fd2580f5ac8f82498e13e4b5c3b76a825d4316e

SHA512
eb540025feed6d4a57e4117a1ec310a2da871ff156a2887b73dd743b7b98981f63327b05ab50618c6ed9816f7711d0c46d47fb65b9fe53a8ed08b85f10ec3d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\aviplug.cab

Filesize
355KB

MD5
69cc7216a2aff0690cc14d70f4e31362

SHA1
027b127130b1c0e1ab3378e4261ed979594bb96b

SHA256
01c50e59208d504f9c5926b929a0aa6ad8b02a5dc61141d6e9719067e5e056a4

SHA512
4fccf427f242609846c2fff5695063f737ce50b0a4cf323fb51832faea4a48e07c98d8c564a956eb09d0e3b7b45748f05dcdd0fc1e4a4bb4958466f0a0f58bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\cddb.cab

Filesize
742KB

MD5
f507dd458568b422a08e065503310e06

SHA1
296abfcd40d7d3065268b04aaae72889a80ba7dd

SHA256
8c02e481770497824a72fd3b3549dfcc21fa8ee0e1a2f645e8d0278d3d2c60f8

SHA512
4a0441c69b7e3c341746a1e78ad7b6e44865e7cc670d2ab6cc8a715d3b53b393c951dfbe83a70e3e0e95ae4180df37d8863e6187c7af6c50ac640a5567d4cf1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\errorreport.cab

Filesize
6.7MB

MD5
6b1f70a954748b02393d2021316789cb

SHA1
e0fb19813e61624d037898196d3e0ae1fd9d34dd

SHA256
a621f2cf23677a19c790577f5d4a049d3de5eb4024268dfcea39f563ba8bc753

SHA512
8984cfc04e4dbab8550e938cde51d7f7f8c6ea705a8bda2a2e0376e06564fab0f3a64354c05347995599e46787e92a6dfe00608b98a15ff1e2efa8a84525e143

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\exctrldr.cab

Filesize
11.0MB

MD5
8948b87b32e1782036d2d7b1abf3acd6

SHA1
52a6d343db02e965f037840d05b004c6b9a97afb

SHA256
d65fdb74efcbd271fd021b430414a7d1837b7ca6e6cd27bcee0e9872ffad5581

SHA512
844f1ed15122b57e6bf3e4f1878f67c1481d3c2799c34edb868fcce48ffac597f2e98c2c9b2c345fd1e69e61d45a598cdc8b86264b4dd7e1a803d2720becf729

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\extvid.cab

Filesize
2.5MB

MD5
1b02be6464c5b77333860ce189ba8d2c

SHA1
286037eb03910d6a7a25f9618d9458040e670fe1

SHA256
5b1173cbe86c5ed15628796f6aa8f0ca767a982e5cc58a9d3702bd80e47915cd

SHA512
5b5fddb08e8dc1e8c64c5c6895b7eb07fa2046db79b5dddf069a3ff1e74120ea5a0f2c84e0c758ee476d08ef7d24d600b674c9fbff664235540498f9d5c8beba

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\extvid_aja.cab

Filesize
306KB

MD5
a92d425f7af1b7c64a0eebe09d492eea

SHA1
78374be2cb8956d39225dd78a419501ee33d434b

SHA256
fb0667908415dcf91bffdf8c2acda16048ccc139a3aceae7f7f2700075f4eef2

SHA512
34c5eb8f63c205825588e64384462834a5c72f68fd6f30b83863a0b2b6ceb09989fb4c6a7de1241bcbe1cbe9689fa0c33926a04de9ec698d8e3337d59f4bd5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\extvid_decklink.cab

Filesize
803KB

MD5
f426b90f1fbc49473315d5214e51a8bd

SHA1
232d631a552b54a07eaf1a8773b26181c60b44dd

SHA256
e842465e8c741d7cc2d7a691e804d451f62fdd109da0f0505ca763779c41761f

SHA512
352459fd79a405cc0e8afbc823959d20478b2649e7d98262f882f5f21c820d3f3532e01706e5fa3eb5d7853290b70a0c176dd198a4f47c0a11baf6939a048f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\fileio.cab

Filesize
4.6MB

MD5
c5092228e8cbd1046af8965556814030

SHA1
b4bc6f046be6e534cc2a48fa1fb87d81a3986dab

SHA256
2e98ddff14f14fe71bb673751b202664f0b127c742a4187da763ddba550541db

SHA512
0f084daf64b1c370df3ee4c061845523b32abf2a4dbba1942a8646835255a291a4127fa2680afa7df89dd1cd89bef20b13575530dd96eabacd10939b12ec540e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\fileiosurrogate.cab

Filesize
1.4MB

MD5
fa929cb3fd73e5bd508728c816a64ce5

SHA1
bc4cbb28b86daf56fa1c4ba952bedb086f5d9c63

SHA256
a41d0d7179eff616e1bebe014ff65562f42c4db18f707a27cbf4f26068200781

SHA512
d29522b803ed63274e2326d6a6d81cedf7dc886646874681278c7e76d783489c2e9f5880966c6946c908ea4a6bcb2074843ff7639e894edb17d628992b5e052d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\flacplug.cab

Filesize
309KB

MD5
a3c97d14693fa9a433f81957a8cf3f4f

SHA1
bf4e919146992cb42e7fe11fa25fabd796916218

SHA256
40941492c774bb15051a7a2f8f4a6d861e951cd57c40f0bb33f8c5d1446a9d3e

SHA512
d65d0faa7b6f7c1141af6c71a47e15a2e9c6a5bcab90ba916cd5028182536ab8b1282b42546295bfdef368f629c3e49d9bc853610a05d1c46e6bd85ee3d35b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\gifplug.cab

Filesize
54KB

MD5
adee6ca6a96a827a3026e0604eb6e00f

SHA1
849d6b2a32de5d157bcef59a8771067d7c0218db

SHA256
ff28c6ab201ff93412fe235c91ffdfd45a86362bd082533d047ee387cf6bc4c3

SHA512
2f5afcf053e296cb16ab7e6f0f4b3be98ace50174dbe14c049f3104103daffde56e6755759eb061dd4c38212efffaf9b7334fd0dad5dd73e31b5439dca5b76dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\imapi.cab

Filesize
838KB

MD5
b2bb0de58aafc9dc980dabf3d36551c8

SHA1
4bbd398342202656b037cdfb156b4967d9311b72

SHA256
66c985004edb1765516068b60e477ebe91d4d00bfe1697dde4530246b5b2ddcf

SHA512
9fa552965870c1844134168278c1c10eeccf8419cfb7c25d16cf49f54b1f004af81802cd5b85dcd4f7de202155a6cabd610a4a9d3a95f68a6c71bcdc36cfa5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\joystick.cab

