Overview

overview

9

Static

static

7

JITStarter.exe

windows10-2004_x64

9

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    30-06-2022 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JITStarter.exe

  • Size

    3.4MB

  • MD5

    cae1c4080e16058ef2a3d4c008384711

  • SHA1

    992e2c1cd65782919106e399169089a958feb1f0

  • SHA256

    1cd870787398db4bae34397b76e572c31d48b93dd6dc733ee2e6f3e9177bc162

  • SHA512

    3e039d1ae44d2257c4c6f5fa0e246dcbaf9f34bdb98b41c498c34e83fee3122f51b3ce9431288b6bb88f2bf31433121702b597a37b5e5782c56f31fb0aa4ceb8

Score
9/10
discoveryevasionpersistencethemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Themida packer 9 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in System32 directory 64 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JITStarter.exe
    "C:\Users\Admin\AppData\Local\Temp\JITStarter.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Windows\SysWOW64\cmd.exe
      /C vcredist86.exe /install /quiet /norestart
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4996
      • C:\Users\Admin\AppData\Local\Temp\vcredist86.exe
        vcredist86.exe /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Windows\Temp\{F5DA595B-043C-4A46-B779-2D6E068036BF}\.cr\vcredist86.exe
          "C:\Windows\Temp\{F5DA595B-043C-4A46-B779-2D6E068036BF}\.cr\vcredist86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vcredist86.exe" -burn.filehandle.attached=556 -burn.filehandle.self=552 /install /quiet /norestart
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:4136
          • C:\Windows\Temp\{DF582F07-0F01-46C6-A3AD-1E03770E9C62}\.be\VC_redist.x86.exe
            "C:\Windows\Temp\{DF582F07-0F01-46C6-A3AD-1E03770E9C62}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{2216EAE3-F491-4DC5-844F-14CA4A707A4C} {A3EF3E55-8C33-441F-9C02-86771773962B} 4136
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            PID:2200
    • C:\Windows\SysWOW64\cmd.exe
      /C vcredist64.exe /install /quiet /norestart
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3660
      • C:\Users\Admin\AppData\Local\Temp\vcredist64.exe
        vcredist64.exe /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4656
        • C:\Windows\Temp\{F1FA6820-F430-439F-9B03-62CA3245F5DC}\.cr\vcredist64.exe
          "C:\Windows\Temp\{F1FA6820-F430-439F-9B03-62CA3245F5DC}\.cr\vcredist64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\vcredist64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /install /quiet /norestart
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:4332
          • C:\Windows\Temp\{062384C8-E983-4104-B08A-47C1B5D2C144}\.be\VC_redist.x64.exe
            "C:\Windows\Temp\{062384C8-E983-4104-B08A-47C1B5D2C144}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{D9A058B6-1EED-437A-BFCB-5C4DA4FD86FC} {490F229B-476C-46AA-9677-CC2AEED7416A} 4332
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            PID:1100
    • C:\Windows\SysWOW64\cmd.exe
      /C NDP461-KB3102438-Web.exe /q /norestart
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4404
      • C:\Users\Admin\AppData\Local\Temp\NDP461-KB3102438-Web.exe
        NDP461-KB3102438-Web.exe /q /norestart
        3⤵
        • Executes dropped EXE
        PID:768
        • C:\5c2950f54909a09ba476bf627e\Setup.exe
          C:\5c2950f54909a09ba476bf627e\\Setup.exe /q /norestart /x86 /x64 /web
          4⤵
          • Checks processor information in registry
          • Suspicious behavior: EnumeratesProcesses
          PID:1808
    • C:\Windows\SysWOW64\cmd.exe
      /C dxwebsetup.exe /Q
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:8
      • C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
        dxwebsetup.exe /Q
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:3252
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe /windowsupdate
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops desktop.ini file(s)
          • Enumerates connected drives
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:4900
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_24_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            PID:4136
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_25_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1976
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_26_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1868
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_27_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:3964
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_28_x64.inf
            5⤵
            • Executes dropped EXE
            PID:4080
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_29_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:4836
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:4164
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_0.dll
            5⤵
            • Registers COM server for autorun
            • Loads dropped DLL
            • Modifies registry class
            PID:1856
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_30_x64.inf
            5⤵
            • Executes dropped EXE
            PID:4420
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_1_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1732
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_1.dll
            5⤵
            • Registers COM server for autorun
            • Loads dropped DLL
            • Modifies registry class
            PID:3572
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe xinput1_1_x64.inf, Install_Driver
            5⤵
            • Executes dropped EXE
            PID:4964
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_2_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1100
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_2.dll
            5⤵
            • Registers COM server for autorun
            • Loads dropped DLL
            • Modifies registry class
            PID:3464
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe xinput1_2_x64.inf, Install_Driver
            5⤵
            • Executes dropped EXE
            PID:4480
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_3_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:1204
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_3.dll
            5⤵
            • Registers COM server for autorun
            • Loads dropped DLL
            PID:2300
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_31_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            PID:2660
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_4_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2376
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_4.dll
            5⤵
            • Registers COM server for autorun
            • Loads dropped DLL
            PID:1572
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_32_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2372
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_00_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1820
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_5_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:4984
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_5.dll
            5⤵
            • Registers COM server for autorun
            • Loads dropped DLL
            • Modifies registry class
            PID:4572
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_6_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:4444
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_6.dll
            5⤵
            • Registers COM server for autorun
            • Loads dropped DLL
            • Modifies registry class
            PID:3816
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_33_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:4188
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_33_x64.inf
            5⤵
            • Executes dropped EXE
            PID:3192
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_7_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:3620
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_7.dll
            5⤵
            • Loads dropped DLL
            • Modifies registry class
            PID:1956
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
            5⤵
            • Executes dropped EXE
            PID:4980
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_34_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            PID:3652
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_34_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:3008
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_8_x64.inf
            5⤵
            • Executes dropped EXE
            PID:5076
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_8.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:2624
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_35_x64.inf
            5⤵
            • Executes dropped EXE
            PID:4996
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_35_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:980
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_9_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • Drops file in Windows directory
            PID:1484
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_9.dll
            5⤵
            • Registers COM server for autorun
            PID:220
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx9_36_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • Drops file in Windows directory
            PID:4652
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_36_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:4580
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe X3DAudio1_2_x64.inf
            5⤵
            • Executes dropped EXE
            PID:868
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT2_10_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2684
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_10.dll
            5⤵
            • Registers COM server for autorun
            PID:632
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DX9_37_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1172
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_37_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:3728
