hxxps://drive[.]google[.]com/drive/folders/1AnY-_-MQkxOC35NWMyV-MhJE_L6rkrYe

Analysis

max time kernel
898s
max time network
898s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1AnY-_-MQkxOC35NWMyV-MhJE_L6rkrYe

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 2 IoCs

pid	Process
708	vegas180.exe
1784	ErrorReportLauncher.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	MsiExec.exe
2412	MsiExec.exe
4116	MsiExec.exe
2412	MsiExec.exe
4116	MsiExec.exe
1896	MsiExec.exe
1896	MsiExec.exe
1896	MsiExec.exe
5072	MsiExec.exe
5072	MsiExec.exe
5072	MsiExec.exe
4572	MsiExec.exe
4572	MsiExec.exe
4572	MsiExec.exe
3744	MsiExec.exe
3744	MsiExec.exe
3744	MsiExec.exe
3560	MsiExec.exe
3560	MsiExec.exe
3560	MsiExec.exe
3480	MsiExec.exe
3480	MsiExec.exe
3480	MsiExec.exe
3804	MsiExec.exe
3804	MsiExec.exe
3804	MsiExec.exe
3364	MsiExec.exe
3364	MsiExec.exe
3364	MsiExec.exe
4668	MsiExec.exe
4668	MsiExec.exe
4668	MsiExec.exe
5020	MsiExec.exe
5020	MsiExec.exe
5020	MsiExec.exe
4688	MsiExec.exe
4688	MsiExec.exe
4688	MsiExec.exe
2232	MsiExec.exe
3264	MsiExec.exe
3132	MsiExec.exe
4492	MsiExec.exe
4492	MsiExec.exe
2816	MsiExec.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
708	vegas180.exe
4116	MsiExec.exe
4116	MsiExec.exe

Blocklisted process makes network request 4 IoCs

flow	pid	Process
176	1336	msiexec.exe
178	1336	msiexec.exe
180	1336	msiexec.exe
183	1336	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com
159	drive.google.com

Drops file in System32 directory 52 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBControl.dll	msiexec.exe
File created	C:\Windows\SysWOW64\DLLDEV32i.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CDDBUI.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangRU.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp71.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\DLLDEV32i.dll	vegas180.exe
File created	C:\Windows\SysWOW64\CddbLangJA.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangDE.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110kor.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\atl110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcr110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110fra.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangFR.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr71.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc110jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm110u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc110deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\CddbLangES.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr70.dll	msiexec.exe
File opened for modification	C:\Windows\system32\atl110.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Bring Forward.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Vidcap Plug-Ins\stl2plg\stl2plg.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\de\ScriptPortal.Vegas.resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Presets\PresetPackage.pl-PL.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfplug3\mc_demux_mp4.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\gnsdk_video.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\x64\eFX_Compressor.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\space.gif	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\eFX_StereoDelay.htm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\pt-BR\ScriptPortal.Vegas.PublishOFA.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\VEGASCapture\locales\uk.pak	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_pt_PT.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\System.Collections.Immutable.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Video Plug-Ins\colorcorrector.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\bdmux\Mux.net.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormMail_hu_HU.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_de_DE.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Microsoft.Extensions.Configuration.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\inference_engine_legacy.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\TubeStage\[Sys] Older Radio.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\GPCLibrary.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\Dolby_PQ_4000_nits_Shaper_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\rec1886_to_linear.spi1d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\InvRRT.Rec.2020_ST2084__2000_nits_.Dolby_PQ_2000_nits_Shaper.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\redplug\REDR3D-x64.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Resources\Stabilize.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\proDADMercalli20.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\OfxStitch.ofx.bundle\Contents\Win64\VegasOfxStitch.ofx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] Delay_Digital_Robot.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Resources\ofx360Stabilizer.ja-JP.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\ofx360Stabilizer.ofx.bundle\Contents\Resources\ofxStabilizer.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\Log2_48_nits_Shaper.RRT.Rec.2020__Rec.709_Limited_.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\Log2_48_nits_Shaper.RRT.Rec.709.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\MagixCVFx.ofx.bundle\Contents\Win64\MagixCVFx.ofx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Phaser\[Sys] Spring Fx.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\LMT_Shaper.Blue_Light_Artifact_Fix.spi3d	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\CoreUI.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\colorgradingtools.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Bitmaps\CUnlockVersionMessageBox.ini	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\fr\ScriptPortal.Vegas.Slideshow.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OpenColorIO\configs\aces_1.1\luts\InvRRT.P3D65__D60_simulation_.Log2_48_nits_Shaper.spi3d	msiexec.exe
File opened for modification	C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\External Control Drivers\faderport.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\readme\HTML_ASSETS\release-banner_chs.jpg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mcplug2\mc_dec_mpa.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\log4net.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Help\EN\tabs.json	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Reverb\[Sys] SlapBack.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormMail_pt_BR.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Presets\PresetPackage.ko-KR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfhdcamsrplug\mxfhdcamsrplug.chm	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfplug\mc_enc_mp2v.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\mxfxavc\SMDK-VC110-x64-4_8_0.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\Compressor\[Sys] Sequencer Compression.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\GPCHolder.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\fr\ScriptPortal.Vegas.PublishOFA.Resources.dll	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Resources\Stabilize.de-DE.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\AutoLooks\16.cube	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\MAGIX Plugins\essentialFX\Presets\StereoDelay\[Sys] Both Sides Of The Story.efx	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormFax_es_US.rtf	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\Joystick Profiles\ReadMe - Joystick Profiles.txt	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\readme\HTML_ASSETS\release-banner_esp.jpg	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Stabilize.ofx.bundle\Contents\Resources\Stabilize.ko-KR.xml	msiexec.exe
File created	C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\Vfx1.ofx.bundle\Contents\Resources\Vfx1.zh-CN.xml	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140chs.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140deu.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20250108205404106.0	msiexec.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index22.dat	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140jpn.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\e63d28d.msi	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP69A7.tmp\System.Security.dll	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfcm140u.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140cht.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\{75111FE1-CE55-11EA-8B12-00155D43CFCE}\sfa.ico	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1c.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2e.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1a.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140cht.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140rus.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index11.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index14.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1b.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index22.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2a.dat	mscorsvw.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcomp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcomp140.dll.AF4EABEE_4589_3789_BA0A_C83A71662E1D	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20250108205403903.1	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\indexf.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index10.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2e.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20250108205403903.0\9.0.30729.4148.policy	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcamp140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140enu.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1b.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2b.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index12.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140enu.dll.376F96B6_AD69_3104_A1C3_B0A3704DB24A	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\msvcp140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140.dll.7631C5EE_5656_3421_AE44_00C5FBD84302	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index16.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index1a.dat	mscorsvw.exe
File created	C:\Windows\WinSxS\InstallTemp\20250108205404028.1\msvcm80.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140jpn.dll.B796D14F_AD8C_3A96_B2B8_3D8FF8499DA8	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140esn.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140.dll.BC0B92F1_D156_35A8_A565_6689E8DDDA1F	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20250108205403887.1\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20250108205403997.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd.manifest	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\mfc140deu.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6D61.tmp\System.DirectoryServices.dll	mscorsvw.exe
File created	C:\Windows\Installer\{75111FE1-CE55-11EA-8B12-00155D43CFCE}\wav64.ico	msiexec.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index24.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_32\index2c.dat	mscorsvw.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\00DB3E6755ECAE114B900051D534FCEC\1.0.0\vcomp140.dll.D6D6A777_183E_3133_B603_785C0E6F235B	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 42 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ngen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mscorsvw.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8F8A59E3-1388-11D3-8F9D-00C04F4C3B9F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A23F-301B-11D3-B030-00C04F4C0826}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList\Media\462 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000007-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1B49268E-A677-11d7-A773-00C04F68F44E}\Pins\Input\Types	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}\Pins\Input	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A233-301B-11D3-B030-00C04F4C0826}\ = "ICddbSegments"	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7228EE-4584-11D1-B4CB-00A0C9270A10}\ = "SfGeq Property Page2"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}\Pins\Input\AllowedZero = "0"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B0528CE4-F67E-11D2-8F8E-00C04F4C3B9F}\ProgID\ = "CDDBControl.CddbDisc.1"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{471D8C3F-D01A-42D5-8132-39AF8A3C0ECC}\TypeLib\ = "{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBUIControl.CddbInfoWindow2.1	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23C9F227-40EC-11D2-9D36-00C04F8EDC1E}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBControl.CddbInfoWindow\CurVer\ = "CDDBControl.CddbInfoWindow.1"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}\Merit = "2097152"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	vegas180.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList\Media\144 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA1-A056-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\SourceList\Media\120 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}\Pins\Output\AllowedMany = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}\Pins	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{26BF9366-95A2-463B-8237-238114494AF7}\1.0\FLAGS	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\ProductName = "MSVCRT Redists"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{B97C0F23-196D-11D1-B99B-00A0C9053912}	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}\FilterData = 0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000700000006175647300001000800000aa00389b7100000000000000000000000000000000	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8444E537-6C73-492C-BDD2-1B272D6463DB}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1EF1115755ECAE11B8210051D534FCEC\sftrans_nohelp	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{3F901A20-79BE-11D0-AEBC-00A0C9053912}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E2D7C794-D104-4B28-9FB3-00AA006BA2BA}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01894669-BF86-482D-8FA2-BC0C7FFB1D38}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{50ACB5C1-F279-48C0-ADF4-7230533169C9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBUIControl.CddbUI2.1\CLSID	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B77C6368-3FFB-437D-B879-BA92D981493A}\ = "ICddbUI2"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B7229EE-4584-11D1-B4CB-00A0C9270A10}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D527680-0D3E-495F-8344-02A6036B5814}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1EF1115755ECAE11B8210051D534FCEC\SourceList\Media\20 = ";VEGAS Pro 18.0 18.0 Install Disc"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Filter\{00000005-0F56-11D2-9887-00A0C969725B}\ = "VEGAS ExpressFX Amplitude Modulation"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}\Merit = "2097152"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}\Pins\Output\AllowedZero = "0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B0528CD1-F67E-11D2-8F8E-00C04F4C3B9F}\1.0\0\win32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A235-301B-11D3-B030-00C04F4C0826}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1EF1115755ECAE11B8210051D534FCEC\extvid_decklink	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F7B9B77-62A7-424F-9650-AC8B204B72E4}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}\Pins\Output\IsRendered = "0"	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}\Pins\Output\Direction = "1"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B2C767ED-0E50-4A1D-AF6E-EAF1F16EB1C2}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1EF1115755ECAE11B8210051D534FCEC\sftrkfx1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5F6A23B-301B-11D3-B030-00C04F4C0826}\TypeLib	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0306D2A8-B7E2-4EA2-ADC6-78F80D65B1E2}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CDDBUIControl.CddbUI\ = "CddbUI Class"	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 40003d00780035004e004800610050006900280050005800640068002900680072006d004f006b003e0059007e00490078005d007d006c00450053003600590041002800370057005a006e0024007e00680000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\00DB3E6755ECAE114B900051D534FCEC\SourceList\Media\41 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{95B14F82-2AE0-4BD1-9705-8AB6A51DC3C6}\TypeLib\Version = "1.0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0528CE3-F67E-11D2-8F8E-00C04F4C3B9F}	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{23F49E84-8749-41EF-A27B-C20D4CF33E88}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5F6A241-301B-11D3-B030-00C04F4C0826}\TypeLib\Version = "1.0"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5F6A23F-301B-11D3-B030-00C04F4C0826}\ProxyStubClsid32	MsiExec.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	vegas180.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	vegas180.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
4788	msedge.exe
4788	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
2496	msedge.exe
2496	msedge.exe
1868	Setup.exe
1868	Setup.exe
1116	Setup.exe
1116	Setup.exe
1336	msiexec.exe
1336	msiexec.exe
1336	msiexec.exe
1336	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2668	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2668	msiexec.exe
Token: SeSecurityPrivilege	1336	msiexec.exe
Token: SeCreateTokenPrivilege	2668	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2668	msiexec.exe
Token: SeLockMemoryPrivilege	2668	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2668	msiexec.exe
Token: SeMachineAccountPrivilege	2668	msiexec.exe
Token: SeTcbPrivilege	2668	msiexec.exe
Token: SeSecurityPrivilege	2668	msiexec.exe
Token: SeTakeOwnershipPrivilege	2668	msiexec.exe
Token: SeLoadDriverPrivilege	2668	msiexec.exe
Token: SeSystemProfilePrivilege	2668	msiexec.exe
Token: SeSystemtimePrivilege	2668	msiexec.exe
Token: SeProfSingleProcessPrivilege	2668	msiexec.exe
Token: SeIncBasePriorityPrivilege	2668	msiexec.exe
Token: SeCreatePagefilePrivilege	2668	msiexec.exe
Token: SeCreatePermanentPrivilege	2668	msiexec.exe
Token: SeBackupPrivilege	2668	msiexec.exe
Token: SeRestorePrivilege	2668	msiexec.exe
Token: SeShutdownPrivilege	2668	msiexec.exe
Token: SeDebugPrivilege	2668	msiexec.exe
Token: SeAuditPrivilege	2668	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2668	msiexec.exe
Token: SeChangeNotifyPrivilege	2668	msiexec.exe
Token: SeRemoteShutdownPrivilege	2668	msiexec.exe
Token: SeUndockPrivilege	2668	msiexec.exe
Token: SeSyncAgentPrivilege	2668	msiexec.exe
Token: SeEnableDelegationPrivilege	2668	msiexec.exe
Token: SeManageVolumePrivilege	2668	msiexec.exe
Token: SeImpersonatePrivilege	2668	msiexec.exe
Token: SeCreateGlobalPrivilege	2668	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe
Token: SeRestorePrivilege	1336	msiexec.exe
Token: SeTakeOwnershipPrivilege	1336	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1868	Setup.exe
1868	Setup.exe
1116	Setup.exe
708	vegas180.exe
708	vegas180.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 3516	4788	msedge.exe	82
PID 4788 wrote to memory of 3516	4788	msedge.exe	82
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3652	4788	msedge.exe	83
PID 4788 wrote to memory of 3188	4788	msedge.exe	84
PID 4788 wrote to memory of 3188	4788	msedge.exe	84
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85
PID 4788 wrote to memory of 2944	4788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1AnY-_-MQkxOC35NWMyV-MhJE_L6rkrYe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb78b346f8,0x7ffb78b34708,0x7ffb78b34718
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,11096982948904247637,9741726989256099350,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3484