Filesize
2KB

MD5
5fee4e7cb96af2ada8ca385abe8eb415

SHA1
77f11b444be7bf6f1756e8770f9da8b2ce289b77

SHA256
70f6c803dd90c33302a9961544af414b6a5a08fdbf55f670252f3fc000fd03ef

SHA512
24dbe9e9a4b2f38cf380f1e055ae939d293d90d37b712de88cc481e0bd623bec438682294bb7d8a5b694a1e2c9bb5fb5f0d6978d13d3140c9dd2ec024502e536

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\layouts_vegas.cab

Filesize
3KB

MD5
932e86b3584b516ff25ec040027ac838

SHA1
3b4a867998fd4ac2cd77d84f2c36c68364005545

SHA256
9e6c11f3fe2fe294771c9495399cdd33463286e45259300a72d3c1e6eb01659b

SHA512
d70e7f2fa83d807435b30ac9dbefff7c7f5238853c3210c8306380ab3bc242f185d47f24dd70cd5fee724798001e5d093904b9abd520cae58ef42ae6b4dcc37b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\log4net.cab

Filesize
88KB

MD5
b1048dca918ae1ec5a2358cd0309b272

SHA1
008a68adb6ab30dc103c8aaeb1dbc651be3925cc

SHA256
8eebce8fc808071cad07f9e241fc55cde8290edfa8ed6ac3cef4f12301719c49

SHA512
063e4cb329f35f397660f6ad11451e7ee20e5a3de2b7c0a837d6ff7e981d1391b3c8e7a28a3babee2bdf0c2820a94bd460de0815cb63c575f647878d2411e2c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\mchammer.cab

Filesize
1.1MB

MD5
cc0cf9299c3492c232a79fdd5c72677e

SHA1
a096b3dc402722ea68bee54e779f83743f9c55d6

SHA256
93962182e3a212a43a6cf2d7c1aeee5a6d8a1f2a86377d4be63a775c69fc84cd

SHA512
28b78ee8b96a8423327962a8ef8a807f5536e12768a93bfb662b0e2d56bef41a1a431d71f19df469ab7a62411942f409100e35446a0b9283c4e887ead4aec7af

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\mcplug2.cab

Filesize
5.4MB

MD5
36ec2c68aad12f2b0a656edf531f4f94

SHA1
da2177b426c3445d60d1e8c00a412db67c6dccba

SHA256
8a391aae8ffc5d0dfdd97b423583daa21b21408c665d8cd1c7d42ddb83e17f85

SHA512
9fff509a292def126ad5e46d95f8698a3e983e9990f5eb67d17399e3d282d767db6bb7d5c7dd4b506f9ac7bee7cb17c3d4700fc9ba44a2611606364ce9f38d21

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\mp3plug2.cab

Filesize
553KB

MD5
7811797e6276ce4fa437732fe59a6875

SHA1
89bf880976978d29257e5c5d1cb924ca0cf66d91

SHA256
5acd21c5420e4d77f47b3550d2e0977f29b679b6dc855045f2851d11e591d9af

SHA512
7996f7b5fea462febb44bef1adabba51ce8edb9dcbf94933e3fc9c606fded65090b0b9341b32938a24a04955089ac6f21ffc463dee5bd8502ce45fd347231a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\ngen.cab

Filesize
14KB

MD5
1c444923478ac477503276e9cbde010e

SHA1
0c95d5d89f2d7d41a4387fd3665ce92a98847663

SHA256
444b6a0995a16cd9cb5b84b9a5ab3c6773249e9af081a5d1372de051f21c1069

SHA512
5d77b8d03fe41eead6fe813249984169d604447aa6ed5d2b3a4584e242a6683c488a5ca2b3c6a87ec30f31fab36f10f35cabb78d5ac4342391163ef1dc90ba01

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\oggplug.cab

Filesize
1.8MB

MD5
2160af908fa3da38f5214652bc79eb9f

SHA1
0fbf51f368ec7d90d01335fe8e72588ba4484dcc

SHA256
fac164c94d0f4a86dec815159b6942cb41ffa12ec485c19c9552e960356f7b70

SHA512
c567201b1e912505ebf191cc83eadeca9b9d637ed166d260629c098ef7fdfd74504321561da0810d0450de553d4da2ae048f7df5be003ff34244fdfba78d3959

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\qt7plug.cab

Filesize
454KB

MD5
1bd834cfda1bf770a4880ad40184e58d

SHA1
63b0a1af0a475a3eb6bb15a9a4df518501e2995a

SHA256
613f529f95d9a9f2a9d0b1b4c527edab4e411c15720348bf5562fd5dc5d7801d

SHA512
e47bbb611cee5442470095f12c8116b52e5d3e5cfc51518e8d67a679ed13e28664e471cf924aa5d0a3f4e08b7c9c5e9185ea6de72857d141f01a232fe7891add

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\readme_vegas.cab

Filesize
58KB

MD5
1897cbbb03a46fe81737e5f513903511

SHA1
f1113487157054836667cc8c0719b440a23e2dbe

SHA256
a5ee79e73a8d89ef76a1d402cd666d35e9ca398a2f972179bcb2123d5086b959

SHA512
0ecf30d3235b52b1e99c97d7e209c922136989777d235ba5f2a47c872f23eaa6d1ee824f6af7ec60ac08a2f85cb9908198accde064713bdc82b471673850ed22

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\redplug.cab

Filesize
7.2MB

MD5
c2471d461dad0397e321322e3532ec47

SHA1
5bf0338e633768f3114f2b7809baff711ff568ce

SHA256
a402e1ad66c069a5917362da6adb0a689271288e98ff2630088dd4eb81275380

SHA512
123cd1fd81beb7ec3635a262921eed9b824a0ffc27af6232910645a30921a79afc96f976e31675f730f1a4301f5c2285900bb6ec91475127061d334532c33c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\scripts.cab

Filesize
21KB

MD5
30a4e33914cfdec94038ee609f85f67b

SHA1
13f1318033e88e43c7ffe5c655d8c1678da33824

SHA256
d0c2b5839cbbeae0b67136bf11c2bb253fb02ca4e9206115e84b5faf5af5f197

SHA512
7191e5827e467b307bfe89453470abf5f4df48d2353018c9b26bd7e7e774b6b3a129f76d7eb16702ac746054b4ab0b94a9513b2ef3c9f85ebd941d109f741326

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sctplug.cab

Filesize
2.0MB

MD5
58efe8e18686538956f665bfb80db4b4

SHA1
0a703b7186214d19c2046aa3552ec51cd054379b

SHA256
06e3abf6fdaa037c128faf94c9cc6781d619fdfab2f5ce8910925f4eafb4ad26

SHA512
b0497d23e4d0890de4dc380a0bf92d8b847c02f97c63324494478836c52d594968b242d0fcdc7912b73e053f1bfbc30e3be6e387888df0b4aa2ee5fb1a785e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sffrgpnv.cab