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe X3DAudio1_3_x64.inf
            5⤵
            • Executes dropped EXE
            PID:3300
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_0_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2224
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_0.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:2332
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_0_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2852
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_0.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:1968
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DX9_38_x64.inf
            5⤵
            • Executes dropped EXE
            PID:3244
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_38_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2484
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe X3DAudio1_4_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1976
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_1_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2140
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_1.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:1868
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_1_x64.inf
            5⤵
            • Executes dropped EXE
            PID:3768
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_1.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:1540
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DX9_39_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:5008
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_39_x64.inf
            5⤵
            • Executes dropped EXE
            PID:2360
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_2_x64.inf
            5⤵
            • Executes dropped EXE
            PID:4080
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_2.dll
            5⤵
            • Modifies registry class
            PID:3940
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_2_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            PID:1716
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_2.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:2092
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe X3DAudio1_5_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1856
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_3_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:3136
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_3.dll
            5⤵
            • Modifies registry class
            PID:1992
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_3_x64.inf
            5⤵
            • Executes dropped EXE
            PID:1732
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_3.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:4864
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DX9_40_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            PID:1088
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_40_x64.inf
            5⤵
            • Executes dropped EXE
            PID:652
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe X3DAudio1_6_x64.inf
            5⤵
            • Executes dropped EXE
            PID:724
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_4_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:4068
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_4.dll
            5⤵
            • Registers COM server for autorun
            PID:1676
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_4_x64.inf
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            PID:3272
          • C:\Windows\system32\regsvr32.exe
            C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_4.dll
            5⤵
            • Registers COM server for autorun
            • Modifies registry class
            PID:1776
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DX9_41_x64.inf
            5⤵
            • Drops file in System32 directory
            PID:1672
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_41_x64.inf
            5⤵
            • Drops file in System32 directory
            PID:1816
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DX9_42_x64.inf
            5⤵
            • Drops file in System32 directory
            PID:4908
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_42_x64.inf
            5⤵
            • Drops file in System32 directory
            PID:3856
          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx11_42_x64.inf
            5⤵
              PID:2376
            • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dcsx_42_x64.inf
              5⤵
                PID:3328
              • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DCompiler_42_x64.inf
                5⤵
                  PID:4992
                • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                  C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_5_x64.inf
                  5⤵
                    PID:2416
                  • C:\Windows\system32\regsvr32.exe
                    C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_5.dll
                    5⤵
                    • Registers COM server for autorun
                    PID:4028
                  • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                    C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_5_x64.inf
                    5⤵
                    • Drops file in System32 directory
                    PID:4092
                  • C:\Windows\system32\regsvr32.exe
                    C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_5.dll
                    5⤵
                    • Registers COM server for autorun
                    • Modifies registry class
                    PID:4088
                  • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                    C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe X3DAudio1_7_x64.inf
                    5⤵
                      PID:4572
                    • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                      C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_6_x64.inf
                      5⤵
                        PID:440
                      • C:\Windows\system32\regsvr32.exe
                        C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_6.dll
                        5⤵
                        • Registers COM server for autorun
                        • Modifies registry class
                        PID:4820
                      • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                        C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_6_x64.inf
                        5⤵
                        • Drops file in System32 directory
                        PID:4360
                      • C:\Windows\system32\regsvr32.exe
                        C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll
                        5⤵
                        • Registers COM server for autorun
                        • Modifies registry class
                        PID:4188
                      • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                        C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DX9_43_x64.inf
                        5⤵
                        • Drops file in Windows directory
                        PID:3196
                      • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                        C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx10_43_x64.inf
                        5⤵
                          PID:4284
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dx11_43_x64.inf
                          5⤵
                          • Drops file in System32 directory
                          PID:3620
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe d3dcsx_43_x64.inf
                          5⤵
                            PID:1956
                          • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                            C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe D3DCompiler_43_x64.inf
                            5⤵
                              PID:4896
                            • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                              C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XACT3_7_x64.inf
                              5⤵
                                PID:4288
                              • C:\Windows\system32\regsvr32.exe
                                C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_7.dll
                                5⤵
                                • Registers COM server for autorun
                                • Modifies registry class
                                PID:3008
                              • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                                C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe XAudio2_7_x64.inf
                                5⤵
                                  PID:2616
                                • C:\Windows\system32\regsvr32.exe
                                  C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll
                                  5⤵
                                  • Registers COM server for autorun
                                  • Modifies registry class
                                  PID:3504
                          • C:\Users\Admin\AppData\Local\Temp\Electron.exe
                            "C:\Users\Admin\AppData\Local\Temp\Electron.exe"
                            2⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Checks whether UAC is enabled
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3216
                        • C:\Windows\system32\vssvc.exe
                          C:\Windows\system32\vssvc.exe
                          1⤵
                          • Checks SCSI registry key(s)
                          • Suspicious use of AdjustPrivilegeToken
                          PID:744
                        • C:\Windows\system32\srtasks.exe
                          C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                          1⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1172