C:\Users\Admin\Downloads\VEGAS PRO 18-20250108T204101Z-001\VEGAS PRO 18\Setup.exe
"C:\Users\Admin\Downloads\VEGAS PRO 18-20250108T204101Z-001\VEGAS PRO 18\Setup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\VEGAS PRO 18-20250108T204101Z-001\VEGAS PRO 18\Tutorial.txt
1⤵
PID:4252

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_VEGAS PRO 18-20250108T204101Z-001.zip\VEGAS PRO 18\Tutorial.txt
1⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Temp1_VEGAS PRO 18-20250108T204101Z-001.zip\VEGAS PRO 18\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_VEGAS PRO 18-20250108T204101Z-001.zip\VEGAS PRO 18\Setup.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1116
- C:\Windows\system32\msiexec.exe
  "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\redist.msi" /quiet /norestart /Liwear "C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_08012025-085400.log"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2668

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1336
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding ACB6B3314F8124D8B4C2BF1BC3D562C6
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2412
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding DB6B233F0D79CE6BA2D14B6B83EE8569
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:4116
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" Install "C:\Program Files\VEGAS\VEGAS Pro 18.0\bdmux\BdMuxServer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4428
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 23c -InterruptEvent 0 -NGENProcess 22c -Pipe 238 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:180
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2d0 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2188
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2b4 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5020
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 0 -NGENProcess 2cc -Pipe 2e0 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4436
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 244 -InterruptEvent 0 -NGENProcess 2dc -Pipe 23c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1816
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 244 -Pipe 2cc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2556
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 2e8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4612
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 300 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2716
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b0 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 304 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1728
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2b0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4208
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2b8 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1440
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 22c -Pipe 244 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1036
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2d4 -Pipe 2dc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4668
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 2fc -Pipe 2c0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3524
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 22c -Pipe 2d8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1872
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 314 -Pipe 30c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2492
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 0 -NGENProcess 2bc -Pipe 2e4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1188
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 330 -InterruptEvent 0 -NGENProcess 320 -Pipe 328 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3416
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2bc -InterruptEvent 0 -NGENProcess 314 -Pipe 310 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4616
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 32c -Pipe 320 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1012
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 33c -InterruptEvent 0 -NGENProcess 344 -Pipe 330 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4688
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 318 -InterruptEvent 0 -NGENProcess 314 -Pipe 33c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2744
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 348 -Pipe 2f4 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3944
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 308 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1524
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 354 -InterruptEvent 0 -NGENProcess 360 -Pipe 368 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2936
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 364 -Pipe 354 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1912
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 37c -InterruptEvent 0 -NGENProcess 370 -Pipe 378 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4912
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 31c -InterruptEvent 0 -NGENProcess 370 -Pipe 36c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:800
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 370 -InterruptEvent 0 -NGENProcess 340 -Pipe 37c -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3648
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 334 -InterruptEvent 0 -NGENProcess 358 -Pipe 370 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3364
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 360 -Pipe 364 -Comment "NGen Worker Process"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4668
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a0 -InterruptEvent 0 -NGENProcess 384 -Pipe 39c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1560
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 3a8 -Pipe 398 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2744
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 32c -InterruptEvent 0 -NGENProcess 2f0 -Pipe 384 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3944
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 2f0 -Pipe 390 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:2160
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 348 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4652
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 3b4 -Pipe 358 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:4692
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\mchammer_x64.dll"
  2⤵
  - Loads dropped DLL
  PID:1896
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sffrgpnv_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:5072
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:4572
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack2_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3744
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfppack3_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3560
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfresfilter_x64.dll"
  2⤵
  - Loads dropped DLL
  PID:3480
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sftrkfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3804
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx1_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:3364
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx2_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:4668
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\sfxpfx3_x64.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:5020
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files (x86)\VEGAS\Shared Plug-Ins\Audio_x64\xpvinyl_x64.dll"
  2⤵
  - Loads dropped DLL
  PID:4688
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBControl.dll"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2232
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\CDDBUI.dll"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:3264
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\x86\sfvstproxystubx86.dll"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:3132
- C:\Windows\System32\MsiExec.exe
  "C:\Windows\System32\MsiExec.exe" /Y "C:\Program Files\VEGAS\VEGAS Pro 18.0\sfvstwrap.dll"
  2⤵
  - Loads dropped DLL
  PID:4492
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 4C0259A3B5B2F3514DBC9E7A838B0947 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:2816
- C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe
  "C:\Program Files\VEGAS\VEGAS Pro 18.0\vegas180.exe" /register /user 1085
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:708
- - C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe
    "C:\Program Files\VEGAS\VEGAS Pro 18.0\ErrorReportLauncher.exe"
    3⤵
    - Executes dropped EXE
    PID:1784

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:3364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e63d28b.rbs

Filesize
184KB

MD5
60726cec028cffa4072aa44a4333fdf8

SHA1
b1d77798c80fbd9167ca15b8eb5bd84baf159f84

SHA256
e280c33d2a0ccf5a2f91de66082684af671a65eace2607ba760f318079b112ee

SHA512
a62bb30953d38dc621350b3e61ebeea4cd462a85e2d564096dff47b537c12abad91d880524d9873e5cc4c91d7f4096afed44c9738e255518d6932e7df2fce84b

Download Submit
C:\Config.Msi\e63d290.rbs

Filesize
504KB

MD5
2dcb95b56672a7e7bfb2e0b9d6899173

SHA1
b28d35b3ac6192e9ed0dad6c97435d0413a1349f

SHA256
247fec44c29c09defb046b00617763678920147d5a5878a4c4492a4aa9fcf2f7

SHA512
fc44a9090d72b8b398a23f5a031df03c02e28c3b422f73a5592d4c02418b6fdb495cdd3e0fb8d561acfe3ccd4570e8c2e5343fe7e42eb5eecc57247b793109f2

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\FileIO Plug-Ins\so4compoundplug\mc_dec_mp4v.dll

Filesize
1.3MB

MD5
3c8a67f6443ca685751c14e1f8650107

SHA1
a14f7014e54aa5a6aac716be64ea55286fa5854a

SHA256
984530397a0239cf5ccfcddbe77664c4cd84978080d41daecbedf6782eb22aee

SHA512
24d3b2334592b8b756ecd1a00fa77075698be3ad7e169d7dc0b691a59244356514730eb77d22417e32fa38b65cd303997b28541ed9a7197aa5b223c8864134b5

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
66B

MD5
07ed4ee4417494dd308b41be90ffe60f

SHA1
26ecb8a80034561830a78fa1ef7028ac04b00ae3

SHA256
29deb5cf1069418d89bf302b18356e7588c93d7167ff888f73dc91aea71dc1a4

SHA512
1c28eac12d3226bb43ba05ecc060f2c1d3dce03edaad2ef390ae2cd918fd7fe1abee96fa94f91a0d1e06204dc4ce46d8746211c0fb0c8c953c7c36ede03e2233

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
122B

MD5
48a632f92533a578b8a04776a959fccf

SHA1
b3631251c532a9a4cdd85e9c06da91f86b89053b

SHA256
f5e588dc8e4da2b8cc4bab169bea0f065817a245f3a2650aa919fe64ad388d3a

SHA512
a8f6f4df967d05dbce9878dc46db00846783a6ddbc58c6b821658deb6952b5b93e8117da2e192e44e22b9f9872ed202cddc0e3a81d10ceeb2597dfb5d2128a88

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
238B

MD5
c79be17a9b452c6e9b4ef9f4e636afb3

SHA1
bc6e372130c2c07ef3e2edeffbbcb3c90f589390

SHA256
e43b466bf52c818903179414f3096a763e95eb17d9e73db0b8656849fd1ab961

SHA512
bb5f9f923ced3ff32a55f6d97b9599e25bab0bb233ddffc4a406695d2ef90fffd35d2b5e0c6d7341e89fc20cd20cf89ef7ee075009bc92d014d2a34d35fa07cd

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
492B

MD5
5ec3d6ae9c6a23766fc5c5d53160755c

SHA1
247ab87e66104be85f7f3f8d720545463200b8f7

SHA256
e3e1a0939909427246f89731ffc62552ec1a2a2fdec032155e0c595204e91026

SHA512
0a869386df1a62785917fab1a5b517c1d646ad71be6b7fb7f861f66aa50ad537b7bc2d17c426c8a7b7873aa8771fd0d4fa9614b782e89e14d57c9fb74f21c1a2

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
2KB

MD5
14b431426fed62a9017731ea3fb82453

SHA1
6e10f1b7cf5b26545adb49e7512fc9086addebd3

SHA256
759d6844d72d8e2ca3e0f91f33006890017dff5a38015f56301f7f900217e53b

SHA512
d5c6f4c3f4544becb868750909ec25e2196c4cf3629de2b14c22fe41c122d3ddc36ca8906ffa72a901a231728d1c17adf2cc9e661d28d33761e2b1da64e9d7b3

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_de_DE.cfg

Filesize
4KB

MD5
f7f329de05c1d27aea93726d24d448b4

SHA1
b326b507a094f4ca103b0aef30893416ea0185b2

SHA256
c0f288435dc1be0382783368863f71db2a17b992b6af89884c34824a07c8813e

SHA512
08c31d8da98fa3a47c3bef3b7c83e85106e0b2bae0898764bb851ca0cc0575f71b5b74cc0f6b63909cea6cf020a203d355027c1a3e9c22866f099da3dae554c0

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
294B

MD5
761b6b215b558fae878e5e1839fd8a33

SHA1
77bf0c8c0769a852966e65dff8e5266529a3b8ab

SHA256
eb1c0b00e02b79469130694a6833dc26bd78d378ff25d178aed0acb7a2e4f7cd

SHA512
e82739be7ec990c9a8b5811540c4a4544ba149147b903262a533e82c75322c23ff380df95f6a559be4442c8c755d03f01d8a42ef4ac96ca2b8b874f415a8eb2a

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
1KB

MD5
a3758d6a09089d52a3272bcb214e12a4

SHA1
2181226406ebcf66073f5f199db32ecc03641471

SHA256
85ba2dcffea3ea1ea97031939b1c2e67eb93b252f1a7a6b3f855c6b62c7c6577

SHA512
a90f4c3f36a2a3ce767b015f3036408223eb4f29143340a4b2c7b2f51167ecdc76f144754675d236bdf0f427a30373bb90d9ee03021434a1e7bade12d950b0fd

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
2KB

MD5
887c526cbf79a03d90ed5ddbf77b6c54

SHA1
109fc4dd314ce05de2668df7e270f9ea43edd696

SHA256
0321d90d052215d028c90fa458b054811face923edaed061fbf43c665b78ce4d

SHA512
878044d5015c945b97e3a84b9c912170d5f976059401f0fee0dde21f9757ed1a59b66f2c3bb3c5494033e34ee334857e47a147a8df11e050fa96af13c458ae57

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
3KB

MD5
789fb3d03b16a71313aca059f9239560

SHA1
6367b8958e85701d10d333992915316c4142343b

SHA256
9b6a29a769feec736d550ad6b47ef4cdc92e2668213d983fb18ffa8ca614cbad

SHA512
728dbc93cd310d40720e784aca8e37c1b20ef106f20a1fe0f4c64bf1cd0dd2d16e58d7c73739168bec0837d1ed84d0fb7b46470cfb69ac2349384b762971d347

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_en_US.cfg

Filesize
4KB

MD5
a5393662e8c6e8d046c99e995d735130

SHA1
8c8dda6ffc6b2ee8509b07932fdcf0346ec09f05

SHA256
7df00155f1d8b805119ef1e922e2711b0f72096b3528a8be8365cd90e6742ae0

SHA512
9316a6e7ea1fb3b30b332cf811293ec8916ba0289407b41c2dc185a38c01ec166f0ac7ece5454452a52b0cb22a3108be5c58296a9e1e9b1860e5238c1a1ed3fc

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
168B

MD5
c8f5ad45f8a858b0d38d2666c9c4b673

SHA1
e9c419c0b05e2b1a95a810e4ac13bcfc126aee54

SHA256
8a38a6f79d0af0bdf33fd2e11c1ce0d28cf43243ef2233a3c435b58a88e8fd17

SHA512
23664c6f3cfa37e20969ecbfb2e01a5e2348076f16d2f5897e9f1740f1d66b87e2d8c6c5ef37b59c723a1374b0a8061ea5d14efba7f28eb7b96e8d416406c8a9

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
296B

MD5
e4d8372d37a1c5ab9c0642ecf0f50e64

SHA1
b02a2b0528618fcc5977908749a0b590d37e4419

SHA256
529df829bd480f5acbc80633c77b192826aee4905c1c8bd5ab17d3ad8291b4fe

SHA512
ac4394ce03f048a7c54cc965cf8ee879d1060f00a14eef5ed478d170db08fc48eb7d28144a01e74be06b84a26751422ee8b31aaa4d1a3b54b2aa53b7390e3344