Filesize
1.2MB

MD5
e97a61f59b5d9a9faa6cf950b6cb69e6

SHA1
536a9d80d5728068b7f60ddcb5fa4c754f7581e9

SHA256
313f87dbd4de26b236736c6364aa6eb6d7e486ec9dcb855f5e0c9de912640348

SHA512
c296dab03ef6d4e6426b59e08e560ef3d6ca010570fd427c253b22e8f091db14429092321d3b8a323bf60ebceb96362c3a95f7b09266a93914aee3dc845511e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfpaplug.cab

Filesize
2.0MB

MD5
91cc20ba424f606daa79f5a72284636d

SHA1
2420d65ba1c6d602c8dd20ef1438baa49bb7f1cf

SHA256
2ec8502a787062c61284065b9600428f89032fce8745bfc748623515266522cd

SHA512
9b7d0e136d4cbf414774c314cdcfc780088d93ebfd4e5ce5a98dbfa6f3befb7bc8cfe52558bc10c6b9373d6913a9769cf2f2377e41ee86aaacd535ef69aaf161

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfppack1.cab

Filesize
2.0MB

MD5
8a9c33b527c031ea38db9ab32e3346f0

SHA1
1e122a100fdca00c859783d26ecba86e0230c766

SHA256
eafa97e73c19cb532075b64a65dd5c79af5e9b7c12c35d70860d24c3449bb83d

SHA512
fe059ed1253b25c25f6b8713c9793e50f3326b1790ac646fe401588cf1d7e81bb5b819d412daf649b66d5884884a8a6c245c2fe6f58d4157484385e218a47663

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfppack2.cab

Filesize
2.1MB

MD5
8b477059d3bb59d1b78d619e666ea971

SHA1
f69c1d8d8bbfe9a85feea80a10f4867331fee93c

SHA256
347fc982ab5aa0172da2551113791351f3eb7e4060eee69e1e763e99d825993e

SHA512
7f22f586d10ce3771d25cb2061cd73db32e9ac15bcd0f9d84fa3c2ed076c569afe260f0c619eecd406ba34074ed37cc9722917f2bc740e41c541914a2c579b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfppack3.cab

Filesize
1.9MB

MD5
32d05310e05a1664d5abcdf220e4e63d

SHA1
151da26229e83b1114a2cc329cada299d0363900

SHA256
6e6c31a6e343c719e44974fb979b15ba23e09c809d92769e02241a68855a33a5

SHA512
83d06fef7c21530257032939ae68bfb348849283693d73cdc9b72be05f1a239e026045a4d36a526bc6e60a0bc8c235773976b64787b64193c5eb71e38f4dfc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfresfilter.cab

Filesize
1.6MB

MD5
9f1b20a1b9d4390c2febeaf99ad9d2f6

SHA1
736a3bcd9bee05370dc52920a501d9fe183db984

SHA256
aa7cd77022b3f9f58efa44d0e3593b59f7f4f96d7e86a38bf38e212578fb1262

SHA512
bd5cf985afe7ca0e406a857b7d21e1001d91a3880c6d7df1b29f13da1b066e3936c5affc9a0a7a10d50dc4f79561593d3dcd364102a791edad41af3fecbf98c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sftrkfx1.cab

Filesize
1.6MB

MD5
c28993b0a9852c054db55bb49b43e167

SHA1
acfe77c3c409fca4d4731b916de6c1b147107beb

SHA256
01b67095a92a093c78bc47b7669b68a68e6885a0f1f9afb749eabf3341b52e02

SHA512
7c59572529dec097492c6664791404246554f662ce7bf9ef899f0dd7d5e87b5123f1e8caf681eb8ff058d8cd05c0f08031a96a89319e025463c7fd83c0906008

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfvstwrap.cab

Filesize
3.1MB

MD5
2031c9b18d6adc2a6d9852f3b2a6a040

SHA1
2cfd3a91842e90018bacf74f44208db6b38a4fdc

SHA256
610f9bd1e8be637a0b0fe4618b91c2da0640a898dbd1ec829949790683e4e594

SHA512
bfa2e3f273b10f43db5bee509f85f597f095cf1361a749accb36269ff802dd9dd0fbced95b2ac5105e131b49caeba24830d353368ea81e5a7c39b4f710c908dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfxpfx1.cab

Filesize
1.4MB

MD5
e0bfb0bdcb2399bcba5bbd070590da1c

SHA1
98ee02157e74d488bc7280605ddd569054fce893

SHA256
c858df38b9d663fa667d537cd05bdd18278f12c4416bc50c1cde22705d19c951

SHA512
41194bb5893c259abc5c2c9620d81eb5ee85c8e66e6ac4e75b1a3ce1a3c99a9651c530d15f6eddde12920800c4bbc7e17f85413be8609e233241cbbdc2144389

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfxpfx2.cab

Filesize
1.2MB

MD5
350e0dcc10d0aea97526d001107cd511

SHA1
79e8eb921d2c294d7eff5fdda1de19291f80a3e0

SHA256
f0715826929340866430f414a640deed290ab6ab2e79750cb08bdd4fdaef9c01

SHA512
27e3b69e517f161bada5464fe2890610126c60bdc83a2a556545d5f0bb55e6a2afca1e10055b0bf6ab4fdb6d62508bd230a804f83f9dd7d37645005a31d1615a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sfxpfx3.cab

Filesize
1.3MB

MD5
8f594cddf3839a2285f69eba31f9c206

SHA1
cd66c1f9c6258c6bc2fc476f8d04409b28195a89

SHA256
714c80d2006d05f365d307d599f6053cb3e059214c37707b7c6a1d0d838df9a4

SHA512
5ae6982f54f14a20b7417d282018e1dfc3beca2049ea02dd92258606f29366b3927bf1457fb8105ccc4dd41d0b5a23fea67bbd563620ac051abd26de1a0d2031

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\shuttle_vegas.cab

Filesize
1KB

MD5
fbdd5c5d4936ffe3323603d931c4b909

SHA1
962fec19ee5ab2afb5c4a607b20498979251b674

SHA256
bb7397551440460eb4d6cc96407658f63dd7aefbf24f7dbf306009c390c3da28

SHA512
3dd716b37bd71cd277027e24a19370df902a72d50287375a94c56ac582c95adfeac950f3ec4e58f45dbb60bf609c8b59b2c5ab76f0b022eed0d84b185453bbfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\skins.cab