                        Network

                        MITRE ATT&CK Matrix ATT&CK v6

                        Initial Access

                        Execution

                        Persistence

                        Registry Run Keys / Startup Folder

                        2
                        T1060

                        Privilege Escalation

                        Defense Evasion

                        Virtualization/Sandbox Evasion

                        1
                        T1497

                        Modify Registry

                        1
                        T1112

                        Credential Access

                        Discovery

                        Query Registry

                        7
                        T1012

                        Virtualization/Sandbox Evasion

                        1
                        T1497

                        System Information Discovery

                        7
                        T1082

                        Peripheral Device Discovery

                        2
                        T1120

                        Lateral Movement

                        Collection

                        Exfiltration

                        Command and Control

                        Web Service

                        1
                        T1102

                        Impact

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_24.dll
                          Filesize

                          3.4MB

                          MD5

                          b165df72e13e6af74d47013504319921

                          SHA1

                          c45b192cf8904b7579bbc26c799aa7ffa5cbb1d4

                          SHA256

                          1ec422bd6421c741eef57847260967f215913649901e21dd9c46eb1b3bb10906

                          SHA512

                          859b6cd538735e5cc1c44f63d66b25588ad1ad32202cae606ff95b8c4a80f6a66db9ef7c5d43820010de9334b8bbbfb079939ce89ba0b760f5d651d7fa8268ed

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_24_x64.inf
                          Filesize

                          679B

                          MD5

                          2c4e850789bf9606aa4783cd9c26099a

                          SHA1

                          036ee1c9ce3b8c495b3d155fe83e54c00a2611d4

                          SHA256

                          f02bd6bb0ca1ed41698def1465c05f5b47ca459f886647f2d84f85c5c09dad9c

                          SHA512

                          f09cb85eb7024c89024d12dd40021d1df046bb825a985bee1cb164a5c026693325bc5d64491702731ed5cb71b5af7eef34f8a922bee6d9d5881ff113dce23d21

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_25.dll
                          Filesize

                          3.6MB

                          MD5

                          4c56e7c5b2a61353e534c7d15d05856d

                          SHA1

                          e6e0a59a1e8217ae06cda29942537bc4be25d5a1

                          SHA256

                          10b09474bfe4e2bb395472628646bc5f353fbfbec976575c45eeff49984ebaa6

                          SHA512

                          6f630ea0764b4551d80a96f6c2b9391ed5741f14431eec951699c0e42b9434a45841d71bea5576b285cc20d38fd082b4cfc8062e4aa61f80aed9e57869cdd5d2

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_25_x64.inf
                          Filesize

                          667B

                          MD5

                          fbed164855ae10f4c2d4eb238f414e6a

                          SHA1

                          7c3ec7759a23e77242bdc70c8033c013f2c794d6

                          SHA256

                          9af2752d59fc38dd26d30769132a0887ff4123269c0dc4406f5107295e69c7c1

                          SHA512

                          68e7d441aa0b842329f63ed34bb392d1582b635eee1bd1c8a797e9a59303fc85b0d842de0fd29d88fa3c8ac0bb6d858671101633161487d6353e73c862fb228d

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_26.dll
                          Filesize

                          3.6MB

                          MD5

                          44f5c5e27d6825e4e62420bc29b8b533

                          SHA1

                          046455294e199af99c7c2d9174d25b230e6fd0e6

                          SHA256

                          30b06dbbd202494bae3b87487e7273adcffd17a9d2c29977030fde0570aa841b

                          SHA512

                          0c9adca329c386cb2caf0f36d672ba326929f02c29748b13188bb7ade3fbec9131ce86a6bf1b3064a2fbb8de6b8adc34208f667df31c5db182918e79744a830b

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_26_x64.inf
                          Filesize

                          667B

                          MD5

                          831fb8a4394d256a5d7c15c16757912c

                          SHA1

                          961d7274de32808c4dce971d943ddd79a12e8d49

                          SHA256

                          6c152334efa5b011a44f160a23a5c58b66f3bcebbf6c4bc0722a526d36699a4b

                          SHA512

                          40f3d40cb40bd887ffa15a5fc60468e48f06bb1704d19061f9b51a9e2c15ab363644aac4618276910f6fc8d90f1083931916a9943306dcf736fc72feba2385c8

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_27.dll
                          Filesize

                          3.6MB

                          MD5

                          914c3237e4d145a18dcd1d0d4c8659e1

                          SHA1

                          32503c8f8d80551c896bc2dbf2c8ae3c490f0ec4

                          SHA256

                          f9dd288c9895973f8db1856d172779041c6dee173ad1ef53b1727fc85cb6b75f

                          SHA512

                          c760b5b0b5507da8f2336b2b0625f344f28fac33da16a7d8771a122b0ba54ebf5d2a2f702f4ebb83ded746f38d63abd378a9aa3b3e50579fab7c047fe38e2c02

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\d3dx9_27_x64.inf
                          Filesize