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
1KB

MD5
8f66cf4bdccf73f97af6a5cd3baac317

SHA1
25c67477917038404e9fd1b0220f6a1ccd043d9d

SHA256
3045ec184e5462470bf2b439e248e329a393b7904213b021c89dc8fa78d77585

SHA512
598198888700810ac5cc510a6932bea82ca2015fb51306eb39ee01993ea1abe705a5f7251f2951697e4b120c4a45db89b4c88cceed9bb825c808c8b851e7ffa2

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
3KB

MD5
71a904b403c84c81b7b345d493f6a5f5

SHA1
f9b5927b65227ef4cc246c5c61e5ba693882c8d5

SHA256
0a9c461866d0e1f0f1936a1294f94d189d4d09e2836e385499d8958327ab5473

SHA512
643bdd673724c0e02317b7f2687ff316882984e56f4cc63fa15d318aa8a7ca78739b6678652bd075ea31a8a25e20fad11ce8f9b44494ab349122830aa4434365

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
4KB

MD5
a027586c12fa486367a227ba7c9c3b89

SHA1
f2ff6d504db3d960cca95b34ec490469ff41154c

SHA256
9df40d9f259331e0a873b8a6b936214bc09776ed7a319e5b53b3109a90d39b5d

SHA512
c6e1a8831f674764b50f99db396f47244404e4ced8924e60fcdb8263f24b34e856b1c027ba555e29c000a8d685c3f514cdb1f8d62713fd2888a7f0d00388d369

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_es_ES.cfg

Filesize
4KB

MD5
ee03556c70957b1f8acbc989738c6582

SHA1
06b6c3ba6b1b52c9f38e395482895eebadb3935e

SHA256
12c55d0d79a22533348dd833ae70e7acd5e45e326d81ee84ee257c841c672fe6

SHA512
9fc61e6d71ff3c2816b4595d98f748b07695cec3c08b10223c63807cda4b31ff6eb430e685d38b19e803f47d724b624a0096715b1d98ad8d9f3cfa6a58d3fdc1

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_fr_FR.cfg

Filesize
3KB

MD5
4e3a573639fd3e1a6c5250f44dd0dfb5

SHA1
41c5c21b84f034b5db2358a8855f32d5d265c749

SHA256
b8185fa7e9a14a86199641a9f1bb082c0488129dd4ecddc1b9eec48a11edf489

SHA512
26db667bbd6b6f54be603e380ff4a8b1cb286530e76374f1427cb3704e7f7e9ffd5460142c203a93b67a1b82705d691a301907e91eeaf9e270955513c2f24239

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_fr_FR.cfg

Filesize
4KB

MD5
24500a649fa105de1b13caee6afee1b3

SHA1
cf0297ce789edeaf05c416db39bbf0d072a316d1

SHA256
207fe461007b939c3685a1b9c59d1a65ef2878ae02f533e81c6680eb2b324003

SHA512
6a331448175ca70c87157287f0a748dd96b39550b6639b65baab0b4edb4389c8ff506e2bda47a9b9caaff43c0838a90b3ef5dff0aee99ff3135eff99c093e0ab

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ja_JP.cfg

Filesize
298B

MD5
554377a6849cec0ca5eedc47d696a9d2

SHA1
ef878168670c5fb845843019c61eb738bbd3c9f8

SHA256
1d7b3ce261f88cfdeca67c16e1f72bec76e98b37c8eea43d190428ef2967b74e

SHA512
9298bb248fb8204dd55ce52c5b3e544bccbc12017620b0e500b9cba6bdaabfdb9996b8d09687e8f382479a30e108212a8121ab3145eeb26efd9f46a67617a1a6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ja_JP.cfg

Filesize
4KB

MD5
b2c7bfa6ce4c7bd53190f91a0895bdae

SHA1
6a5e250a1dc2f8870f435d8a57cf2b187cee3275

SHA256
5ae2fbb251b606182f0104c22861449ca17bdf5df439494a3bdaa108aae44301

SHA512
fa097d9db2fad79feeb08dc446d4252275fc2322011795238c3f94b72c1c7db302f359e3e3fe829f73c3681588ae1b72ed68b0f549c0e92f217a09fd61ad1f35

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
848B

MD5
7940543b38790d0decf1bfa3b438873a

SHA1
bee2583a768eda730fdf6fc7d42df20fe411efe4

SHA256
ec7f6d10881c21c5abf82f0d87f4192df1c3fb9be49dc67e7a342e3b2e18c050

SHA512
22a3e4a9ca79a4ce091b1e56234ab6f542fba013e01853006863f5e129feaa2cda69e5638e7cd89791078c129bea54b3c1c89f66a745c994bd0213e195a0c861

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
2KB

MD5
555ab646b08f89623f64dca48fa929c6

SHA1
f47f448ec1c3b057d72fe408487cd64616615f0f

SHA256
7795c8df336d498ed1f05c63901cfee8c752240cc186fc81d2231be128e5e15a

SHA512
09bcc917245282ae35f564ee57587dbbf06d018d1b33ade16fed5b147ce8b0acc3a0a5409b9c736287acccf30ae8cdec5d1a48000e7e3aebef787911e01d8496

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
2KB

MD5
a8ecda52671d31ad556a0e91de3322d5

SHA1
0e5edb59b26f394843c7c842ab6db9ebb8436a07

SHA256
3377048830ac1ae3e180f6beba7524db84c6b7647833952258604f5262711212

SHA512
9045a99a94213b28988552f3f619bda9be96ddce9aeb4a5963aac21e224357bfa53002146b1e50c965525a050ba4b2731ac1a1fc5efcd689d0c3992b0cdad188

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
3KB

MD5
ef41e851b3fc4745a648320f06c4eb8f

SHA1
ba57001583d94e30dd99f3312c5f1a4674bf81f9

SHA256
f35e8e6354ad3e35dd745769f7bbfad6a0ad1bb845272d160eb2a084c818466a

SHA512
677d1d19c93c5fc782d97c7cd6e954de72005511b77731610757ffb91e11d7f074326f2153f6bd753485dbf39d2018359e8d6506cf035b1c32c23de158a112cf

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_ko_KR.cfg

Filesize
4KB

MD5
4c5f457b83cb09d738e00e3df3994f54

SHA1
852e26e18c10afbd1c91780eded5b746665e433d

SHA256
897a1a0f2e16266cb771fd4ae9d190957351995bd96e5324edd1ff110569f963

SHA512
e28ef3729c6a08497465bbe7a40f7df362d5a5376b85f451b06933298b65cf207309ba53a657903a4ad0e9a512fcb59e0cbfb87c20893face5b88190dc0103ab

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg

Filesize
734B

MD5
c209ce86e7bff32c447de1d2cf933ebc

SHA1
be4288534c0ee88a5c6e710f5d267424a202edd6

SHA256
fdcc6abdd907361b15740eae9ee07dc5eb53994f40646e1d2137ba740b9210d3

SHA512
dbf8cf745212bce8a21eef14ce5efde4eb5dec9eb58186b20c0e049689a7a8b402bd97562a650ef812bfa21f6fd3ce6eef94282ea48d35e5f559a8fea7d6ca36

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg

Filesize
3KB

MD5
4642fdb71969ebd4aa966b72c24b38fb

SHA1
cfc2f5a7d11ea4e6192336bb650afcc789ec8ebc

SHA256
7d526440062b9c827ce9cdbcc146c83f75c46e1278bc9ac49c33cd8f299345df

SHA512
a3cc54c776db15ec46e4df83b50f8f1403702abb5efc59687f88e9259c8a87d46b980a0f7288a7e1d3290f056e80061e96f71aff5bfad3ea9fa223d4d86e4d03

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_pt_BR.cfg

Filesize
4KB

MD5
f0f06689f028fcbe87365cf4767673cb

SHA1
9917e9ab1c15f60770fa3e3d89c5f398f4f13f86

SHA256
8d62ed6d16d4ae57ef533758d429f17c4ae911b1ceccc3429cb32094264a9c2d

SHA512
192f2cc6eef4c171df30efb9abdaff82e03c0cba1d904d10a7586cf4a13336629d8798881ff5c9871a23fa18426183a3ebc4daa2a711ea60c8dc5c1258c0f4d6

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
236B

MD5
3f87afe0fe9278852fcc7e822edf75be

SHA1
c17d1da6ecde00efa666f2c3acfe8fe3684197c0

SHA256
6500d48e3dd41a9cea504d4cd11423e8451a09fbd6e952d3c477ffb07cdf0563

SHA512
e744a86be72e0407feeef78448488ba2418a5ac98b8352537945a31c85517408162b7c4f041e9c3ad55eb085a6539f8d875407f5f04d93b7d9a987341b2d350c

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
3KB

MD5
c0e5640da66eb7fd9262d39473e09292

SHA1
d645b87929c69709196e131a19a9e46130dddb29

SHA256
8851cba861b04b652e24d6d7040b9c5958e5d7fd3e070d80c11c781977b83071

SHA512
5aaef25c515100f1f17d8f37b528f339eba1d3a632b6c92cbd0ee168b44251b2e55e638c3262b5b6b71de19ed4d8036d2b916b07df2c7896914f98e12de035f1

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\Language\local_zh_CN.cfg

Filesize
4KB

MD5
e2e79061dbce5b2c1c55d15e9875b0cc

SHA1
e5b179d9ee129636743137dd718590c9c6bdb60f

SHA256
1b5ae763a6e6ae3f22b085d30395ac79247cab45d5953031ab2132f1908d8f88

SHA512
f010c94bd7382635974cd8fcbee22e35f9499752a20704c1da653e1ab55df3176582a9d033e06227ab4ea8a3e72b8d560f313fb4977c4a68e0d1c7ce77909451

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\OFX Video Plug-Ins\TitlesAndText.ofx.bundle\Contents\Presets\PresetPackage.ko-KR.xml

Filesize
122KB

MD5
525763c8338bc74c4b556c2640bd1394

SHA1
7b4d894253adaca84f30147431096cb4e7ad048d

SHA256
4366790b1f64ba66f92ae7194b1e7ccd4397eacc1a65ba144d1e185fc7ee2f9b

SHA512
5a313f20e7735bede91a18ae13d5b6baba949af3bd5d121f91eb726717bdc2e132475f84c8a39fa6631099045fd338939a0482aaaa0ed7226c70c7e74a77df5d

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\install.cfg

Filesize
324B

MD5
842c271aebe6f1d9a9a73602a8acfa13

SHA1
dee812c6cf47bbd978c7f2022b314e292478d208

SHA256
31c021175188e64e2ed5fb68b160a9e4eebfbc9aa5e147f4d4b852df2ac4d6fa

SHA512
81e094f5388969e787499d50288fd11266aa727dbb3e951008da275b90021402487dd3c626cd22d87a4d0dd34106668d25274b3289587649d1fe5f11d966ed1e

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\install.cfg

Filesize
978B

MD5
87be147d26146d41f021c21ec600fdc4

SHA1
38b88f3ecb95e586a0e680a5b7489d4370eafd99

SHA256
8a5aed0564c45fda21fea34d38ba1283626bb4ef2e71e3a260d928549ae1f922

SHA512
0e6bed8693e53d2a41342fc4b2b2097e9cea8149122fbe46cc00f14d523e8cb7957ce133cb28064d96cb599c91047ac5d3b6a419b71d900dd26a54b4db9ed232

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\install.cfg

Filesize
1KB

MD5
a146f43319797ad17696da022d45e8ca

SHA1
58e11abc3c9790828889f12e0552c984ae49e625

SHA256
3a7e972b08ac9fc879e9fc55858b888d19f88d520d741f45795d20ad5cf40e11

SHA512
934b0be1d2c291473e17e80a8ff50ce710bca87aa839e5a3b76a8e390c83b849ac853e5bf9a89c193d23a6684792b6ec25ceef5eeb8f2786f05bb66aa15b0f07

Download Submit
C:\Program Files\VEGAS\VEGAS Pro 18.0\protein\Forms\UnlockFormServiceCenter_nb_NO.rtf

Filesize
2KB

MD5
fa703609338cc05f182d4d0d7d07fb1c

SHA1
cc34fc7d8282a2fc2bc4610ac671dce0b82661f7

SHA256
5a31feaa4bdbc96da11a4f68a7fcb36bb791dc073b41e109f7d085dd008790bc

SHA512
05e30eed8c0d921e721d3382dc26bbbef047ce77564c5926c122477500f28ae11e63522e93dd119436717878fa065d4d83e02f33d2c4e71c2c9eb1ca73412e08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
734B

MD5
e192462f281446b5d1500d474fbacc4b

SHA1
5ed0044ac937193b78f9878ad7bac5c9ff7534ff

SHA256
f1ba9f1b63c447682ebf9de956d0da2a027b1b779abef9522d347d3479139a60

SHA512
cc69a761a4e8e1d4bf6585aa8e3e5a7dfed610f540a6d43a288ebb35b16e669874ed5d2b06756ee4f30854f6465c84ee423502fc5b67ee9e7758a2dab41b31d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A30ADEEAC82F2ECAEE3399980EFA77A1

Filesize
504B

MD5
210f822251b44108a4206b722c8351f3

SHA1
f61848aa3e4611585eaef7b49fbc27db143787e5

SHA256
c54d86b17430f67103aa29e514b4b9e47fc4589d11a2610e07e7465274ce9159

SHA512
cab8879bd4669af136fc9dc77b36386ebe3aac6d6a9e1bdc6ed83ecda16b67b32efa76cf260576b172e10b1c95b0b77044fd94ec2b1b3bfdc3e07b56f4570e26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
6dd521093e682677c5e9c05e1df79da2