Filesize
35KB

MD5
e8311fb069e5de5db8608619e976300e

SHA1
e7bc847d6daaa80d152747e435dcce3178d4ff92

SHA256
09c41fc7d26fad24a59172081ebb20225bead2d57bc261ee2cd7d74a4df68f92

SHA512
d0e71e227af112be0ae069f24605667b3c17b46401d9284ae9885ebe075d709f57d27f026f27eea291c152fdb04ea7c13a60d9cd9c7842640a53063db933c598

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonycapture.cab

Filesize
173KB

MD5
7d8648d89ec6e05e6c85b8ea2a91189d

SHA1
0468961920ffddbb3694c53508fe717726e83fcd

SHA256
4caf36595134e7a6967166c4ba3ef3aa2ee72d16add183260ca6f3d853c1c9cc

SHA512
7c8ce685c7d926163c1f5fcfcadc0e0b09e67a227776e963f05c81ca83a61f9bfb62e72414114c7d87d532adfc80a80584a165eae708d201652b7921a5a05812

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonyclrshared.cab

Filesize
203KB

MD5
f7838e80060325551b3da5070f49f23e

SHA1
af180fdd5530b574940d5db142505018e2dfb5b4

SHA256
f7fac7742cfb4732acbbff5ccc233afd117b392d122a4218ef398d0d069f922a

SHA512
eba160747b00c8e76c4192416727ca2de3e67cc4d005da5875f0164b5c994a73ede8ce2cdbb29769232c7d51127b9da3376c6feaf771a018154378269adc1303

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonydeviceexp.cab

Filesize
242KB

MD5
62b4eb166835fba71c18b50b3301ea63

SHA1
0fde0a4a9d14b5abb84ac8995fdc0fc5cfaea476

SHA256
51c01d31881a0ce38828633fda25d6127de75b591cb16052dc423386fbc7fec2

SHA512
fd58c7a44ca2dd76e9ed23858da8b150faad46f0b912cc60fe37c1c98f6ab14a00bab455f072aa520f3b3577e346d262660ca44fc829fe2bea46b86fb6391442

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonyexternalviddev.cab

Filesize
206KB

MD5
b99f4e2844ce81592d85014ea5804213

SHA1
b2b15cb66752164fd514070974e36aaf3cc9efb3

SHA256
7251413ff0284780e5985941fafd50f76d90500206ef94755b39f4b2aa126942

SHA512
fc740f6684f4cb93c7d9348c9331957613b269048639c6316333c584dcdd71d6fdec42531aef204ba77966b9db6425899b6f4ef336fe467f529d2fc97120e243

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\sonyvegasdll.cab

Filesize
313KB

MD5
bca0d902616c837bf64db9bfc72dc967

SHA1
12e346a4125531a16f9d605aa87f7dad78d84945

SHA256
9039c56c15bde2f4a0a7b06f19210ec5daddaf8a82bcc0d711eac78fab9b9804

SHA512
18606ac5cfc71e2f6172014a5b7bb5ee3eec24f40ee915bb71beffd86df9a42c8af8072827a3ed191df0efa7722bf09f7758d5910c7a570bc0b7cf4b27d3b458

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\stl2plug.cab

Filesize
2.0MB

MD5
8fd67c99522fc625857113e456a3103b

SHA1
fa4ec407b1a07c9980a6974ec1cd7dfd893d425e

SHA256
512dc207e60326f1d278b4e2f2acefac13ad1e379994d194d6908f202810e601

SHA512
228c18ab1a0734176193961be9f5008bc8ce7c74d05d292a37c41be1cb34a0a03a2aaa8b6c84e78e866bf71d5ce49d5573f04cc3fe1706dd0f3beb4199ee1172

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\tutor.cab

Filesize
35.3MB

MD5
7b33eca2ccd5fab1cf0b553ff42f65e8

SHA1
5347bb9b4dd1f8685d6239c08c9b0380c38b408c

SHA256
b07e4291acf328cffbcccb806050125b1d2e4f82c1ecb2b37c32b5b84d49fb4e

SHA512
ef5538eaa0418aca0ba40b9c532eef3df166979c0ba100da075d5ea35e1421973a9102b5941e940da36ded547645a98db9cf0c6ba470a6487d508778688d1a5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\vduplug.cab

Filesize
1.9MB

MD5
691d932f13ba1fe6622e39b60a4a89fc

SHA1
239bb2d1528ff2b8b8c854bea93da4d75089fda2

SHA256
302ce01c132ae917d7d78edf142ffed44a7135f0bf92ef5fa5d07625b7d45729

SHA512
e496a4467f9e4d8e814fa2a194f3651058bf6f943a8512d186b60cbb6f73a47b6e20869c8a2df2437d0d805ba017f66dc6377f8acf7fb22c466e62c2e9a4d89a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\vidcap.cab

Filesize
4.0MB

MD5
6a9851b06684cf9bdd1036b802e1b2ce

SHA1
98b4183f70e04e14e44a617e4588e77bd4200b37

SHA256
57cb9abbc0cdadbdfc10ac5f08be1ed598741659d2b9d971bb54a8ec0cba1d7c

SHA512
a8be128451ad39a3a63d41d67a4d496e8d6e367138486be1d3f16d42e952c33f6ca82b3e865ad2c63ad7e1710cd315ead03e3dbe129209410786783a2e75775e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\wavplug.cab

Filesize
268KB

MD5
0f3cbc7561f9283deeede1e30dc23f5f

SHA1
b7d2ce377238b1fc86b53c69f551a31801c795cd

SHA256
3bf724745efa5cbc45db52300661e4c66049e770acb990b558aec2c0c028a9f5

SHA512
b997d02c91acfb919058dc605f4ffac84c30810047a68dc9fc2354662d960a80078ad67286da7891f7b141eb0eb93dfb8f26f8d1b9da53d95573626ff55b540b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\wicplug.cab

Filesize
488KB

MD5
d154285db25d6f0aaf69f73c0b3e68a0

SHA1
064791f1aa6d2167b18d3c295f7857a5dc7bb0bc

SHA256
a21126d1ee724ab98de9adb36341a40b3d509c5e5261fe66c9a865686976c6e0

SHA512
421525e888db41c6879bace1fa6054c02efd2a88a2ca62f818850af26ace6a6d0b3e9d6a9faa2f09f17e8081002104700b96b6cd4773118e7cb4d03ee8d40e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\wmfplug4.cab

Filesize
322KB

MD5
b5a8677ae7be53ec7afd0b21a5d5f668

SHA1
15f645cf23dff8bac8962f8ed9747c0d869c954e

SHA256
ed5f8329b3c079e0cd288e5f278f4d21a82850e1e49f24d8728c5dda67bd6fd4

SHA512
551e3a374517057609d5521aed2d19874ea20a100d6e6c990890f336cccb29997ed2bea37d92b4a71b9e8dad654c5ff9d2fb05423269d4df93223a06915b5a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180\xpvinyl.cab