                          667B

                          MD5

                          925202b48a83647982cb0d55ab10668d

                          SHA1

                          b04a29859288545a3f8f9daf6aa39bb7a8b4b59c

                          SHA256

                          6f56c5be97e703584dd832f35ebdc78c6aeb07cc9df155d47ed9903142086488

                          SHA512

                          72b6b4b951d04ecee1c4ea613734113b864a542dcc554e86e8d7b7fa2b0d05a1e7623051ca0809c3e934cf28cadca54acb76ad515f71a263ffd17c3872677b69

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\dxupdate.dll
                          Filesize

                          173KB

                          MD5

                          7ed554b08e5b69578f9de012822c39c9

                          SHA1

                          036d04513e134786b4758def5aff83d19bf50c6e

                          SHA256

                          fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                          SHA512

                          7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\dxupdate.dll
                          Filesize

                          173KB

                          MD5

                          7ed554b08e5b69578f9de012822c39c9

                          SHA1

                          036d04513e134786b4758def5aff83d19bf50c6e

                          SHA256

                          fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                          SHA512

                          7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          Filesize

                          56KB

                          MD5

                          ac36c85030678eb69a498793a36a81e9

                          SHA1

                          a1719053eec7a206bd1d005e1038a1a7ca2eb1a0

                          SHA256

                          85a8b155b066d81efb5d4959f5ea59a9ce43d40663cb2aba05ef0e6d01c22c18

                          SHA512

                          47f26ed02bedc96b504344ac53418f63b1da4844b6db61d334dd9b09d0481584dbddc166a654c5b553d5609fb8fb90c01dee9329c68dd74c24ee6bd8eb136d06

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          Filesize

                          56KB

                          MD5

                          ac36c85030678eb69a498793a36a81e9

                          SHA1

                          a1719053eec7a206bd1d005e1038a1a7ca2eb1a0

                          SHA256

                          85a8b155b066d81efb5d4959f5ea59a9ce43d40663cb2aba05ef0e6d01c22c18

                          SHA512

                          47f26ed02bedc96b504344ac53418f63b1da4844b6db61d334dd9b09d0481584dbddc166a654c5b553d5609fb8fb90c01dee9329c68dd74c24ee6bd8eb136d06

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          Filesize

                          56KB

                          MD5

                          afd73a6c2e1172e4075c8b37816eb391

                          SHA1

                          eceaeaca967c9ac3239f65b4d4f75d994dabd7ee

                          SHA256

                          ea544793b661304f31f18e9d107a4b4b46bd198d806f6366870746fe52e01df9

                          SHA512

                          5c313c81808c664f056ccd64784e607439ed45874fe322afdf690aba6d8dc54c2b54e42f69ce003bd0aefd0ebe5518f102f846aaa96254d3218d62b4f5dc463b

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          Filesize

                          59KB

                          MD5

                          44f9c211701098d36dde44c5cf3afd63

                          SHA1

                          c020bb7dfb5932c5cbe19ca5d9feffde05781134

                          SHA256

                          d636d29f6019bcc232e62553728871097097aae05a6426bb86af15720de2e0e6

                          SHA512

                          b8aa96c4b8861b76f0c5c606f5458cc1e06e6e2ecd684f9ebde9e68a4d5057e84413816d78f88525fef63f4863a4b498c6d8cbc74faf8c555029dde7e34dec5a

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          Filesize

                          61KB

                          MD5

                          def5caad8a452d6515bd40df6dd6b51f

                          SHA1

                          c26a793ef0a117b9b960caaabf31fef6036576de

                          SHA256

                          34df5a253007edd15d14f28a333bac638fe961f0f3941b192d7a6a760c2635fe

                          SHA512

                          2f3984f126de1c89cb815e00587d41c9bc32358530d9d2931ef917f6d3a45422a80caf6bcbb1615a61e51d7cb81532795cafefdfc39f9dab7c2f7d70cc22a1bf

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\infinst.exe
                          Filesize

                          65KB

                          MD5

                          60db6abbe4d4f22d87cd15c9bdae79e7

                          SHA1

                          4dc25047507cb28a0855c8c2f5bf11fb0dbf1366

                          SHA256

                          10e420d85c6d2905d9ca076681c3b1d648bc1b5b3893c8eb5ff420d2b964f0cb

                          SHA512

                          846fc61367cc3fff2c0516c1872f1380e120684853fa9e4a6d077f94c83c99dfdc9f3d2cf7de587fe3988a3224b7ea7e0f27c7a76e11c5a6daaf03ed15864476