SHA1
5e6ca88ed74b4387d864fb162df947d876499c6c

SHA256
55db708e14bcb8cae8e9ccbae002563efac9dceb0b8248df9f521db54fde24fc

SHA512
ba6f549dd1bd03e16af96f5a851bdde91160cdaa7a5dab6c4cdec18288a03f2404f331c8a1824ef9712a473ae8cb5f7181b3d05d2b819ba197f2bc2ef3aa82c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A30ADEEAC82F2ECAEE3399980EFA77A1

Filesize
550B

MD5
343f357c4bda57371e2163923d4aa0b2

SHA1
f4f0aba4457adb40c700ed340bde8a90ff527037

SHA256
6d8b555a9f0af1b57b50fc6691bfca38e3ec76a3a293d688f5b790b1627c6ea2

SHA512
7ce76450282578aaeb66e50997094d367c28cc4dec0f58f4a04dfa2e1e37b4fb7203c64ab310c07ea7f68ee4a126ad702561850cca8887b3035da8a8e412ae61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b0f730e4bbae749882eeb48c95e9fa0c

SHA1
995dba1fecd3b32adbffeaf57d819038abe202e8

SHA256
d0711155291410da175a26031024f07cc61e75af12d355bf5edd4d293a166e73

SHA512
e7b77b62595cb449e009f526de346f5c04ea8d5c94c2e5d03057913784874a03bd1ae511deb68a311c8970c5ebef2cbc852d640e5e268f470d668a833dfeb2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
780a6490e3fd5c7e6b8a97a1f77594e3

SHA1
28af7f703d9cad908d33e6faec8e31fd8f04eda8

SHA256
743a6f4f12a7e2109a61c780811cc4a699ea7fb7c589871a1d7ea1a07f548fbe

SHA512
4447497c17e7817152eef6b669cacb8e669af4a74a900f5e415f29eca5a556c753bd2d9fdc771808d4ffeec01427e3216f20193ffb9badc1bc66619ee86290d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0646a6d30e78885c684caadb05d0869e

SHA1
91d2d0105ad5e1705cf87e3f435f8e4c83b6f9f6

SHA256
865125df3e349bec03ad6ff42967d31ffcfdcdebed03f078a58dfd5934b029f5

SHA512
29ac84daab78904edfd4f16234cf82032063ed8d230b2869740ba4456169e47d79d296ee08c2d487b8de8d9de2eaa5740ee49e7b5306a1f7148ded53764f8e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6d0df60b89b8734ac73d6da9db92de75

SHA1
0cafe57c08e70f7f8f34d65335b2badf2348026d

SHA256
32d3a6be15f87b463803a5e5e0fd2047fc3efc3acf9d52d2a11ed9e2c5f6f1aa

SHA512
46f3446b472d850f5b399c63ac33da9cab9821c7d893d06805eec22c82e2b7735c6efa5fbba1c7fca2cc5940f70a514339d31c9de67ba06de7a48d75afabafaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3c61c40bde128a7696e3369def254320

SHA1
e2e2c0c8967473d99d9c6a3992d4a0f05e982b4c

SHA256
1d5123b683b1ef7dd37f5b84bf8a0ce68d16b34a33caca49e4d23628e468c1f6

SHA512
ca895c12e331ce41f99f52a684e58346603b4f05b20a0a6d07af0a68fa3e7bec7a6eaa2906ace1b6206809cd9059c211e416e4560a5cb9c5df46ee0a3847d4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
239b208b16740687e080b877c70f961e

SHA1
a2e529966d1a56f935b08cde80405b5699aa1e8f

SHA256
6ac527454a220e54621ff46ce3421bca9579cc500dd037611a5fd70dc0d6abb2

SHA512
9d3fde618c8aa4f80e55bf4ba520c926a1ab059d6d4313c7ad0963ff538229286d9406418277187a27b68037c0c323491872d349243e8b7bb91425568aadc5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
61248c092696262fce649abc11f7d973

SHA1
becc0501b577987152437c26e5e9ae34dedd6f96

SHA256
5a0cc66a7e80aaca04883dcd0b155d4ebc6f90e791ae32d44a40f92b682e7b6d

SHA512
ec609cdfc679b248c4d1666826a8d361ef8736770f22680acbda207fea719fc1c7257416f52374c2d7ef716c691e35a5995f03fb56113e332a959418b97d2fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6eafef08af5aeedb0d529c70de20193e

SHA1
759fd5943412d21eeb28baa213d4da8cf04bc97e

SHA256
11f0c86f7182a6c78235cda9f353bff58f4e1fa55730cef9e89ba61485747901

SHA512
edb9f1cc7767b13096ef1e9da47ce622bb2bbfed6878ff756a3c859d59d3b84eaed9dead63017a507a0393f96267dd1c7fc39ca411dc8dbbeef0ec2bcbc90af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8cd7c8b080bee202a9523918ca5fd23f

SHA1
5193b0738d0a93aa1a23954c13df11eb9b156c62

SHA256
2ddad31268e6973b39c44d8b978601044dbcf73f67d9828d722c9b59f5bf5d5d

SHA512
adf1f347ea091e8b41318468bb63664b18411fe220209cd35c8f2b616b068789463255ecbf31ac6a25aab70b00a57fbb56be4f360020a266fa4fe19718017d6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3439a31c04d8e9ad63bad4e8a8fa7720

SHA1
8bab94c3e6a2c1be2c4aa5990134e8a82886a106

SHA256
9246a7afa5f4ec074f66ef9a9a0e89acf0fc1953be24ecf2fa125096c592f6fe

SHA512
76a97240235997e308f9c641b7e3b9ef408c20881bfba617101d3f1fd87792b53682fbb5036f4ca89cd2bb63836fe330e786732eca4fe27e91ba5ab658d82c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bd65605adb6768b9fd0cb68813d71bfb

SHA1
cf4c2499b557ee41b00da463fbce9c3eeab996f7

SHA256
61ad06b0925676b6a24ae838d627051d5c30b4d09a9d4c3065b3eb5af462c27b

SHA512
317aaf2e2b22b9f8bda212e4b4c23f1c8e3bdaf5d214eac27f3864e16fe2c691ff8453df9304d960b2a862dc7ddb57116ee82509ce8dcb0a8c571dbd1648e21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83e8276d809a7338c737b7a332a85d69

SHA1
de8cd66b3a9235a1ab5b28da0136c7f713d137b6

SHA256
503819fb7011e5134ba50522a4e1cc27898fd2d4177b9266199221138470c89a

SHA512
5115cb193794eba43ad97aa264e2bd5e19800df05319704083815d0e87aa354bb40eced3ee430c9997af6d5c0fd3b447555887ffedecc874a0db87e6d85bcc4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35634096f830b2e292d73c15f407d903

SHA1
00cf8a80754cc9543511096b39a5a350895f76bc

SHA256
45c5d02cf211ab064eb31a00b8fb893c2a545d64c6464b4e6247c2b4d305644d

SHA512
81a37f7bbcd571276c47f2ace10ea831d4884f919a4992ae2a8fb653bd186c3bcd4cb59736c7d97c41a71726c95dd4ce59af574bba952809c70bc58e5170fc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f2673d5711f0c2e028485fb8963fe12a

SHA1
e71436d981efc57def32142f0731f1eda9a101e1

SHA256
1e8ee018a64b86143a2604572582570034adc074f778ce78561d1c9176c58b44

SHA512
ea3ef0a697f95a868e3ec8e162ecf8370607c906bfb4d88c7f2071c645ff48f94f9700be7ecd116bc35fc3e8acb93baa95a5378cb9e3bec1e52982ded2877ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
160d50e935fda52bd906f8b10bfe21a2

SHA1
314f465991b4a74672abc073f87013d7b8bbdd98

SHA256
7b316ff62db7d494dfd3278b1557efbdc6d8cafd983a203e64d2a1cb32d97490

SHA512
b889851a2d298fd8d693d9e37aefa8cfc39c7e83bc49ce5a8bc7ee51a3bac703c258c575eb8502280c2474897e18e8db73dff4d569c7440933e6e9fd28028f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4929e0753d5f0d000e27deef47135e4f

SHA1
4d68f0128b63343f3f170c2890a9f52e658ad801

SHA256
72b73cfda33fc70bbb7ebbee11953404b235b65170a144ec396ade0703f93678

SHA512
5205c51924f64bb7a786c396e1a5bebccf434f1841f8a79e59d50809de342545e79efa5aee3ea49f22ba0d97d62d0295b2dbc0f888c29ad4580214aed1c64ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
346bc4d356b892b6b3c504b04af4ee49

SHA1
029aba64609ac1976279c9c46b795073a40c8481

SHA256
7ed49076cdbdb7431975b81028f01f3c319fe4f96ee27a6ec231a02a8f47a742

SHA512
75964584ecd55311b25a5934d2d89f0e41fa488615599c156dfe0dae39fd1377c65cfb32be720d2ad89b22244e18708e7f09bcd5ba472898a49d64d1f396f144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8619d6577bebd8bc625040b2e93f4972

SHA1
ace322270e9903281801dd3841ae3a27353b8d4b

SHA256
621ee81ab3d2a25e272506353cf46d539e08ab85b31596476a29342ed0db0605

SHA512
dc02f524020d86bea4f2a7208d07697c279158832fb3876853a64d1a29bdc6e2be41096c3bdc4d8dd0d96105148ebb20896491b097ee8dc8e702d852b07c7b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58b438c9b90dd025e396d9fa32eae530

SHA1
d69cb29aa66dce3e13497ebe64d95497436937f0

SHA256
14e84fac807ddf725f7d133ebb588f70b78752b45b74d3535049fdc155c2180f

SHA512
a990ba38be815f6528e8b8ede6a322108fcfa6efba05c80f16e581f455479745941a10d332fc54da9498bda8862a7d63ba1c01d8e418d3e1a9025dd8a88f9558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94b47b83405819dec81250e0ab1ee9b7

SHA1
a6045c6b1b747427115a5a87262082fa44a6924c

SHA256
d6c17991d245a8ea5fdb8d2ad33fa330fa1216ff119d86d729beef8155c1462d

SHA512
30e3b0fd39c40f57a69b5edb07709f115d026ad57f81598b6e3a3a0f64f6cf87947ea0293c7464be5e7a02d565c3a0d0695ad02ebdf18c04a762ae36ba52d159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e61b88c55d4e60cc83073206f501a16

SHA1
ef3a59ec0807240405791dcba0b2ef30440d1413

SHA256
745f01ee809171a3da2f0e44a53c07013f2c95c9cdf4bc5f04be496b6b661570

SHA512
afe5a0076179d1d2388affcfeb6e186d7f3aeb198ada92d98d5333e27e181665a11df4ee3dc5a1a3a8a5b35e79ed8403917df7e2900c3089dd5d5b16fcd46dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2b569a451bc653b3f08d09fb31f484e

SHA1
8f207f87c1d1c20264c666f630e0e98c28af6538

SHA256
ec001a98914eb6aee6bbc9903c73a469e4a57d09864217145ad4dbf835497e51

SHA512
6a2f51acf8a7aef749d12d31c37d2b029bb82c4f324c1921e7fc0710afd253c2ced71f52e530661433b787f708f839db7367e28946ecee861dbfa59d3babe1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a36ab2c58179cc7556544e950cca67d7

SHA1
3b5c745b7049603b5ffccdb716bf834f0f4f34e9

SHA256
131d3b8b1c2660591aa6c76935a4bb44f90176e8865818505cddc00050671489

SHA512
0329388f605843e779831e1f1da1273a06adef6595cfa1fb153d19b1d17d141b5dd278f55fccd520d159df01a252bfcfa51b2cae283540eb79fc6eb6dccca2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e338abbb077f8bc5aa45e8a6713a2a79

SHA1
ca3068b6b11db486d1390c49f550a024873fe0c2

SHA256
c2639beef442687f2f6f9afdb72f3cec4b10c6aa96b0497d8068e409c84f7a32

SHA512
9a12b8dbb5c779ccb38619bf7dc756bbeff4d72d27ef4b8e598bc44c8eb9eb2ff9a33e74fb3c53c11eff4715ff8cc833f791e4eaada2e86c0ced5ab5109dd9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d23127ce7227bf844bb208ddeee37bf9

SHA1
b1a101e19f17cc339595da2616985f7c42474d46

SHA256
b95622f1abcd446d5777f6af9da8119349f80f8fe8b3a86d9b8f139fd73ebc8a

SHA512
0a9b13988727878c8b7098642249a085efd924f80b44efe7d84b189fac675f0de059479cfe338b8aa67ddddc2e9810a6b068a3edb9fbe1751fb2475d9424516c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee9fbce1c4d15ae598fee3148406cf89

SHA1
09647317be74116af327e65ebab8c6f78700b59b

SHA256
f9d491e75bf48c4dc9f938751b77a4115ba8998d975d5b52d270018c319ceb4e

SHA512
a5fef8bd0ef6b336da0c67603a9831bddc991d8f0677ec4391392237a99851701debd54a40bcc72ffa83b356fd7a6718269b2085224661d4f2f05cc6d47c1982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f20f6aa0d22ad7ac3c35bdc3aaa9f535