Filesize
1.1MB

MD5
143c0ad1f5d1f83ec19f66d4dfcaafbc

SHA1
46ce574dc94a82c7fe15dca9216615b7aa434db9

SHA256
b608e8b8bad4c31d63426b2432f1228637d602aa6549db41f028b59275b82587

SHA512
ad5d96d607b75be8fcaa304e08a0cf95cbd9c3798f0276beca45d455a3577a57abfe7772214b4f1dfe309cb35177e6c67fe29cbd3cb34ace3440d91b47074ebc

Download Submit
C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_22052024-085813.log

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\MSI2613.tmp

Filesize
123KB

MD5
5cb7ec6843aa69694096d98e467bc5e7

SHA1
ade3a650ccfff23264c3e95819126c4be6eb57cb

SHA256
c03b47bcbe6c28cfa612950814ca383dddd0d4a527cc17f1750b8385d4917aad

SHA512
540e905256195ab904d1313b72811ca73f9dcbdb419c28cbbb83232e9fee966c3d80ca322f3701a0468e9bb545e4ca08e1106ae6254f59e100e703c139e40ce9

Download Submit
C:\Windows\Installer\MSID33A.tmp

Filesize
1.7MB

MD5
aa6140d90ba59625eff857dc9bf64125

SHA1
1c29f7ab92a4d6175dad72667b6d89a212349e07

SHA256
494d77dadb86b7bc5ed7fa8b6a3cfc16211104cb7a460808dc616118ad693888

SHA512
0e61051634cd825195d1d52f240bfdaefe48a64f9f9403d6e932357ea6020aa70bb1e5344fb010b16cea325c5d3023244587b5e3ddcf155a1dcd6e11e1a9e9f5

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log

Filesize
46KB

MD5
20cfc0f3a7c6da91ac829c2b0bc762cc

SHA1
9cbf0d85202b38c109aea8afd693a3676f3708eb

SHA256
b967cdadb20c90af7814bcf3f498893afe7479c5e6a04c63768d52e52f08ebc5

SHA512
1f832edf1f1eee2d3afda35616ae1b38847b7744fa98f470df7343f7c3ff6e7a35ad5155d2281cf89ea3cd9b2810b4ff773ae71d2de081a28518f9c86fe76ea3

Download Submit
C:\Windows\SysWOW64\DLLDEV32i.dll

Filesize
117KB

MD5
f5b81ae6ecd51c640f6f33aacc2795a8

SHA1
a42a03ca40c023468e9fe4cd46050a567a7e8f57

SHA256
ab268abc3ebd6fa3e6ea78170e070577e58ddb76199b59d3d6b3fc9785b2322a

SHA512
a236ccb748f8360b79bef7b335c1c5f1acda76bfc78d6aa06d0cf2a23e5c6ceab5355f790aa1de9f00749cb56b7f66614ee31b5d0f413db386b385a1aae3b912

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\10df751d5f95f37d9c88b64e1beb8dcb\Accessibility.ni.dll

Filesize
25KB

MD5
d7467485e45b04f8fdcd93ff0a3fa48a

SHA1
7197c9065062ca7f42dbb03ee2f49e14961d3c4e

SHA256
ad553ff167e90219be73541b38b24bfe7367c1814d2c6eb098eedc0042cfd41b

SHA512
97973a483797cdc8db4fada668afeecb5ff46820a19576e2bc795648caa5c3967f64c176389ff66635ecc3357265cd14a2d929d59f45ebb418685317bcbece5f

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\BdmuxInterface\97fd2db0e150d041631cb315183d1747\BdmuxInterface.ni.dll

Filesize
14KB

MD5
33abdcfa2cd6865d95bd796f1a9b0a7c

SHA1
efb8969f2405d8494c8bec33d8015732b51862b6

SHA256
014dbec253836109ec4c4f31cd6d8699b70476d87f90a91fbdc275c999c2626b

SHA512
1bf570c404f34ed0d94ee1392ca7e598c98e1b7cfce29713b687f06b167b116ab432d895350abce194c16ee2aa5836f42e7d394191dee4085917f17fad01fcf8

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\BdmuxServer\abbeae0bc69d88b26ca2b0c774a68c42\BdmuxServer.ni.exe

Filesize
19KB

MD5
2bf04e2fc3fa182422604675fdb392c2

SHA1
f78c6af7489f80808e65b56b0335181c2fe7eb7c

SHA256
18bdc36ded1f7ab14e44cf20090252001b0cd72e31399e0aafacac45fb777b1b

SHA512
40f7533bc02c4ea89a7e8799cab3bf1a11d7978150c50214717353d9eed1512d42af4c2b3c9df0692c13d94cef024044b4da7b432b4ce7df3f1156f1bb0b2c79

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\2289812b5029c6f128652101cf72223c\Microsoft.VisualC.ni.dll

Filesize
15KB

MD5
b97b1e5f26cd7362e10a67c3a45cc4fb

SHA1
4fbb5bbc2cd9fc53df112b401acad42dc0750156

SHA256
670bbdec7dbb7b7ce4ed652ff185e65044a39f892cefd55914f5b2b8ae8bd775

SHA512
9c02802a809e698d193707d0af1d89bb84afec5f31153e8b0084557971bdec596fafe6d38d1159278084bfb3b5194d596147125eb55b6141de1217ee3cba10be

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\8ead8cfb21753fd821e5c6e19f76c73e\System.Configuration.Install.ni.dll

Filesize
138KB

MD5
cfa615b850cc8e7fb1a1d9b4fd822416

SHA1
b9b2c49cc72182a6b9d615e219b917959fbdf884

SHA256
b85754e56717a213149be1f4aa2ceb6d6931e7cdf239cf91b88ee018b169e93c

SHA512
566d7c4820d07a56fc2adc418619eefb640582d0550180a0864b38d27116b577105a90616638eeaa9284ae7d74deccb9448d6cfd723133314d3a20775e9188d4

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\afdc11005d43061ceda0e5528dd4a45e\System.Configuration.ni.dll

Filesize
958KB

MD5
91e488186a21b3dab703283ee20579da

SHA1
60861fc36c0df89c554f00852f9a111e47b8d89a

SHA256
5064cceb26fd5d33c90c41fdc047815efc47156cb190b14e608efdd9e0f35cf4

SHA512
5af1a9f14f1f689fb496e4e60ff2815a16fba9992045e583d672951ae2a46f031126e2435626a1fd21b280df2fda52800cc4c02f9c9da291c1623d92afd9e227