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          2.6MB

                          MD5

                          a73e7421449cca62b0561bad4c8ef23d

                          SHA1

                          cf51ca7d28fcdc79c215450fb759ffe9101b6cfe

                          SHA256

                          7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059

                          SHA512

                          63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          2.6MB

                          MD5

                          a73e7421449cca62b0561bad4c8ef23d

                          SHA1

                          cf51ca7d28fcdc79c215450fb759ffe9101b6cfe

                          SHA256

                          7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059

                          SHA512

                          63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          2.7MB

                          MD5

                          5e2b8b8a5ed016468716b9ff82a1806f

                          SHA1

                          f1772121149d87745738cd471d0e504301a9ad0d

                          SHA256

                          5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799

                          SHA512

                          4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          2.7MB

                          MD5

                          5e2b8b8a5ed016468716b9ff82a1806f

                          SHA1

                          f1772121149d87745738cd471d0e504301a9ad0d

                          SHA256

                          5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799

                          SHA512

                          4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          550KB

                          MD5

                          d3f1922325be8e7e1c72bfd8179454ce

                          SHA1

                          89134f43ce2af4adfbc4087392aee6fe56be7ff4

                          SHA256

                          8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12

                          SHA512

                          d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          550KB

                          MD5

                          d3f1922325be8e7e1c72bfd8179454ce

                          SHA1

                          89134f43ce2af4adfbc4087392aee6fe56be7ff4

                          SHA256

                          8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12

                          SHA512

                          d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          554KB

                          MD5

                          fb3bc0754921873a65f5fbdca845e6ee

                          SHA1

                          67cde5bc8577cd3040e275d290ac021874da9fe8

                          SHA256

                          f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8

                          SHA512

                          292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          554KB

                          MD5

                          fb3bc0754921873a65f5fbdca845e6ee

                          SHA1

                          67cde5bc8577cd3040e275d290ac021874da9fe8

                          SHA256

                          f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8

                          SHA512

                          292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          562KB

                          MD5

                          afcf5f50c632f3a5598abc28f196d77c

                          SHA1

                          294385693592f9d6320f8b0b18f45bc194d01a4d

                          SHA256

                          5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013

                          SHA512

                          29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          562KB

                          MD5

                          afcf5f50c632f3a5598abc28f196d77c

                          SHA1

                          294385693592f9d6320f8b0b18f45bc194d01a4d

                          SHA256

                          5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013

                          SHA512

                          29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          563KB

                          MD5

                          ccd53738df4fa27849b6bb05dd67d10d

                          SHA1

                          28126653a3d1b4574fcb0c09176f5fa0ff28ef78

                          SHA256

                          c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62

                          SHA512

                          aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          563KB

                          MD5

                          ccd53738df4fa27849b6bb05dd67d10d

                          SHA1

                          28126653a3d1b4574fcb0c09176f5fa0ff28ef78

                          SHA256

                          c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62

                          SHA512

                          aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          564KB

                          MD5

                          43c280c3b15ceb2472ab560d09629664

                          SHA1

                          e3a897d7608d03c93b5c2b8aef52703452cf6696

                          SHA256

                          bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c

                          SHA512

                          5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          564KB

                          MD5

                          43c280c3b15ceb2472ab560d09629664

                          SHA1

                          e3a897d7608d03c93b5c2b8aef52703452cf6696

                          SHA256

                          bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c

                          SHA512

                          5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          564KB

                          MD5

                          490807c150b7d8be44bde871f4df8c56

                          SHA1

                          69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e

                          SHA256

                          36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77

                          SHA512

                          9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          564KB

                          MD5

                          490807c150b7d8be44bde871f4df8c56

                          SHA1

                          69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e

                          SHA256

                          36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77

                          SHA512

                          9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          565KB

                          MD5

                          933085360527de1b4947289ca468184e

                          SHA1

                          d5ee5e1e3c992c7518b5ce510c627c1564131b12

                          SHA256

                          78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d

                          SHA512

                          2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\DX2EAD.tmp\microsoft.directx.direct3dx.dll
                          Filesize

                          565KB

                          MD5

                          933085360527de1b4947289ca468184e

                          SHA1

                          d5ee5e1e3c992c7518b5ce510c627c1564131b12

                          SHA256

                          78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d

                          SHA512

                          2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll
                          Filesize

                          93KB

                          MD5

                          984cad22fa542a08c5d22941b888d8dc

                          SHA1

                          3e3522e7f3af329f2235b0f0850d664d5377b3cd

                          SHA256

                          57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                          SHA512

                          8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll
                          Filesize

                          1.5MB

                          MD5

                          a5412a144f63d639b47fcc1ba68cb029

                          SHA1

                          81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                          SHA256

                          8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                          SHA512

                          2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll
                          Filesize

                          173KB

                          MD5

                          7ed554b08e5b69578f9de012822c39c9

                          SHA1

                          036d04513e134786b4758def5aff83d19bf50c6e

                          SHA256

                          fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                          SHA512

                          7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll
                          Filesize

                          173KB

                          MD5

                          7ed554b08e5b69578f9de012822c39c9

                          SHA1

                          036d04513e134786b4758def5aff83d19bf50c6e

                          SHA256

                          fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                          SHA512

                          7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif
                          Filesize

                          56KB

                          MD5

                          7b1fbe9f5f43b2261234b78fe115cf8e

                          SHA1

                          dd0f256ae38b4c4771e1d1ec001627017b7bb741

                          SHA256

                          762ff640013db2bd4109d7df43a867303093815751129bd1e33f16bf02e52cce

                          SHA512

                          d21935a9867c0f2f7084917c79fbb1da885a1bfd4793cf669ff4da8c777b3a201857250bfb7c2b616625a8d3573c68395d210446d2c284b41cf09cc7cbb07885

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                          Filesize

                          515KB

                          MD5

                          ac3a5f7be8cd13a863b50ab5fe00b71c

                          SHA1

                          eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

                          SHA256

                          8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

                          SHA512

                          c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                          Filesize

                          515KB

                          MD5

                          ac3a5f7be8cd13a863b50ab5fe00b71c

                          SHA1

                          eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

                          SHA256

                          8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

                          SHA512

                          c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf
                          Filesize

                          477B

                          MD5

                          ad8982eaa02c7ad4d7cdcbc248caa941

                          SHA1

                          4ccd8e038d73a5361d754c7598ed238fc040d16b

                          SHA256

                          d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00

                          SHA512

                          5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\NDP461-KB3102438-Web.exe
                          Filesize