SHA1
513fcb5ffe110c704c3b8be571a1370e23ed6ce3

SHA256
b4d0ada6d507f3f5f2ec824ae6ae2b798fc638e1ed324ba036fe994110d84c8a

SHA512
27d045f047d090b77b3d6f1282189eeccad7329e8750e806ce5484a48ceb93aa848c3e30b6caf456ae3a554408f53e139808ff6acf93d1e0d14f2f422137d35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12d21e1e7dd7cdb01f5b15e7329b758e

SHA1
f9b86e1a4183ffa648903e5f4fb32d2d1854f345

SHA256
843e5139cfdeffb195f8b1b0156e8158be17ea1480562dcbe1dd920d27ed743a

SHA512
97b64c2bbcb8b69b5c1b360812d4bb2d17c8addb93f198b2e70aa13a8f5e0b06021e94a717ca8bb634f366669a200bffdbd6bf0b06b1e0b6ab6b3b4b02fb865d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
352d8d33a9d761f8e6f6153f6dfea5ac

SHA1
33fb1638629e574d1647c7ac3c4ab5ad538f741f

SHA256
bbbd9c35576c759b6d2d1c747782cd514ff7da719f7ecbbc63917a16807a80e7

SHA512
54d8575db86b6e32601e26c046027dd6621b163573c14f0f0dc7e353585f95a3c94772d18b804355e517c208925dac1efe68a9894a2a88aee11d4a2368c40dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc675ef1ddfe44ce50f69f82d656da67

SHA1
88e145c2bb9a9d74ce8adf437e162cb540dff4d3

SHA256
8c3d9a1ed10cdabb3a972698bece7f1d16662453d1faa862cfe92ca0e5b22f2f

SHA512
b6712cd3bca54733ca62956f37b89f27aa759d678679d48e1fab5d9db45a7ce6252b06bd24ee464efdf0990ae7cd7f191cf3e3f1ef48b05a489706b67594e40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef61.TMP

Filesize
1KB

MD5
249cb83337115db344190c299af97903

SHA1
949fbf3d3d4d52a020311b0338c84e9e23af29a8

SHA256
00ddd755286f16f7255cddd9c7a793599e0c9bfdbb7782df33b5769113e46183

SHA512
592b3dbce414db4565cdbc9e8aa4a23ed182d407cd6a29800e20e8d24e1572fc7b679ea32ec7265572c6774b41522476849ad46475dcba732b1edfd72c1e9c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af0aa673c3327b7bcb9dcf8eb87a891d

SHA1
db385d80096b1b1b233552c30d6c638679680f9e

SHA256
7e266fad90ed001a327c5603e2ceb3e8b96f90c8507d28fb884d62276af26de2

SHA512
05b812203b3cce7ea3b1a83fa30daa81aae53df73ac1fe2bb889264bae876442e06f9b657fc9bcec6823101d3cd97780150e5cad1263622eafa79ffe86a5b503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bbd6bc44835d363fe0908556a7bcc27c

SHA1
06d2f528aa96f98fb09a130bdefff4eef9584176

SHA256
5ad51360f81b3a4168c504719adf9040e6408c75a0cb646d50ee11ef1e226738

SHA512
2c13ef1f7da4d9460b60d8d8083529ee617858254736b6d54fb71c35d4ea4b0361ab9f2d619711278c45486e6deb54e33fa66e3dd2fe75c684160e00e419fddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f529e74e30be62549e1e25fe44bfb05f

SHA1
93cdbd9b1f6eae9cfef22e8b3dd5c7b1cdb475f2

SHA256
eee9e7bcb29667aff3d6e043eb100fa9091420cb3af53fdbccea97d42ba7376c

SHA512
05599ea9c8a139eb6c1187025ae250adf1b3ebb6e649269baeddbc75c3bea36ec7148c8361841d4c04e57199f39bcdfa911b9bb308d6beba866e8adcd72fdfb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ecd217f9a0d272e4651cd3e849aac23a

SHA1
1f07fe83bde855837b6aceafd680baec25f4b24f

SHA256
9b848fb1975b491012e332b203b935c796477e5cf9a7d09fa301296dd29acde9

SHA512
17beef032404c90fedf775f8c615fefef74e49408a04ce5c7ef9775f98a07c31ed977f07c423545c942f44e0f6afe9b1507a7de28b2587ce66672ebfdad4eba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\autorun.dat

Filesize
20B

MD5
1873c3760f642291c0530fedbc57a13a

SHA1
b18c0966fe4a872037c05a8c2ebf603ee1ff1af7

SHA256
1761fd6ae23db6e83ed04efb8cc9ca7c4c536e91043ac9004d443ac1eee0f533

SHA512
be1a24e15c73016a1423942e62f14a4307bd6b3136f75fa204a2ae886614de1a5a09cdcde9fd512e061b246d0e53233d040ca65e9f9739a27db27dba49416e1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\request.ini

Filesize
151B

MD5
fa9ff3978ffde13fec5f6cb8298e750f

SHA1
b7f9a156ad1c5ba3802e7b6e9d12575bb89530ad

SHA256
83b31db9d0fb7204373e94e64de5a0442bc951e8071ede45bbe3b548977adeb6

SHA512
de2a2a6d30d3cb3cdfcb57883c564a015ce5b784d1895f5fe0034e3b241b4a9f71a2d3492611dd31fd118c052f4190ed3e3f8cc59e606ab012e56a6aa6d1b6e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\sonyinstall_x64.dll

Filesize
3.0MB

MD5
6cbb63c002bf04a8489ea320421e01e6

SHA1
1a8d18fb070773427343e746374c8d36c568e8c1

SHA256
7a679410002709fc21bf9a5b56c1fd097a556eb31b71547e309f24b23a9d92fa

SHA512
8b62795b0a886d3fca1c050faf89237c0b364b703cbff9c8cbc377205b8cdea0321910e268862fd0cbb3d78b362ec59066cc3f125887a00d72a073cd328272ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180.msi

Filesize
2.8MB

MD5
94a59313dd9592b79b3b03888167bbd0

SHA1
02f36fc109ddf9fd86924e88938410ea6f7eab2f

SHA256
30e1409e709335647a191c2a6310a5dd8909183577b8dc55168bb8d20fa71068

SHA512
7934b07f2ac3e04594c1235ac4ce72a09cd55d053c23c0ca39b42987cf65f6d3028cb10530e3c8bfcafd1f80fbb452ca899dd545291d8162d06aacafd496d839

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_1\vegas180.udat

Filesize
604KB

MD5
e34227582523dd5d6450d2a48e742d79

SHA1
0e7ad3795405d5eb2122fde5f0fc66ce74e1c855

SHA256
883986d00df7669a1d573a76317f036521232b0ad80a1b5f9cefbbda788f8932

SHA512
cf1ae9fa909655e7a639e382006cefd35ed29805cfdc92d48beec484794f79933313f6c7b13070bb9300e5c7829a63266048b5fdeaf84cf27ea27640f673531c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\EULA_enu.rtf

Filesize
12KB

MD5
f837aad5657b429f561814f4742c1f84

SHA1
5f2449c578aed744a49e42a82c16495588797d6a

SHA256
47e73f90e0af59acafa197ed07e71cd8d6c45a26a3582012c0664a3eddd99638

SHA512
bf23df16b0823e7a4ec09fba830408a6cf79540176163a558c67cdc4ad1fa495864057f60882693a76959fbb41b08b516b47beeddb95cb603abd4dae8d76f615

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\inst_banner.bmp

Filesize
210KB

MD5
71b93e7050c89122d3a3eb37ca0b97fe

SHA1
784a170828d71fcf9b64a6542dcf9065d4b96e87

SHA256
08734a6c333d3eea6f5293ef1560d01e431a3d394122d5f48d5ab3100727e86e

SHA512
222c182df3eecb28cea5fea0e94cbd6945da59f778a1dc80a3a1f922c31ac78db2be3ebcccc4c97fdc923ae5f101979cfe91c8e2c1bebc1960bfc4ecaa8efdac

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\redist.msi

Filesize
49.9MB

MD5
e6801cf002699ff8cfcd2b099fcefaeb

SHA1
37b58c13c284af48a2acfcc6875944bccebe00d5

SHA256
51363501212dae8bc9b33c8aec711271d311f2f360ebc620c20d36ed714995f9

SHA512
bed4d17102288fecc044fbace08b560d3597fca962ad0eebff6f094378870843904a7afeb6e7e790da2420414950e977e1ba4a0501c958abc1b8e5a040367ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\setupcfg.xml

Filesize
2KB

MD5
b710ed817872f73011ba6c67fd5139e3

SHA1
5e892ae12aac6a5227e70ab6d678cfe4947e7528

SHA256
b4f5712f10d9a5795a945a3a21e9d567588654d4851cff0ccb92afcb9c1e78dd

SHA512
74267a990e824cab6004fc0f2db6bc1e5aec2d3775656b8447efcaa64234ca22ff17eb50ffd998853937c0a32293ba02ecad45a1bd53de347dc53749bca55780

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\ac3studioplug.cab

Filesize
1.6MB

MD5
ddd0ad783e98df4e406afa6eb87d6b26

SHA1
c140cfe33cba8eeb55f6d448720f49e2809a295b

SHA256
f7ac37497b93b8c8f2d1e0dce2ada71ab08ebac623c31a2521e2bd3848a7918f

SHA512
6639c595c546f9d8295bbc4a44da205b6c1975c899d749177641670449abc6eafd62e8a699fc38f89c603c37477b697a113d3dd21ef07b850603848b1f5b1356

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\aifplug.cab

Filesize
2.0MB

MD5
034450693e67618dd3353199758a02d0

SHA1
8f7bd82c47e2d3ed7743f291144faac78338b570

SHA256
3fa579e04ae9832cae77eded7232283fc793d0dd168815d0f1e486a6850a993a

SHA512
c9c0633c5ac59df023bf97b3d3bc035669fb14ac0273a11e3c3d2cc3fefd9039a9932173ba073d9dfe316af9b5545dcfca93f88ad1ccf2d282b148c620b01c78

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\atracplug.cab

Filesize
527KB

MD5
09fa7f36e7f5444a863030c331c12926

SHA1
b275ce8795b60031391f80cf8fff2708e036be17

SHA256
72fff6844c6dcbf1cd510eeb3fd2580f5ac8f82498e13e4b5c3b76a825d4316e

SHA512
eb540025feed6d4a57e4117a1ec310a2da871ff156a2887b73dd743b7b98981f63327b05ab50618c6ed9816f7711d0c46d47fb65b9fe53a8ed08b85f10ec3d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\aviplug.cab

Filesize
355KB

MD5
69cc7216a2aff0690cc14d70f4e31362

SHA1
027b127130b1c0e1ab3378e4261ed979594bb96b

SHA256
01c50e59208d504f9c5926b929a0aa6ad8b02a5dc61141d6e9719067e5e056a4

SHA512
4fccf427f242609846c2fff5695063f737ce50b0a4cf323fb51832faea4a48e07c98d8c564a956eb09d0e3b7b45748f05dcdd0fc1e4a4bb4958466f0a0f58bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\cddb.cab

Filesize
742KB

MD5
f507dd458568b422a08e065503310e06

SHA1
296abfcd40d7d3065268b04aaae72889a80ba7dd

SHA256
8c02e481770497824a72fd3b3549dfcc21fa8ee0e1a2f645e8d0278d3d2c60f8

SHA512
4a0441c69b7e3c341746a1e78ad7b6e44865e7cc670d2ab6cc8a715d3b53b393c951dfbe83a70e3e0e95ae4180df37d8863e6187c7af6c50ac640a5567d4cf1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\errorreport.cab

Filesize
6.7MB

MD5
6b1f70a954748b02393d2021316789cb

SHA1
e0fb19813e61624d037898196d3e0ae1fd9d34dd

SHA256
a621f2cf23677a19c790577f5d4a049d3de5eb4024268dfcea39f563ba8bc753

SHA512
8984cfc04e4dbab8550e938cde51d7f7f8c6ea705a8bda2a2e0376e06564fab0f3a64354c05347995599e46787e92a6dfe00608b98a15ff1e2efa8a84525e143

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\exctrldr.cab

Filesize
11.0MB

MD5
8948b87b32e1782036d2d7b1abf3acd6

SHA1
52a6d343db02e965f037840d05b004c6b9a97afb

SHA256
d65fdb74efcbd271fd021b430414a7d1837b7ca6e6cd27bcee0e9872ffad5581

SHA512
844f1ed15122b57e6bf3e4f1878f67c1481d3c2799c34edb868fcce48ffac597f2e98c2c9b2c345fd1e69e61d45a598cdc8b86264b4dd7e1a803d2720becf729

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\extvid.cab

Filesize
2.5MB

MD5
1b02be6464c5b77333860ce189ba8d2c

SHA1
286037eb03910d6a7a25f9618d9458040e670fe1

SHA256
5b1173cbe86c5ed15628796f6aa8f0ca767a982e5cc58a9d3702bd80e47915cd

SHA512
5b5fddb08e8dc1e8c64c5c6895b7eb07fa2046db79b5dddf069a3ff1e74120ea5a0f2c84e0c758ee476d08ef7d24d600b674c9fbff664235540498f9d5c8beba

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\flacplug.cab

Filesize
309KB

MD5
a3c97d14693fa9a433f81957a8cf3f4f

SHA1
bf4e919146992cb42e7fe11fa25fabd796916218

SHA256
40941492c774bb15051a7a2f8f4a6d861e951cd57c40f0bb33f8c5d1446a9d3e

SHA512
d65d0faa7b6f7c1141af6c71a47e15a2e9c6a5bcab90ba916cd5028182536ab8b1282b42546295bfdef368f629c3e49d9bc853610a05d1c46e6bd85ee3d35b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\gifplug.cab