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ed32ae9035d6bca5b997d1eb1a269a92\System.Data.OracleClient.ni.dll

Filesize
1.1MB

MD5
88e3df1faf5837fc453ea5e8b9e3e74e

SHA1
be0f2a2a2d90453f1bd899a9fd7d65581ca09a84

SHA256
cd5717b7ff03598121f1191ecbd0f14d6ae7f061b6e3d742ac2f8913a1938844

SHA512
3064d8e17c5d14e381113cee95654ecc7734e018050571dca2527efb801b2b53237376c6dd8118294f44117723fc64e0aee77bd7a9676526bdeeb62ff64a0fa8

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\cf37b138300e073eaf38fbacab117fe7\System.Data.SqlXml.ni.dll

Filesize
2.4MB

MD5
fba823c0979aa22de4ff6bb255343551

SHA1
f4acaad189443109dee1fe2c3ff1f76ed4aed1a9

SHA256
b724d7b47c8f3dc3f4bc8871521e7845f5cffe3d2f645eed811fa5bf3759c0bc

SHA512
0be2af16bdca8afb32b9313b77ea1f41c99fbdee2aa2862b57784c73ebf6cd5e80d133c5a9b02073ffec5c8107e9f9fede04c0b121f151e4d271851168ce6054

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b35dff4065328cfde246a4c8e401060b\System.Data.ni.dll

Filesize
6.4MB

MD5
c53a972bc5130a3048899c66731042a0

SHA1
b5a46c55682556707470d1e96b621cdd34ff3865

SHA256
87b3a2ec6983c9c9e347cbf097c0997a7e3366c04a59a28822be56d43bee72cd

SHA512
721aa736f2cf6200432504758361c3a45655d81976c0eb929c5c92ea31ad5b4b4abb5ba319101fdef5177057a18512e62932c2f4bc96e1d738940f9265e248ee

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f68dd32ee5d082d8fa9e9dfd74609611\System.Deployment.ni.dll

Filesize
1.6MB

MD5
bf5ed193c23b63fa02a52fc0f2828ad9

SHA1
1f00760d553c0af21f7755a4deae200c8031eea1

SHA256
3f5e7d5fa717ee69cbe0c23a8715d31794564cc0199020af36e3faf44fb00911

SHA512
3e7f1a1021071af28b42338d9e64e0862567d0c3d64859dacf058cf74e77c368aa84b4c98e3865f1d1efaae31b8ebe845865b582e1c763d04f76586c913d8322

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\9b284dea7cc3d6fb7a6c29467c1d4657\System.Design.ni.dll

Filesize
10.2MB

MD5
ef2fce365b563c5eac5be820e17f1750

SHA1
14e105da5415e12aef2f3f672eec5460cecaffd3

SHA256
3f07b7a3520af2d68816a6c6beee4bc9e46c090f38108008e3929140edb44a02

SHA512
19f380dda4f29efb7ba91dbcd7e4f125df77bcf56d96243e67f691227076a32fa80c17b1ae2d6272893c697cac81c2eccba9d81b3c65c1c70ddaca4cd9ce3bb8

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\12cfe9ba0b2f7707e921138c0c26c8e3\System.DirectoryServices.ni.dll

Filesize
1.1MB

MD5
194588864b72c85f064fa55dac5f3df5

SHA1
6e90d1a2dc20dfbd8d616a6bb9676457874d029d

SHA256
c3f1c0b347a96e76fc0116c3b06c68e26efd113a4e82b652165d3bca2f7453e4

SHA512
1f0fd8b412df7b8f7f7cf2ec2ecf0d662cfd5b4903c16eb74d8b1970d9b72226cf35243da61ed8d845d0382ea21ac6aaf5300c3d29122e0f86758da62a07c97e

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\3817af3d84cd211fce99976a1a5d61b0\System.DirectoryServices.Protocols.ni.dll

Filesize
444KB

MD5
6e4067e068f8b913c66e875dfce1ca56

SHA1
70b2a44159992a6bca01906f6b9dea8c23eead74

SHA256
83842e47c3f67839c5e8ea53479322953ac3a2cd77ee222d9614bb7b1c212577

SHA512
df364f0398eeaf55b1f302d3e47bdd35dc3604881038914a1ef75b78a49b6a9bd190e43d5ec90148f3654ead49ed099e49333c63875f6e719216542ffd4cb8cc

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\bc18198592bbf587643cdf492b00787c\System.Drawing.Design.ni.dll

Filesize
203KB

MD5
63f6d6343461901bec650559bb0f662a

SHA1
15bf61fb86527f2bddb74d94fb577fdcca0af8ab

SHA256
0367d61fc66444f9f11580a2b6f6bde637fb5c85d62a2e69865787fa72ec1250

SHA512
30fd00c0a985dcbc3b04f081b08fd7caafdf3203e3ff2f082d54b99482587ea2fd80e843ad5325d58c1643c45f6eb5a2dae493eaabc9e9563de83f40b9cfd767

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9ce6cb521ee8966a770ec92f7bb745be\System.Drawing.ni.dll

Filesize
1.5MB

MD5
5cd76a9e841dee7f0313c645e3fc916d

SHA1
00b71f7c6814227bad69a311859bed0b216ca01f

SHA256
0f6d70a6c94e73e1455488b030c2b98d21d67e18776fa049be60656c6c1ad70e

SHA512
029c98d8c352eacd16ee854b6107c0a93520c70ac6da151e18e4b2660b4df9422508ced8d5c6eaa5fbf74aa89f7daab482dc9e2b658ec4dc1455d92415a108e2

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3b57e6a119607af4df8a9916f02af0ea\System.EnterpriseServices.ni.dll

Filesize
613KB

MD5
c91414859d1431ea60e6825eb79dc632

SHA1
6b858b19bfb699d8e5bdcc4f16aeae0b092893c5

SHA256
082e8f175d598c1ede3313c06889c63ab77cbe3aa44b9be3c1024b1661f233b4

SHA512
911dcd57d8441f8045e7268654d8e8f34ac84b2906d547ff2ef6bc944d8120049e9994d64fb903a1e4134f5293b5e55fdf15ebea197f2224d794677ebb349100

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\54d7155d72b1d7300f7e8d6259f6906e\System.Runtime.Remoting.ni.dll

Filesize
756KB

MD5
695d987203c182af96fcfbeb5a3c8729

SHA1
8bb39a8e166b84e8ff25d944c1795a77f39859af

SHA256
70a15b1af1a029f65b9db406e5a20fbeb65c80234447d13d85b5cf6d47991e00

SHA512
1b00cdd5ac6e480354806440a57b6f83a317362ee4b693c994875d78f9955ab0c9fd8dd56ba1ff34be132223de23f4c7502b8b29cea6a8ff0058136ba7b783b6