                          1.4MB

                          MD5

                          4d1bb86d0eee168e1da91a36350c1c21

                          SHA1

                          ee88b05232f43b517d4a368f7ee5065cde7f67fa

                          SHA256

                          e10c2a36c5013ee83815fcc38963ae3e5c4afd7ffe770e817322fe366bdef6e1

                          SHA512

                          97c4dd638e2e0324d60bdd1d7be85603edbf969898469a524fb271eba5e22b78ca67db1f568f5c45393381f1e76408c366ad4a68a7bb00e23d1fb820e67de99e

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
                          Filesize

                          285KB

                          MD5

                          bcbb7c0cd9696068988953990ec5bd11

                          SHA1

                          3c8243734cf43dd7bb2332ba05b58ccacfa4377c

                          SHA256

                          34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

                          SHA512

                          551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
                          Filesize

                          285KB

                          MD5

                          bcbb7c0cd9696068988953990ec5bd11

                          SHA1

                          3c8243734cf43dd7bb2332ba05b58ccacfa4377c

                          SHA256

                          34f64699d4830145cae69bd40115b1f326e70fc6a98456cb3df996d947dddca4

                          SHA512

                          551a2e3aa5fc7c0e79c3bd7c5333df5f1920ea83fe35b99adbbe865ea926fa772d72709bde2ea8f2685f4914cd96ff7b5b6f894f9b99f1120c2abe89c390a786

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\vcredist64.exe
                          Filesize

                          24.1MB

                          MD5

                          b04c99520edb36613461b3c87c5c8e19

                          SHA1

                          839e382ebeef87003fce57969a79bd58bb264192

                          SHA256

                          a9f5d2eaf67bf0db0178b6552a71c523c707df0e2cc66c06bfbc08bdc53387e7

                          SHA512

                          e320f25dac00fe18b825c1c154c8a5b8f571529aa411a9cdcc510b8b931b98bec17b550ed425aa93fbba6c96b9d3630c606264c03f117aa1d1df09c7b0f20045

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\vcredist64.exe
                          Filesize

                          24.1MB

                          MD5

                          b04c99520edb36613461b3c87c5c8e19

                          SHA1

                          839e382ebeef87003fce57969a79bd58bb264192

                          SHA256

                          a9f5d2eaf67bf0db0178b6552a71c523c707df0e2cc66c06bfbc08bdc53387e7

                          SHA512

                          e320f25dac00fe18b825c1c154c8a5b8f571529aa411a9cdcc510b8b931b98bec17b550ed425aa93fbba6c96b9d3630c606264c03f117aa1d1df09c7b0f20045

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\vcredist86.exe
                          Filesize

                          13.1MB

                          MD5

                          1141e831c061eb2537376ec9994cf496

                          SHA1

                          230825953c24344cfb3b1d465f6f50364624b4a6

                          SHA256

                          ac75a82d873e6b6f98b1d293042380764d7d263c43438e50d564fa58c9f891c2

                          SHA512

                          f7f4c7dd0690bfec092ecd7882e6c7b5bd65e9aba426c777bdf505c3c4eaeb7c479e33f1a29a64cf923903220117e035cdfd3a3873bff8d71e8edbcb7dcd58c8

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\vcredist86.exe
                          Filesize

                          13.1MB

                          MD5

                          1141e831c061eb2537376ec9994cf496

                          SHA1

                          230825953c24344cfb3b1d465f6f50364624b4a6

                          SHA256

                          ac75a82d873e6b6f98b1d293042380764d7d263c43438e50d564fa58c9f891c2

                          SHA512

                          f7f4c7dd0690bfec092ecd7882e6c7b5bd65e9aba426c777bdf505c3c4eaeb7c479e33f1a29a64cf923903220117e035cdfd3a3873bff8d71e8edbcb7dcd58c8

                          Download Submit
                        • C:\Windows\DirectX.log
                          Filesize

                          315B

                          MD5

                          4020cd973c3088fdd68d6730e11b4caa

                          SHA1

                          c18d2255f3f30690b367de39548559a4a976e784

                          SHA256

                          6ef4338352290acb4f4945032958e39776bcd7a64fb7dd9a403eb33485cc82c8

                          SHA512

                          3d905e617e04ac7ff3f6137153cd3fe1096032979a2316169ef9aa7dd7fffa979969d545a1fad5999b07b7f760b480aff9ecd5e2d546bbb7ca5aae007446eae9

                          Download Submit
                        • C:\Windows\DirectX.log
                          Filesize

                          511B

                          MD5

                          282c3e317f3041db5216b511d27e6df2

                          SHA1

                          a3426a953124ad9c8f370712f3c6e82f662f0312

                          SHA256

                          6362dbfe61ccb5dd6e613564ad9817289e85bcad046c1e174940182d0ce60509

                          SHA512

                          729b21ff8b8c8c7d540ab257bb2c46dead590476dc5c0b4e7528a74e1542577d7a771fd62c10ee4a2803dd8175c3fcd14944f3515ddc4d882199ccba8ac1b14b

                          Download Submit
                        • C:\Windows\DirectX.log
                          Filesize

                          707B

                          MD5

                          6a5ea8264f4a89897b5de000a3ea348e

                          SHA1

                          0e0ef63e143b5c850e1f485b288531885607361e

                          SHA256

                          c70f4617d2e235510a7cd6cb4850533cac26fcc644312c03cf10918481939c6d

                          SHA512

                          fc0854062625958578fc281290f4f33c348421b89555b68228bed314512867f5b85d45ac7027ccc7f7a06d3c82b5d1a2592e3f411578d5db9b288dbd34e77cb4