Filesize
54KB

MD5
adee6ca6a96a827a3026e0604eb6e00f

SHA1
849d6b2a32de5d157bcef59a8771067d7c0218db

SHA256
ff28c6ab201ff93412fe235c91ffdfd45a86362bd082533d047ee387cf6bc4c3

SHA512
2f5afcf053e296cb16ab7e6f0f4b3be98ace50174dbe14c049f3104103daffde56e6755759eb061dd4c38212efffaf9b7334fd0dad5dd73e31b5439dca5b76dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\layouts_vegas.cab

Filesize
3KB

MD5
932e86b3584b516ff25ec040027ac838

SHA1
3b4a867998fd4ac2cd77d84f2c36c68364005545

SHA256
9e6c11f3fe2fe294771c9495399cdd33463286e45259300a72d3c1e6eb01659b

SHA512
d70e7f2fa83d807435b30ac9dbefff7c7f5238853c3210c8306380ab3bc242f185d47f24dd70cd5fee724798001e5d093904b9abd520cae58ef42ae6b4dcc37b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\mchammer.cab

Filesize
1.1MB

MD5
cc0cf9299c3492c232a79fdd5c72677e

SHA1
a096b3dc402722ea68bee54e779f83743f9c55d6

SHA256
93962182e3a212a43a6cf2d7c1aeee5a6d8a1f2a86377d4be63a775c69fc84cd

SHA512
28b78ee8b96a8423327962a8ef8a807f5536e12768a93bfb662b0e2d56bef41a1a431d71f19df469ab7a62411942f409100e35446a0b9283c4e887ead4aec7af

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\mp3plug2.cab

Filesize
553KB

MD5
7811797e6276ce4fa437732fe59a6875

SHA1
89bf880976978d29257e5c5d1cb924ca0cf66d91

SHA256
5acd21c5420e4d77f47b3550d2e0977f29b679b6dc855045f2851d11e591d9af

SHA512
7996f7b5fea462febb44bef1adabba51ce8edb9dcbf94933e3fc9c606fded65090b0b9341b32938a24a04955089ac6f21ffc463dee5bd8502ce45fd347231a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\oggplug.cab

Filesize
1.8MB

MD5
2160af908fa3da38f5214652bc79eb9f

SHA1
0fbf51f368ec7d90d01335fe8e72588ba4484dcc

SHA256
fac164c94d0f4a86dec815159b6942cb41ffa12ec485c19c9552e960356f7b70

SHA512
c567201b1e912505ebf191cc83eadeca9b9d637ed166d260629c098ef7fdfd74504321561da0810d0450de553d4da2ae048f7df5be003ff34244fdfba78d3959

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\qt7plug.cab

Filesize
454KB

MD5
1bd834cfda1bf770a4880ad40184e58d

SHA1
63b0a1af0a475a3eb6bb15a9a4df518501e2995a

SHA256
613f529f95d9a9f2a9d0b1b4c527edab4e411c15720348bf5562fd5dc5d7801d

SHA512
e47bbb611cee5442470095f12c8116b52e5d3e5cfc51518e8d67a679ed13e28664e471cf924aa5d0a3f4e08b7c9c5e9185ea6de72857d141f01a232fe7891add

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\redplug.cab

Filesize
7.2MB

MD5
c2471d461dad0397e321322e3532ec47

SHA1
5bf0338e633768f3114f2b7809baff711ff568ce

SHA256
a402e1ad66c069a5917362da6adb0a689271288e98ff2630088dd4eb81275380

SHA512
123cd1fd81beb7ec3635a262921eed9b824a0ffc27af6232910645a30921a79afc96f976e31675f730f1a4301f5c2285900bb6ec91475127061d334532c33c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sctplug.cab

Filesize
2.0MB

MD5
58efe8e18686538956f665bfb80db4b4

SHA1
0a703b7186214d19c2046aa3552ec51cd054379b

SHA256
06e3abf6fdaa037c128faf94c9cc6781d619fdfab2f5ce8910925f4eafb4ad26

SHA512
b0497d23e4d0890de4dc380a0bf92d8b847c02f97c63324494478836c52d594968b242d0fcdc7912b73e053f1bfbc30e3be6e387888df0b4aa2ee5fb1a785e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sffrgpnv.cab

Filesize
1.2MB

MD5
e97a61f59b5d9a9faa6cf950b6cb69e6

SHA1
536a9d80d5728068b7f60ddcb5fa4c754f7581e9

SHA256
313f87dbd4de26b236736c6364aa6eb6d7e486ec9dcb855f5e0c9de912640348

SHA512
c296dab03ef6d4e6426b59e08e560ef3d6ca010570fd427c253b22e8f091db14429092321d3b8a323bf60ebceb96362c3a95f7b09266a93914aee3dc845511e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfpaplug.cab

Filesize
2.0MB

MD5
91cc20ba424f606daa79f5a72284636d

SHA1
2420d65ba1c6d602c8dd20ef1438baa49bb7f1cf

SHA256
2ec8502a787062c61284065b9600428f89032fce8745bfc748623515266522cd

SHA512
9b7d0e136d4cbf414774c314cdcfc780088d93ebfd4e5ce5a98dbfa6f3befb7bc8cfe52558bc10c6b9373d6913a9769cf2f2377e41ee86aaacd535ef69aaf161

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfppack1.cab

Filesize
2.0MB

MD5
8a9c33b527c031ea38db9ab32e3346f0

SHA1
1e122a100fdca00c859783d26ecba86e0230c766

SHA256
eafa97e73c19cb532075b64a65dd5c79af5e9b7c12c35d70860d24c3449bb83d

SHA512
fe059ed1253b25c25f6b8713c9793e50f3326b1790ac646fe401588cf1d7e81bb5b819d412daf649b66d5884884a8a6c245c2fe6f58d4157484385e218a47663

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfppack2.cab

Filesize
2.1MB

MD5
8b477059d3bb59d1b78d619e666ea971

SHA1
f69c1d8d8bbfe9a85feea80a10f4867331fee93c

SHA256
347fc982ab5aa0172da2551113791351f3eb7e4060eee69e1e763e99d825993e

SHA512
7f22f586d10ce3771d25cb2061cd73db32e9ac15bcd0f9d84fa3c2ed076c569afe260f0c619eecd406ba34074ed37cc9722917f2bc740e41c541914a2c579b2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfppack3.cab

Filesize
1.9MB

MD5
32d05310e05a1664d5abcdf220e4e63d

SHA1
151da26229e83b1114a2cc329cada299d0363900

SHA256
6e6c31a6e343c719e44974fb979b15ba23e09c809d92769e02241a68855a33a5

SHA512
83d06fef7c21530257032939ae68bfb348849283693d73cdc9b72be05f1a239e026045a4d36a526bc6e60a0bc8c235773976b64787b64193c5eb71e38f4dfc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfresfilter.cab

Filesize
1.6MB

MD5
9f1b20a1b9d4390c2febeaf99ad9d2f6

SHA1
736a3bcd9bee05370dc52920a501d9fe183db984

SHA256
aa7cd77022b3f9f58efa44d0e3593b59f7f4f96d7e86a38bf38e212578fb1262

SHA512
bd5cf985afe7ca0e406a857b7d21e1001d91a3880c6d7df1b29f13da1b066e3936c5affc9a0a7a10d50dc4f79561593d3dcd364102a791edad41af3fecbf98c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sftrkfx1.cab

Filesize
1.6MB

MD5
c28993b0a9852c054db55bb49b43e167

SHA1
acfe77c3c409fca4d4731b916de6c1b147107beb

SHA256
01b67095a92a093c78bc47b7669b68a68e6885a0f1f9afb749eabf3341b52e02

SHA512
7c59572529dec097492c6664791404246554f662ce7bf9ef899f0dd7d5e87b5123f1e8caf681eb8ff058d8cd05c0f08031a96a89319e025463c7fd83c0906008

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfvstwrap.cab

Filesize
3.1MB

MD5
2031c9b18d6adc2a6d9852f3b2a6a040

SHA1
2cfd3a91842e90018bacf74f44208db6b38a4fdc

SHA256
610f9bd1e8be637a0b0fe4618b91c2da0640a898dbd1ec829949790683e4e594

SHA512
bfa2e3f273b10f43db5bee509f85f597f095cf1361a749accb36269ff802dd9dd0fbced95b2ac5105e131b49caeba24830d353368ea81e5a7c39b4f710c908dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfxpfx1.cab

Filesize
1.4MB

MD5
e0bfb0bdcb2399bcba5bbd070590da1c

SHA1
98ee02157e74d488bc7280605ddd569054fce893

SHA256
c858df38b9d663fa667d537cd05bdd18278f12c4416bc50c1cde22705d19c951

SHA512
41194bb5893c259abc5c2c9620d81eb5ee85c8e66e6ac4e75b1a3ce1a3c99a9651c530d15f6eddde12920800c4bbc7e17f85413be8609e233241cbbdc2144389

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfxpfx2.cab

Filesize
1.2MB

MD5
350e0dcc10d0aea97526d001107cd511

SHA1
79e8eb921d2c294d7eff5fdda1de19291f80a3e0

SHA256
f0715826929340866430f414a640deed290ab6ab2e79750cb08bdd4fdaef9c01

SHA512
27e3b69e517f161bada5464fe2890610126c60bdc83a2a556545d5f0bb55e6a2afca1e10055b0bf6ab4fdb6d62508bd230a804f83f9dd7d37645005a31d1615a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\sfxpfx3.cab

Filesize
1.3MB

MD5
8f594cddf3839a2285f69eba31f9c206

SHA1
cd66c1f9c6258c6bc2fc476f8d04409b28195a89

SHA256
714c80d2006d05f365d307d599f6053cb3e059214c37707b7c6a1d0d838df9a4

SHA512
5ae6982f54f14a20b7417d282018e1dfc3beca2049ea02dd92258606f29366b3927bf1457fb8105ccc4dd41d0b5a23fea67bbd563620ac051abd26de1a0d2031

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\stl2plug.cab

Filesize
2.0MB

MD5
8fd67c99522fc625857113e456a3103b

SHA1
fa4ec407b1a07c9980a6974ec1cd7dfd893d425e

SHA256
512dc207e60326f1d278b4e2f2acefac13ad1e379994d194d6908f202810e601

SHA512
228c18ab1a0734176193961be9f5008bc8ce7c74d05d292a37c41be1cb34a0a03a2aaa8b6c84e78e866bf71d5ce49d5573f04cc3fe1706dd0f3beb4199ee1172

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\vduplug.cab

Filesize
1.9MB

MD5
691d932f13ba1fe6622e39b60a4a89fc

SHA1
239bb2d1528ff2b8b8c854bea93da4d75089fda2

SHA256
302ce01c132ae917d7d78edf142ffed44a7135f0bf92ef5fa5d07625b7d45729

SHA512
e496a4467f9e4d8e814fa2a194f3651058bf6f943a8512d186b60cbb6f73a47b6e20869c8a2df2437d0d805ba017f66dc6377f8acf7fb22c466e62c2e9a4d89a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\vidcap.cab

Filesize
4.0MB

MD5
6a9851b06684cf9bdd1036b802e1b2ce

SHA1
98b4183f70e04e14e44a617e4588e77bd4200b37

SHA256
57cb9abbc0cdadbdfc10ac5f08be1ed598741659d2b9d971bb54a8ec0cba1d7c

SHA512
a8be128451ad39a3a63d41d67a4d496e8d6e367138486be1d3f16d42e952c33f6ca82b3e865ad2c63ad7e1710cd315ead03e3dbe129209410786783a2e75775e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\wavplug.cab

Filesize
268KB

MD5
0f3cbc7561f9283deeede1e30dc23f5f

SHA1
b7d2ce377238b1fc86b53c69f551a31801c795cd

SHA256
3bf724745efa5cbc45db52300661e4c66049e770acb990b558aec2c0c028a9f5

SHA512
b997d02c91acfb919058dc605f4ffac84c30810047a68dc9fc2354662d960a80078ad67286da7891f7b141eb0eb93dfb8f26f8d1b9da53d95573626ff55b540b

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\wicplug.cab

Filesize
488KB

MD5
d154285db25d6f0aaf69f73c0b3e68a0

SHA1
064791f1aa6d2167b18d3c295f7857a5dc7bb0bc

SHA256
a21126d1ee724ab98de9adb36341a40b3d509c5e5261fe66c9a865686976c6e0

SHA512
421525e888db41c6879bace1fa6054c02efd2a88a2ca62f818850af26ace6a6d0b3e9d6a9faa2f09f17e8081002104700b96b6cd4773118e7cb4d03ee8d40e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\wmfplug4.cab

Filesize
322KB

MD5
b5a8677ae7be53ec7afd0b21a5d5f668

SHA1
15f645cf23dff8bac8962f8ed9747c0d869c954e

SHA256
ed5f8329b3c079e0cd288e5f278f4d21a82850e1e49f24d8728c5dda67bd6fd4

SHA512
551e3a374517057609d5521aed2d19874ea20a100d6e6c990890f336cccb29997ed2bea37d92b4a71b9e8dad654c5ff9d2fb05423269d4df93223a06915b5a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\SonyInstall_2\vegas180\xpvinyl.cab

Filesize
1.1MB

MD5
143c0ad1f5d1f83ec19f66d4dfcaafbc

SHA1
46ce574dc94a82c7fe15dca9216615b7aa434db9

SHA256
b608e8b8bad4c31d63426b2432f1228637d602aa6549db41f028b59275b82587

SHA512
ad5d96d607b75be8fcaa304e08a0cf95cbd9c3798f0276beca45d455a3577a57abfe7772214b4f1dfe309cb35177e6c67fe29cbd3cb34ace3440d91b47074ebc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3756129449-3121373848-4276368241-1000\0f5007522459c86e95ffcc62f32308f1_a63d6fdc-08cb-4232-ab51-76cafdcb4d96