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9dfe2dfe6827a2ae6da4f06e0a04402c\System.Runtime.Serialization.Formatters.Soap.ni.dll

Filesize
303KB

MD5
4c947dd62b018e5c81648ae4bde2db59

SHA1
81b30a695bf5aeaec4fa15cc97facb1acd171acf

SHA256
2d78491eb040d73c25b607b37f189f55a58efd90c0140fe168d442f02386ba1e

SHA512
8dce80408eb831b490a8f119b236919bdf50247d8740153fb696e5574ed34a9c5a76aa15dc0294029fb45f024dccb360865e68730d895a6e8b6fceb7dad178db

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\30f256f0900d784947a635fbf5676dee\System.Security.ni.dll

Filesize
705KB

MD5
460f800022380e520ea9aa3b269f095a

SHA1
d13f2ff92e6bf8949b763f0457ef9b36e468a4d7

SHA256
c3452e52d964d354f912d34618d77ede21bd35c91992fb1c6408339d803c07f0

SHA512
d69c45783f8a8403292d03df19938cf2c80658ebf3184c86eba68fbcb895c69ac4d12172cc862dddd05cbb2eb8acb769cd78624021584fc56694ab7f102a9681

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20ec783b6fefcbcc32e302849a4c981f\System.ServiceProcess.ni.dll

Filesize
219KB

MD5
1cfd0772cde9450e74120d04982ce500

SHA1
09d3211e70412c14f904ac2a224c23f40187ce5a

SHA256
702733fbec609bae9331b0d273da3ac23e8a709bde3b81099fd39b0ca760841e

SHA512
4ac93f16f6132e3b3f9dce4d6443f62eced6e315c0d686a1b60d223b1fbd7cfc4c4f8dd6e8f32203544870f6becd0d2a0e5642a7e552fdc73842509949416451

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ed7279eac9939da639924bd755b74920\System.Transactions.ni.dll

Filesize
612KB

MD5
4f853d6c38e627eab9f4f75feb5b677a

SHA1
6b8168a28d3735e5fa362a5f76698c7a6afa3409

SHA256
e76170a2e8a5e4a7f6a6765a442c72a06da42e267bfe7e5f1af3ed7f06b1430e

SHA512
817f3eba38dde58df9a0982a664b898117ed94764fcc7af267344e340fc47ad432ec581a112c792ca41d2990eaea34b62fd1e121f3142cac6251fcecbd14a40e

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\09820b13233f334cbe7cc497db6978ee\System.Web.RegularExpressions.ni.dll

Filesize
248KB

MD5
d73f46dd54f7f6c5bf1ce49f2c0885f3

SHA1
038434c5af6de5e23438c78cabf01e87107788b4

SHA256
0a62331cb3eda1eadda14b030b693f182bf05e65ce694d614425dd739a6d67d5

SHA512
28c166974ef9390d604e6af5016a02b37adb21466626b6459607318be23595330bbb672797cae0151ac49dd965e831b320e5673a8a3662d6aed470446e9d3d76

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9fcb783512687f4a0e0cd334901e5193\System.Web.Services.ni.dll

Filesize
1.8MB

MD5
c1e003ad134db4299527096ee2378ce9

SHA1
fb5f8e22a8d1b62f3039b7b5c097d446da346f0d

SHA256
243d4c49d43a94ee9d4b8a1dc59271b9b465fd970c32a810c529570a39e9c4a8

SHA512
e0c3d69f25e513b77bdfeb8ded7f304914fa8920184634ef57554d741e770a196292a7ef553dea1b69f51f83854f7606efce97c89581ce99abc5c0d7e0d5d023

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\affed1895bf064cd7b142cfe13d46e05\System.Web.ni.dll

Filesize
11.4MB

MD5
72a11561973c1f625fa70f99bf772549

SHA1
5556be56ead4c5525dbbd76c6c92358ea21e080a

SHA256
8bb6b80948bcfac24378876f3211c2e15d017ef24bee51be2db59bf1aec55db6

SHA512
9b6115e911169b49a721a0ec6fa7802afda03368d83b3443299d073fdbf1397b3a9a37cf912f2e193ee1a8eabd0bb93c27c4d0ee292d3cdb7dc80889d07f2ad9

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cbf5f1c092d41e11325a582215494968\System.Windows.Forms.ni.dll

Filesize
11.9MB

MD5
afe9e4c3489c45ba871b555fed264114

SHA1
8993ab7e41c80bd4e06896d00f5bb1971ebec4db

SHA256
92aa7813905d5fd6a3d2428201f59839037b9028766f9a33215ac73c008224ac

SHA512
c7942cb189e7c670eb8b467461f90c84757dda5294d7b6caea7ebd58476a5873e526991ac3553c1257613308851e99adcbc12beb695f8c0553751c09dccdef69

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c37650f5b5ba456d72fcf034db9f34b7\System.Xml.ni.dll

Filesize
5.2MB

MD5
577bce5368911f44a51fab20a1cfe0e0

SHA1
b0f6258a5b3daf11b46af1f319e88bfb73d42af7

SHA256
f653b2fff9b570b33bfe54476cbfd50504f72f23f8d5268c723bc0981bd5080e

SHA512
19eb830c32622388697fb3beffb70ad8506cbd822c8e2a0143a713eeb7924427421be060a994d12b63214819413d4a5e7df6464984b31e476a235e96121ccdb7

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxdh\869b8204b0ae1e7cdcaad49841084b37\Vegmuxdh.ni.dll

Filesize
29KB

MD5
b338c2c659c2b5cd79ae644fbd0d16e3

SHA1
ab33554a614c623c57a51c22a58df61de01ce068

SHA256
74f589b148458251922ffdf70c808c7e185e730a823877627ada0de7f3f17b09

SHA512
28aeed6483f99bf9090e246c1042feb06e8c82a5ae8b9f9de740e6038ebd4801a8dd5b343acaa8205c02d2411de1a215a78d6fee469938cc9cabe5b7f8e15645

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxdw\0735780a42078ac8c88098097b849c08\Vegmuxdw.ni.dll

Filesize
635KB

MD5
87d7dffb1adda303025f28569ee49015

SHA1
4ecf7b783f56e28bd1a2710f5ab5047b5f3cebd3

SHA256
1ccfddb5525e77ae7d3a477abcef3c14d73b67dd0ba89589af90ba97ee665de2

SHA512
b348a04b4cca476c594fedcb66eb52d60ba92c97146a4ddfb5b5a2f738b196c5cdd525cf3a3cbc92118e1c8395c5f24adda4d323e93588e87074de7a9a13240a

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfa\5bb0612e052569b90e5982442343e833\Vegmuxfa.ni.dll