                          Download Submit
                        • C:\Windows\SysWOW64\directx\websetup\dsetup.dll
                          Filesize

                          93KB

                          MD5

                          984cad22fa542a08c5d22941b888d8dc

                          SHA1

                          3e3522e7f3af329f2235b0f0850d664d5377b3cd

                          SHA256

                          57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                          SHA512

                          8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                          Download Submit
                        • C:\Windows\SysWOW64\directx\websetup\dsetup32.dll
                          Filesize

                          1.5MB

                          MD5

                          a5412a144f63d639b47fcc1ba68cb029

                          SHA1

                          81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                          SHA256

                          8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                          SHA512

                          2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                          Download Submit
                        • C:\Windows\Temp\{062384C8-E983-4104-B08A-47C1B5D2C144}\.ba\wixstdba.dll
                          Filesize

                          191KB

                          MD5

                          eab9caf4277829abdf6223ec1efa0edd

                          SHA1

                          74862ecf349a9bedd32699f2a7a4e00b4727543d

                          SHA256

                          a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

                          SHA512

                          45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

                          Download Submit
                        • C:\Windows\Temp\{062384C8-E983-4104-B08A-47C1B5D2C144}\.be\VC_redist.x64.exe
                          Filesize

                          634KB

                          MD5

                          3cfb3ae4a227ece66ce051e42cc2df00

                          SHA1

                          0a2bb202c5ce2aa8f5cda30676aece9a489fd725

                          SHA256

                          54fbe7fdf0fd2e95c38822074e77907e6a3c8726e4ab38d2222deeffa6c0ccaf

                          SHA512

                          60d808d08afd4920583e540c3740d71e4f9dc5b16a0696537fea243cb8a79fb1df36004f560742a541761b0378bf0b5bc5be88569cd828a11afe9c3d61d9d4f1

                          Download Submit
                        • C:\Windows\Temp\{062384C8-E983-4104-B08A-47C1B5D2C144}\.be\VC_redist.x64.exe
                          Filesize

                          634KB

                          MD5

                          3cfb3ae4a227ece66ce051e42cc2df00

                          SHA1

                          0a2bb202c5ce2aa8f5cda30676aece9a489fd725

                          SHA256

                          54fbe7fdf0fd2e95c38822074e77907e6a3c8726e4ab38d2222deeffa6c0ccaf

                          SHA512

                          60d808d08afd4920583e540c3740d71e4f9dc5b16a0696537fea243cb8a79fb1df36004f560742a541761b0378bf0b5bc5be88569cd828a11afe9c3d61d9d4f1

                          Download Submit
                        • C:\Windows\Temp\{DF582F07-0F01-46C6-A3AD-1E03770E9C62}\.ba\wixstdba.dll
                          Filesize

                          191KB

                          MD5

                          eab9caf4277829abdf6223ec1efa0edd

                          SHA1

                          74862ecf349a9bedd32699f2a7a4e00b4727543d

                          SHA256

                          a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

                          SHA512

                          45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

                          Download Submit
                        • C:\Windows\Temp\{DF582F07-0F01-46C6-A3AD-1E03770E9C62}\.be\VC_redist.x86.exe
                          Filesize

                          633KB

                          MD5

                          a9993e4a107abf84e456b796c65a9899

                          SHA1

                          5852b1acacd33118bce4c46348ee6c5aa7ad12eb

                          SHA256

                          dfa88ba4491ac48f49c1b80011eddfd650cc14de43f5a4d3218fb79acb2f2dbc

                          SHA512

                          d75c44a1a1264c878a9db71993f5e923dc18935aa925b23b147d18807605e6fe8048af92b0efe43934252d688f8b0279363b1418293664a668a491d901aef1d9

                          Download Submit
                        • C:\Windows\Temp\{DF582F07-0F01-46C6-A3AD-1E03770E9C62}\.be\VC_redist.x86.exe
                          Filesize

                          633KB

                          MD5

                          a9993e4a107abf84e456b796c65a9899

                          SHA1

                          5852b1acacd33118bce4c46348ee6c5aa7ad12eb

                          SHA256

                          dfa88ba4491ac48f49c1b80011eddfd650cc14de43f5a4d3218fb79acb2f2dbc

                          SHA512

                          d75c44a1a1264c878a9db71993f5e923dc18935aa925b23b147d18807605e6fe8048af92b0efe43934252d688f8b0279363b1418293664a668a491d901aef1d9

                          Download Submit
                        • C:\Windows\Temp\{F1FA6820-F430-439F-9B03-62CA3245F5DC}\.cr\vcredist64.exe
                          Filesize

                          634KB

                          MD5

                          3cfb3ae4a227ece66ce051e42cc2df00

                          SHA1

                          0a2bb202c5ce2aa8f5cda30676aece9a489fd725

                          SHA256

                          54fbe7fdf0fd2e95c38822074e77907e6a3c8726e4ab38d2222deeffa6c0ccaf

                          SHA512

                          60d808d08afd4920583e540c3740d71e4f9dc5b16a0696537fea243cb8a79fb1df36004f560742a541761b0378bf0b5bc5be88569cd828a11afe9c3d61d9d4f1

                          Download Submit
                        • C:\Windows\Temp\{F1FA6820-F430-439F-9B03-62CA3245F5DC}\.cr\vcredist64.exe
                          Filesize