Filesize
1KB

MD5
309f90521bb46148df20bb5dd9187521

SHA1
7a02d328446b1309fdf3de182a9696acf2d28c47

SHA256
5256efb73675897bbfae67a39ffc16e349a932f04fc5010a78cae048a271393c

SHA512
b03ecbeeca8396bbe3c2e8d5d5e6b3f9fc49494266090a1cae4f017509720490237c9d21f7033fc73599791f8cf8e06ac33176670bac47f71a0dc2e74b1470c0

Download Submit
C:\Users\Admin\AppData\Roaming\Sony\msvcrt_redist_08012025-085400.log

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\MSI428F.tmp

Filesize
123KB

MD5
5cb7ec6843aa69694096d98e467bc5e7

SHA1
ade3a650ccfff23264c3e95819126c4be6eb57cb

SHA256
c03b47bcbe6c28cfa612950814ca383dddd0d4a527cc17f1750b8385d4917aad

SHA512
540e905256195ab904d1313b72811ca73f9dcbdb419c28cbbb83232e9fee966c3d80ca322f3701a0468e9bb545e4ca08e1106ae6254f59e100e703c139e40ce9

Download Submit
C:\Windows\Installer\MSIECF7.tmp

Filesize
1.7MB

MD5
aa6140d90ba59625eff857dc9bf64125

SHA1
1c29f7ab92a4d6175dad72667b6d89a212349e07

SHA256
494d77dadb86b7bc5ed7fa8b6a3cfc16211104cb7a460808dc616118ad693888

SHA512
0e61051634cd825195d1d52f240bfdaefe48a64f9f9403d6e932357ea6020aa70bb1e5344fb010b16cea325c5d3023244587b5e3ddcf155a1dcd6e11e1a9e9f5

Download Submit
C:\Windows\Installer\{75111FE1-CE55-11EA-8B12-00155D43CFCE}\vegas.ico (new loc)

Filesize
352KB

MD5
cdc126f924947b9d3e8213ce71e9ef58

SHA1
07fc2e6a6bb67cca3efd8dbc7e4f58342c9d0190

SHA256
7deabf6a50fb91b6ee83711b1a161e76487e9d3aeb6220cc023e0917ff90756d

SHA512
ebf7dbc8a5074fe7d38bfdf1528d4581503dbf1f38bfdcc14247447b9dbcd5b75194692d01543c4f85ebf6c5bf9ed804c890d797791c6c7421b6bb8bad46d738

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log

Filesize
45KB

MD5
4db5359dc6dd6394d312b243f961f8d1

SHA1
53b15150dd3b2520d698fe7a2b6a5648b5dc3636

SHA256
c42d0110fca225d2100ce475a094b21a00d55f5dad50fddf4dd0261241869b2b

SHA512
c1167f6832eb338f021fd367e8368cf932ff8a8b752fdc36cfbd78219633a3374ccf77161d875a070ad1d8f4e3c44f9b09d934c0e8a1f802cb8417c4968c7780

Download Submit
C:\Windows\SysWOW64\DLLDEV32i.dll

Filesize
117KB

MD5
7392f7965caf27e23ccbae3185c821ac

SHA1
e65d55888ed57f1c085891be79137ef999a64c6b

SHA256
4aa15836bf92f0ed0e6c13be12b70575353d91623a55d898e6406cbff29523c1

SHA512
25cef48525c57a3749688be4a03e7d798194b074a6c5f635db528be13d59c3af1143d42d0f82e49f0a43f9f8dabedaf75182f12af79e3990f97835d0e1d99257

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2c68539db75e583ae627fdd72a15be71\Accessibility.ni.dll

Filesize
25KB

MD5
c8c7a383ceb4c4d1df55308ba44f75fd

SHA1
7a90edf7bd4488ec42efaabb51f5c9c3560db8e2

SHA256
55588bf1f5b0979b2efb09a755d5c6827946040e0ff8a118d8003377c26d03d8

SHA512
669b5adf2bdaa29449bd771cb5ee2aa5b48ea8bf67ab7a1b76ff8c31942bb4e39a86b7b8d173624538bd5ef8998976b6ace905894cf68f14c3da841520ee4fa9

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\BdmuxInterface\29d15744753aff5c336ca3c3d9fabb71\BdmuxInterface.ni.dll

Filesize
14KB

MD5
52032748ac5018e7fb0cb4096e46bb41

SHA1
758125631c05bda97b7111c34880fcffb6f17694

SHA256
6ef9428dfbc684274fe5c0262cbe450b7fc7d016a39b88275a1268c2852428ae

SHA512
69556443faf3c7caa68bab6ac4671b2b991ba52747503f7a403b5e5d552f585ba9cbcdda6f84faf6e6be172a95a2ef5d97f50e6ab1085bbd32d26bb007ac4662

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\BdmuxServer\078f394501343cd179428349ec675501\BdmuxServer.ni.exe

Filesize
19KB

MD5
a1e01dfe2dd230ee924601ed9acc4e80

SHA1
8dfad9d3d4cd433d25b09f5fa27f8e54fd82bb03

SHA256
b1212fe400199f033ea525c234bd3d06b19274d997e285c6f5a26e0ba685e34b

SHA512
2dc427757db6672eff0b0402f0fb587f8c12379a38fed2b31ff046317b4cab246beec9e1506bd4e37df609446d74bacb685301bde89c3aedccf34ad9e49af6d3

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\574e82db6b0f08cfa6c354a8c530eee2\Microsoft.VisualC.ni.dll

Filesize
15KB

MD5
01d23f6812fe23c0ce53c3fd1e1d1f34

SHA1
943b6ad66eae548473d9e093a35290e421de7a7d

SHA256
32a2b9d92ec3446635a6f9cb21acfb662ba5a1f1b5e725d6ec763438426a9962

SHA512
7df32aa18e90d856e982c555d040e7ceabada7e127a927ac7962d6276079d3e1ab9a1e9a824c67b7a0805ed3c4015de41b9f6b133af956def360dd8485cb9e7e

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\611ffd8fff7c0284ff774f1020615bfa\System.Configuration.Install.ni.dll

Filesize
138KB

MD5
e038d64d34bc584a554a6281edc8c228

SHA1
ad4c9d87357531c1978ec5855023bd80a37a7895

SHA256
3fe4993755e07639419a3905f331abb6dc156968c6f2e49bcd14156d6bf729e5

SHA512
f09c55227ab5863d0688a53fef584266f690c60d1d16fec5e60f9561dd14862059a59778975a143fbc8725f61b173efdcad90f6b3e6636c20c72fc6a543e1385

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\50c39c809e312905339e9d74496ecd00\System.Configuration.ni.dll

Filesize
955KB

MD5
4990dd6603ba3479ecc73fa52da8b155

SHA1
8bdc7e58144a9714537f7415ff14bd47b0b15f21

SHA256
88d7bf86a81d78d6cc26e3e740cb2552b0daab107a6fe57ff29b3a8b4c765d01

SHA512
7c5ab15c8c5dc5c210ec49a56b422a53fd648d805f4e6211ff0f66a81a78dc32f33d4f026f9d7b8b116eb3c0a6d5aafeed4749054b8238d14fb6258b27172dc7

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0e0f9e36df1c27f4678f09942864c9af\System.Data.OracleClient.ni.dll

Filesize
1.1MB

MD5
0ec47acd4f820931ab96d7ebc524e9ef

SHA1
7305e6b9de6dbcda8b0d9ec9aceb33f35181c03e

SHA256
5d24f91ebb1824af1d1b61ec43d3d50f025678570b5bf3f873f41e0640e36dae

SHA512
28f59fb366caf78afbe149c2a612b9aa618b2667b3f93da814f3b848dd17ca9490fd5154a1ca64a12d62033bbcd5be6b777a3b6861b9c7eb52fe1ab5796a8547

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\2bf6d78fa46125ef60dd084028ef4d8c\System.Data.SqlXml.ni.dll

Filesize
2.4MB

MD5
fd8567cee64f4ce0a2e379c07adfe6e3

SHA1
7f46520023013b7563004bd2dac830816029b9e3

SHA256
e2db1ccf6218e8aef23603a2672348161351ece68b78f5e1b74301bf2a9f354f

SHA512
35ec5d23548c8e6d367eba031c62b933b56cc269f917e726e74d2ff1c077a88e08bf76ba2a2122d7146fcb950ccf6765c99b4112e5ff11edbac5a6b855ea729b

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eaae44035dbd83a24255786d2aa9eef1\System.Data.ni.dll

Filesize
6.3MB

MD5
0e5ef58a5c1ef441d6203b9646569ae7

SHA1
65874e3a59eeec9bb8147e4f459a303de91c4100

SHA256
548f3755733ca180ea1a4e7782dcbc17006922b80586e9208b413be95d2154da

SHA512
a1537470ad190ffe22bbd08d330bf3123a9ab20fce35270588c0bd23dec475c8a64acea1c4872c47d6f3dfdaca42886890e05d8f822373fca0236fc5762089da

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\6a2516126ffd58d75fd9b63d965be6e3\System.Deployment.ni.dll

Filesize
1.6MB

MD5
858999ee084d930465c568a31bad0fc1

SHA1
9715cceab0b7341646d15000394924481a157c2d

SHA256
9cd9d565f993759fd579bd153782d66332a6df9d4f38668fc0612d5fd6c3efbf

SHA512
8348d3c78ec084f18a906d5a17a1bb169b4bd28fc31de413f0340cd12bc94427a23d410a81ae952bce5a5abe837f0210dae778d95ec8ec23098d204badc563d4

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\b345b1f734ea3aea3540caf55869215a\System.Design.ni.dll

Filesize
10.2MB

MD5
29fe4a231b7fadd9b66a1b59e7876033

SHA1
aa596d8d462dab324a10a812831d1bb7ede8adfc

SHA256
7a1135452728669b1cb452c58a969a9c30f5e5cadc048d4b03a21f99adf6528d

SHA512
c1e0195c546afb894d12f34b072c67e79bbe1f4dda500a7d821fb3d2010824f51d836794cd9484d4e2f1673486e5ab122cf88125cb2ac58a23f88207ed086514

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\16ebe8df2036040bf7b16fbb0b441d63\System.DirectoryServices.ni.dll

Filesize
1.1MB

MD5
83549945235b83efb6078a1bb43a5ddc

SHA1
eb3b8496948c891b07376222a058f7ed2f863799

SHA256
f8cca9ed968d1f6244dda022faa84032e6ebec36168d4fb396ad8d01597f356a

SHA512
e55e4baf49291b160f0dce9ef68ee1328496d3263a0469c4c65b7626d6f1a67fa2798f4b47d1991201743033c95421c83fc3ff836aca7b1e65c18bd073eb0f79

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\2d96546698256d818114d8a17215f513\System.DirectoryServices.Protocols.ni.dll

Filesize
444KB

MD5
ec4f188e5ea5045a76ec135a2b1871cf

SHA1
e82130863879e52e9833aeb34e8a8d613d0926aa

SHA256
7dddd2359338f8c5e8879d64c4a8583c930fa98b079fc6edad0e96e3d027cbcd

SHA512
69cada3a6274863b524ee160848c99f2b0979b6e9ba5a205266604382cf5e3ae26277d216c1cb15302782fe15c84f3238ba98b0f0a1d15c054848c78da18df38

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\30bacfb052519296a25d585d62d65f0e\System.Drawing.Design.ni.dll

Filesize
203KB

MD5
ad8de415732fcf19dcb2df89ddfe3159

SHA1
7ab07013e4d4a6f0a23e9571b1b175d9e65d7652

SHA256
7aba2361cde5cf74436533f0da387b83c7e47ed254c2a92fdc9085445e20739e

SHA512
81c8bc4af3bc9d0ce42f903f58456f411f6f5ac31cb569391c31cf5274181a618b2b01f086fc8e39bb24a763accf3c1e3660d4129ad40f53c968f83e5a9ecab5

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\14ad09938f3197fce462d47b2194bd45\System.Drawing.ni.dll

Filesize
1.5MB

MD5
1777b41cb2741762a6fceefd99bba158

SHA1
3dd8eee460a20e52689a116103cfa3a43b159d19

SHA256
a549546bdf9b32979033c151fe1ca370f2661570f4637d21138ac4ace369a73a

SHA512
554322ba20e331bd96268842294f71acdbec70765d8c82c51d06c9261a4c284578b26af7efbeec4b072f1ea5b50514a6bcc290343fc12c87b1afa7597ec543f6

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\bd2663637d8b93a187e67959328f54fe\System.EnterpriseServices.ni.dll

Filesize
613KB

MD5
0314d12a843f739fe5cd750fdff0289c

SHA1
61d925baf5f080132b62cafd3d1ff8a76ce6a477

SHA256
90f1074270765c0908c6527ca8a86d4199b241e87f2dc5c84ada42c5d966776e

SHA512
997a22727aae924fb467a057a484975d5b3b460f2070b5acfcbc86f8cb8a0d19ee682332d3aa3b2281c63eb7a91b98399ab5a64fc8476fba79d6c10adc5f458c

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7f272c19ef36ca26a6716b3ce65ba06\System.Runtime.Remoting.ni.dll