Filesize
301KB

MD5
c3a5a2e734105e02bd30cda08f63fd2c

SHA1
39403bb4694be9b445a7bc1322b6df60df08aabd

SHA256
a8d0803a5ceceafc52de3e06074164aaaef8c6075786c05092c0db932c92b086

SHA512
ac177d519b01abee8471507a1d865619e578beccc80d825e62c1ccf4e365e9d6a035e73c1d69fef0f0ad4c3fbe052a011498cfbf2e58d0dee5c6586cc9bca76d

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfb\cecb8ec24e1af05fb4a61c5ace918b42\Vegmuxfb.ni.dll

Filesize
747KB

MD5
f9b64838370438570e99cd5509fcc66a

SHA1
1c589165ebcce79c653d36966271a2384500d51a

SHA256
9c31fce0c6d6b1e91d39d36a6ef345f2113a3811d89791b8825da0d98b901d0b

SHA512
8774474831a5eaf8e5af8041268b86c0725d545b894b14773953cacfc842134bd25d5ffacd047d63803caed0b8d35bfb44db88c155b45d37466dc543833d0569

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfc\1856dc5b975b655e36ae4ebc3ec86bc7\Vegmuxfc.ni.dll

Filesize
133KB

MD5
00f00757d84cd3470fa63964562fecf0

SHA1
dc70614c4ef640c00845666d72d911513b1bc228

SHA256
307d0e9795f61cb42138484188fafb03623c616965877473028206e612703515

SHA512
9dd04552cd4d68fbb328c1c1d9a28cc00fda955fe9442bfd895a42688084acd959236d9d5f4fe966582a5f1b287bff58695e6be78eda159fd8557403776b1a52

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfo\f33b6ae5511468a5973a2741b1df8bd2\Vegmuxfo.ni.dll

Filesize
1.1MB

MD5
d4e7a8a080d35c7de2e27ca68580b0a9

SHA1
bba7acf1721bfe36c2735c770a4fdd09f2dd4ea4

SHA256
3a655b59488a8a032b129d9cc32c534cb4aece8313ac6b62983676437b0cf9f2

SHA512
7448ec9e4868c8ba13273c497beb79f0414858942a57bb932173d8904b285b33049f2eccf001b9cf60b5915ea6a429623d9166529ffb6a3efb1973b305dad8e0

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxmc\7b320899009a2c0ffb38d4e0c03a7fdc\Vegmuxmc.ni.dll

Filesize
139KB

MD5
05556eb9c63c1b1f00618e38bbc5ab07

SHA1
abaab3f2f845cf8e97384d1c739c3e8a0d10b1ee

SHA256
56de0579a98033d8da52633a084b9dfc09737c3d081c1b8e2fc4cbf4798d22e4

SHA512
6af43b9b3940cfb7c150d60480fd888e4be0b734d4eeca9ef3d63461aad2b17ed9431567fb2abf051df98ab1eaeefac9fdc81208abd4ff99877cb599cfb15c93

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxrt\c76b71ce98b9b57a38f6259525866e5d\Vegmuxrt.ni.dll

Filesize
35KB

MD5
2279dccd3bf98c046197405b4d5e9e42

SHA1
f0cede348d3619dcb205dfc737895355e9031204

SHA256
d9dc5b1386c8410c80d33a2180d4847870f2b354af84bfeae347477e7277b0c1

SHA512
ed3d624bc0147a1cabc4fb491fb66f826c9017bf943c3e7c32305e2c6d364c553a282ed91c3fd44a4e0f391664287b20a03302c229340e882138630d07d51d12

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxtw\59ba2504ebf6c3921bdbbe9830c17dfd\Vegmuxtw.ni.dll

Filesize
207KB

MD5
8b8e5e191176de44d2b72d0bef967b06

SHA1
d0f48721fd85a3904f03f40609450ffe7114be10

SHA256
68088a79ba11e66e7549bfafb8596fb47284306853d16997fe054b7c8085b416

SHA512
8bd3bad0cfbdd78ef8d846bf32778f1c3d3ee98fc4115daa4757f7d79e148e44f222c16fa13fe184c434708b6754ca990e863948e8abf3f46f9ba5d3b2eb9ab5

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\mux.net\b2015cb73dc42074d209f520aea4d5e0\mux.net.ni.dll

Filesize
311KB

MD5
fc699505248315956789f134a8ebc4fc

SHA1
b9ef4199ca57c2175ee09f060088a9f49ef18eca

SHA256
c9c20508f2211821fec1f3f644aa4b7b3353809a76bee52365632c7ab379744c

SHA512
3460bb07c06949e7bc6585882836c3548df4745273c054512ad9c38b7c43aa7abf562a0d65a39a857f6154eede2b179cd2ec0fc347d7023807103fb233954b2c

Download Submit
memory/492-3879-0x0000025F16E00000-0x0000025F16E16000-memory.dmp

Filesize
88KB

Download
memory/544-3869-0x000001D55F900000-0x000001D55F916000-memory.dmp

Filesize
88KB

Download
memory/976-4228-0x00007FF6391E0000-0x00007FF63C1AA000-memory.dmp

Filesize
47.8MB

Download
memory/976-4227-0x00007FF6391E0000-0x00007FF63C1AA000-memory.dmp

Filesize
47.8MB

Download
memory/1336-3884-0x00000274E9670000-0x00000274E9671000-memory.dmp

Filesize
4KB

Download
memory/1480-3865-0x0000016E75070000-0x0000016E75086000-memory.dmp

Filesize
88KB

Download
memory/1488-3859-0x0000021413750000-0x0000021413766000-memory.dmp

Filesize
88KB

Download
memory/1784-3873-0x0000023779750000-0x0000023779766000-memory.dmp

Filesize
88KB

Download
memory/1868-3943-0x0000000007800000-0x0000000007801000-memory.dmp

Filesize
4KB

Download
memory/2256-3871-0x000001B246900000-0x000001B246916000-memory.dmp

Filesize
88KB

Download
memory/3200-3875-0x000001E2679F0000-0x000001E267A06000-memory.dmp

Filesize
88KB

Download
memory/3416-3890-0x00007FF6391E0000-0x00007FF63C1AA000-memory.dmp

Filesize
47.8MB

Download
memory/3556-3863-0x000001EA6BC70000-0x000001EA6BC86000-memory.dmp

Filesize
88KB

Download
memory/4264-3861-0x000002600BF60000-0x000002600BF76000-memory.dmp

Filesize
88KB

Download
memory/4300-3877-0x0000019FD3FC0000-0x0000019FD3FD6000-memory.dmp

Filesize
88KB

Download
memory/4504-3867-0x000001B227160000-0x000001B227176000-memory.dmp

Filesize
88KB

Download