                          634KB

                          MD5

                          3cfb3ae4a227ece66ce051e42cc2df00

                          SHA1

                          0a2bb202c5ce2aa8f5cda30676aece9a489fd725

                          SHA256

                          54fbe7fdf0fd2e95c38822074e77907e6a3c8726e4ab38d2222deeffa6c0ccaf

                          SHA512

                          60d808d08afd4920583e540c3740d71e4f9dc5b16a0696537fea243cb8a79fb1df36004f560742a541761b0378bf0b5bc5be88569cd828a11afe9c3d61d9d4f1

                          Download Submit
                        • C:\Windows\Temp\{F5DA595B-043C-4A46-B779-2D6E068036BF}\.cr\vcredist86.exe
                          Filesize

                          633KB

                          MD5

                          a9993e4a107abf84e456b796c65a9899

                          SHA1

                          5852b1acacd33118bce4c46348ee6c5aa7ad12eb

                          SHA256

                          dfa88ba4491ac48f49c1b80011eddfd650cc14de43f5a4d3218fb79acb2f2dbc

                          SHA512

                          d75c44a1a1264c878a9db71993f5e923dc18935aa925b23b147d18807605e6fe8048af92b0efe43934252d688f8b0279363b1418293664a668a491d901aef1d9

                          Download Submit
                        • C:\Windows\Temp\{F5DA595B-043C-4A46-B779-2D6E068036BF}\.cr\vcredist86.exe
                          Filesize

                          633KB

                          MD5

                          a9993e4a107abf84e456b796c65a9899

                          SHA1

                          5852b1acacd33118bce4c46348ee6c5aa7ad12eb

                          SHA256

                          dfa88ba4491ac48f49c1b80011eddfd650cc14de43f5a4d3218fb79acb2f2dbc

                          SHA512

                          d75c44a1a1264c878a9db71993f5e923dc18935aa925b23b147d18807605e6fe8048af92b0efe43934252d688f8b0279363b1418293664a668a491d901aef1d9

                          Download Submit
                        • memory/8-165-0x0000000000000000-mapping.dmp
                          Download
                        • memory/220-263-0x0000000000000000-mapping.dmp
                          Download
                        • memory/632-268-0x0000000000000000-mapping.dmp
                          Download
                        • memory/768-163-0x0000000000000000-mapping.dmp
                          Download
                        • memory/868-266-0x0000000000000000-mapping.dmp
                          Download
                        • memory/980-261-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1100-229-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1100-159-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1172-269-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1204-234-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1484-262-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1572-238-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1732-226-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1820-240-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1856-224-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1868-210-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1908-276-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-150-0x0000000076F60000-0x0000000077103000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/1908-136-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-135-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-130-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-277-0x0000000076F60000-0x0000000077103000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/1908-134-0x0000000076F60000-0x0000000077103000-memory.dmp
                          Filesize

                          1.6MB

                          Download
                        • memory/1908-137-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-133-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-132-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-149-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1908-131-0x0000000000620000-0x0000000000FC4000-memory.dmp
                          Filesize

                          9.6MB

                          Download
                        • memory/1956-252-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1968-275-0x0000000000000000-mapping.dmp
                          Download
                        • memory/1976-205-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2200-146-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2224-272-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2300-235-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2332-273-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2340-139-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2372-239-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2376-237-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2624-257-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2624-258-0x0000000000910000-0x0000000000979000-memory.dmp
                          Filesize

                          420KB

                          Download
                        • memory/2624-259-0x0000000000911000-0x000000000096C000-memory.dmp
                          Filesize

                          364KB

                          Download
                        • memory/2660-236-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2684-267-0x0000000000000000-mapping.dmp
                          Download
                        • memory/2852-274-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3008-255-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3192-250-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3216-278-0x0000000000190000-0x00000000017BE000-memory.dmp
                          Filesize

                          22.2MB

                          Download
                        • memory/3252-166-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3300-271-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3464-231-0x00000000020D0000-0x000000000212A000-memory.dmp
                          Filesize

                          360KB

                          Download
                        • memory/3464-230-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3464-232-0x00000000020D1000-0x000000000211F000-memory.dmp
                          Filesize

                          312KB

                          Download
                        • memory/3572-227-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3620-251-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3652-254-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3660-151-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3728-270-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3816-247-0x0000000002140000-0x00000000021A4000-memory.dmp
                          Filesize

                          400KB

                          Download
                        • memory/3816-248-0x0000000002141000-0x0000000002198000-memory.dmp
                          Filesize

                          348KB

                          Download
                        • memory/3816-246-0x0000000000000000-mapping.dmp
                          Download
                        • memory/3964-215-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4080-220-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4136-200-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4136-142-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4164-223-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4188-249-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4332-155-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4404-162-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4420-225-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4444-245-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4480-233-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4572-244-0x00000000020B1000-0x0000000002108000-memory.dmp
                          Filesize

                          348KB

                          Download
                        • memory/4572-242-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4572-243-0x00000000020B0000-0x0000000002114000-memory.dmp
                          Filesize

                          400KB

                          Download
                        • memory/4580-265-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4652-264-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4656-152-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4836-222-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4900-169-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4964-228-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4980-253-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4984-241-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4996-138-0x0000000000000000-mapping.dmp
                          Download
                        • memory/4996-260-0x0000000000000000-mapping.dmp
                          Download
                        • memory/5076-256-0x0000000000000000-mapping.dmp
                          Download