Filesize
756KB

MD5
1ca868c0ac37fc6cff2e1ed835a38cd6

SHA1
34f7a8b37af4e35d7ee07eaaca4aa06422e739ff

SHA256
d3e76742f3c6266a039769e51a4b5f419f5d016a1d68b70e8bb136bd2dd590e4

SHA512
fcd95cbe91b768620c74c53b1cb5365ff40fde039a525835572322c48e3750e79a8920f797a32e709b4bea4cf6a77a65d5210cbc2e8e1b4363c3c0d22abb4f5d

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bfa1161e5e8a708ebafb06503d3ea591\System.Runtime.Serialization.Formatters.Soap.ni.dll

Filesize
303KB

MD5
81116a8852efd011051d9891498970ad

SHA1
784bdae7ec804a5757405287bd5e1b4a2817a730

SHA256
8f8dd22755618fc224856a4a116f9434bac9aa3b1ad023fba70233f74d4a760e

SHA512
f5e2b282c7ef29f91ea43e5f0c935315ca78663f0068e656c422ea622f4ff05150f6ff97764f39ce40246fb8e0f01f430ca3e23c7d15f87883180c18bd718e6c

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\6358a966b003f859eb24e6c49d3bb7fa\System.Security.ni.dll

Filesize
705KB

MD5
9f33792c2dd85df9f6f356ac2761d5a9

SHA1
52236ee0a57ac0b135fa68e70adb8f1582b979a1

SHA256
497a442b45d20a888bd7f57b2bd3b39867752b1304109a414ccca565f1bdd9eb

SHA512
0d8d7ca85b6f68bb890391c0490bedf80efd2360fdc9e861038dedf5cff43519ec77ec6b7c5a9976f427d9690e2e94d96572b29f9fdffb4abe46d62c94a4458f

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abc482a81715bf779d3138355f99283f\System.ServiceProcess.ni.dll

Filesize
219KB

MD5
594ecb1346fa642970e336852647a24b

SHA1
296fb9e6aa2b62e58562397d0b815fe3b5593c2e

SHA256
043568069f8dd1438c3d5f9e93f02329c25793e614dd39acf0ad1322e8175f9f

SHA512
554fa415ea52a6250d1f0a40c6e905ce1c096114f6480d94fdb95716f3a1f9434a69e93383ebfd8dc8fe27cb54e668395c3d763847220fbaf9e663050736a7d0

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\391b0d05b44d909e89c784995e964aa1\System.Transactions.ni.dll

Filesize
612KB

MD5
cd0552ae9ef192595a77292a45b87e21

SHA1
29dc417a2547f08b2aa1b537e63429a12d88d662

SHA256
b728af1b74b97e7ca828c7eaf297a100b384ad1d90df35304cd56a6e28580849

SHA512
ed222c33ce9fb01be88430f63ca1fd6fd46d10d6df2573128497e8e9e493a6b328944edd66793da1f9151aea0b1a4e0d1c89e85260d3a6763584b2e872d18142

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\01d6f732622814b1e863a201924278f0\System.Web.RegularExpressions.ni.dll

Filesize
248KB

MD5
1bafe0bd53dbe522e0a8a99937b00b54

SHA1
872a705244b421c966500bf964d0302069d065f2

SHA256
90c450b59896e2a0996cb3405e87ba053465ff26fe7a4099fc521398f282e796

SHA512
147ed06e64e9d68501231ff6cc1ca8c1ce621f39be1c198e85ac172ab8d933cb2f0a6005eb24b1713b2a7cf24dac5744e68720a3728a810b80c79279fee0e423

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\4c1da9372aeef07827689ca3afe5d28e\System.Web.Services.ni.dll

Filesize
1.8MB

MD5
5584d2a9ef894cadfc271215e4fc84ff

SHA1
24cbddcd375c61708c43deeec5b0446257b535e6

SHA256
985d5c5e0781573a6bcc50bef8eaa624303cee239b0ed8b6921f570d4e21b336

SHA512
62f70cd7a6b5e1b3d5186349ff1b9033631df6e2647b4a036888c6486db7dd97ab52a54ce1d8d6803c0e95a36c595d0a93b5581ca35232a9832f079b1d5e56f7

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e2dbd9e164bfad626e4b00b772242ecc\System.Web.ni.dll

Filesize
11.4MB

MD5
2eaa2acb0b3adca1d5431bcf352ef222

SHA1
513e01dbce727afa548f37aa7e4c1e3d30227cda

SHA256
9df42ff477f9b36e0c2f116182239953c6476b9cc019a9ab4912294926108538

SHA512
586d20cf97750ce83ce2417810fb036319fdd5e05a0f4318d2b704f8c46f40c63c92a3593198ffdd528b5a9cf70a1114bb81430f92263ba886e5ed1a21a7af65

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0c47ad5e4d501b35e43a088535e589f\System.Windows.Forms.ni.dll

Filesize
11.9MB

MD5
7504e4158cdca056f7b7ec0c2d99337e

SHA1
9a0feb906318f65d0be06d682ce191525124ad30

SHA256
6f83ea368ba764c5f2832ba4975c0cb2ffc000708c1ecf603f3130016e39d142

SHA512
ba4e9e2a1f0c9532787519620f1d714c5b27cb5eddb5513a137c284062ce15e7122ab37d07363a75567b9d2a849d0f64ffeaa997fa5ca9e3f9eb414ca8943128

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4e31e183cb14c0cb0ef25463997f7af9\System.Xml.ni.dll

Filesize
5.2MB

MD5
aadbe0249d57d7e9a3be8f38b2eefac5

SHA1
5c58bb8a226b7348dd2e066041a80472751cee00

SHA256
1d669ecca4017e8be44b1dafb52155a77d5632acdda10ad94688abe5f06f6480

SHA512
835c206b482c1610d70bcf1d60810c8eef696491eb9cc9d11ee411c6f98d53a9ae120edfe52ef0998541adee7bf1c286db0ff103cac7d68804dfff4a400b193f

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxdh\c9ca1187a97a369179ebbbccf15751ec\Vegmuxdh.ni.dll

Filesize
29KB

MD5
a9c498e32ae4e1f4ab5e8b3ff1aacd74

SHA1
89692d6f3b5987ffa961db3d617891547edc946c

SHA256
c1e16c8ac8617ebf61f89dff9affd484473b78cbf44cb11d658e11d750a3ac96

SHA512
f13c9fa5690f65371589ac5dfcae188594251d6a6005c8925c48cf269bf290e7b04245e4ae37980408d8d9f808265a037db926644fb00a4e7cf0abf0728af62d

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxdw\1cd84e4219dbc1d47dafe39b2f1d1aa1\Vegmuxdw.ni.dll

Filesize
635KB

MD5
a2d0ef1b7ec921a925354babc86bef50

SHA1
c5af43ee0bd32d2da9c13b1e6ace1a6a217505e9

SHA256
e3140c848bfbcb4b6dd04cfe6956fb3e1f2724a4ab8bc5523cb5cc1b137148ef

SHA512
287edb3c5d86a2ddbd5be4bb5cbb5275129aa2103e4a946a1aca455de67fd1533d60a6883f0cf75d7bce94d204efd26e908d7deea706e0bf1ec90e6112cc95a0

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfa\efce9942776789a4280ac49be4e7c3b0\Vegmuxfa.ni.dll

Filesize
301KB

MD5
ac616a8c8c6ab06f322fa3ec4f968bf2

SHA1
225b95af443432b28384205550e0ea0fbd7668ec

SHA256
8b8407318776c119c7ead0f6303707401be0eeca7508b25e5fbbdac8cdb7c3e0

SHA512
d9df983bed4963f42d3867f88f50a38da6a4ffe7b3b6dad40ae4ca33d8672fff2e6929a0ce0f7a97d0c9751770f19e36f18c7d90928f2a318d712ecbcaeb62d2

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfb\2235ff0cae529f86fb3dc515248a70a4\Vegmuxfb.ni.dll

Filesize
747KB

MD5
efd4310d05c11ebdbd4f9145c9448937

SHA1
c0eb649a9a562ecb93d53bbabf361c2c9f111129

SHA256
f6b07ec031759f85c1eaf184334dc84f137b36d16fd37f20b7856153a0510b7c

SHA512
d453cec69c6ed524dda02fd82b631621bb4687688f32fe0b7845f60e149d1b4291a46548e2cd4cee0d679f0adf261413d84bcd7f92e921a1699b61a77813df67

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfc\05c9198caf78ae3048d71845476b3ae2\Vegmuxfc.ni.dll

Filesize
133KB

MD5
4e3f94e6509912ada8e00b82de8372c9

SHA1
3162789b2ba9fcb72c54c439d9ebcc3960d28a93

SHA256
6e6de029b47b488df2554641b04d18ceeb98a1cca862778a809a7ac7d9130206

SHA512
10ab8141e761590070477224838eb04269951ca909c4071d9e6cda0dae86b54b422f973d3705873cb66e3b74b033972ea45a00511718ff225b38ac41b5f275ef

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxfo\ac8ea1cc356e0532107df13de5ef3c8b\Vegmuxfo.ni.dll

Filesize
1.1MB

MD5
1e46af668896973be74fa168ff704823

SHA1
2e4c8cb813caa98e9cc4bc0cb200f10661164975

SHA256
836200aced0a21b62af3fb03c824b0a3aa64bc4eeabc304c8f5ef96eecee4cea

SHA512
c66e20f335def0b2c3a730445713c4e05ea1c49c10f9a45ae9fb81e21323c2ac850a2a4a0b0629a676f0660c5dbf289c8d4c6ac09412247a77a84a3d9c8613b8

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxmc\8764db574a0b0d3290c4c2bde537f46f\Vegmuxmc.ni.dll

Filesize
139KB

MD5
17c68165fef6ff9a362f788086dfe3e3

SHA1
278d58fd56d953db31c662e86a0cb84386ca2a53

SHA256
506bbc63b7dc90957548b3b874d3e5f02313726bab01e83c7fe40646ba0f67dd

SHA512
823a7dd88289407358a3d351e94b2aa4377d77e425a8c8c5dc6a842e8717be4a5e2967ab9b8d77c56a7db1cded393c0ef0b1e0a06efafcf03ba884fef697ea47

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxrt\f2aa13b4b3ce06a7cbabf8ba698b0bda\Vegmuxrt.ni.dll

Filesize
35KB

MD5
ca1d0ee59fb7c0328c334168e5ca736d

SHA1
4128ebb941d77daa8c2ecd63f52eae728d70e017

SHA256
963114dd741bd70b05e9ca8d9bff707d517aeb60d160bcb679cb6ab1629fe99b

SHA512
598af1757141c70e4dbb278576804f33f812478d12529abd7084fffd604525a53dfca3325def1efe64505a500a7e0d1e03a1cc445580a327ae7e412864edb93a

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\Vegmuxtw\80dc3b5fa810f98bed0177bb4515cf06\Vegmuxtw.ni.dll

Filesize
207KB

MD5
db646c5f95d722df3a8846c3f49edbc0

SHA1
36cd4e147a74638339ec8cf3af9360182d623060

SHA256
0ea769568e2385f79001a7cbb37a964d0a0f0bc4e167d80193ead24e448eb81a

SHA512
1db55b63f99f082e6fa3b3c8d79fbf9aa5e795186ecc1485d851b36216cd8e7c3d1bc7ad7944e8e3a971e4d63bdeb398c753ccec7877e4d93b2bd1dcd528c974

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_32\mux.net\f10fec09dc4a248bf6475832bec881b8\mux.net.ni.dll

Filesize
311KB

MD5
3face17018443cdb5882a06bba7533c6

SHA1
aabd36a8961cdf49adc2fbc91a564ec09e934e14

SHA256
906b39066e48ce64d82dbdf739968ffef7dda5760e47128aba9d562cd3e7c8f9

SHA512
d244cc3ab2bbf28407d2b53585960a52641939b22708286f91c376127a694d33d66103de24be8a1bfa7c08d7bbf9b3dabc7996054c933770c59f645a6a0ad806

Download Submit
memory/180-4363-0x0000000006EB0000-0x0000000006EB1000-memory.dmp

Filesize
4KB

Download
memory/708-4310-0x00007FF6113D0000-0x00007FF61439A000-memory.dmp

Filesize
47.8MB

Download
memory/1896-4279-0x000001D46CE30000-0x000001D46CE46000-memory.dmp

Filesize
88KB

Download
memory/3364-4293-0x0000019C93E10000-0x0000019C93E26000-memory.dmp

Filesize
88KB

Download
memory/3480-4289-0x0000023E883A0000-0x0000023E883B6000-memory.dmp

Filesize
88KB

Download
memory/3560-4287-0x00000181F6BA0000-0x00000181F6BB6000-memory.dmp

Filesize
88KB

Download
memory/3744-4285-0x0000012A97ED0000-0x0000012A97EE6000-memory.dmp

Filesize
88KB

Download
memory/3804-4291-0x00000127F94E0000-0x00000127F94F6000-memory.dmp

Filesize
88KB

Download
memory/4492-4304-0x00000278C47E0000-0x00000278C47E1000-memory.dmp

Filesize
4KB

Download
memory/4572-4283-0x0000020DD5D80000-0x0000020DD5D96000-memory.dmp

Filesize
88KB

Download
memory/4668-4295-0x000001C5CB6E0000-0x000001C5CB6F6000-memory.dmp

Filesize
88KB

Download
memory/4688-4299-0x00000174CF630000-0x00000174CF646000-memory.dmp

Filesize
88KB

Download
memory/5020-4297-0x000001FFC0400000-0x000001FFC0416000-memory.dmp

Filesize
88KB

Download
memory/5072-4281-0x000001F857F10000-0x000001F857F26000-memory.dmp

Filesize
88KB

Download