Overview

overview

9

Static

static

GTA San Andreas.zip

windows10-1703-x64

9

Analysis

  • max time kernel
    1494s
  • max time network
    1841s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/01/2023, 17:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GTA San Andreas.zip

  • Size

    1000.9MB

  • MD5

    5b5de57572d05b64bf38def17fa0c205

  • SHA1

    fc8d14d163b8bfa99c755a3904a6ae03e310d1a6

  • SHA256

    74cb91fb31d0e2fd277169ef25cb2a87d9ac75e1104cae328714212261ccf9c6

  • SHA512

    c1df7c056c7f22872449f863f1fe94dc3453a957d3b8011f81fb2567ba6e3f06e70467a2ad28daf86b633b883e2842aeef4ef0bee67ce976c435ab3f89ab92ba

  • SSDEEP

    25165824:t2Y/S2Xpov8/DKz4UxuvmuCfKxfth6I5gJEWTKCed9FGx4:kkS2u0/DKLxuvOfKxfthRWmCed9FGx4

Score
9/10
discoverypersistenceupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
    persistence
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 3 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • NTFS ADS 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\GTA San Andreas.zip"
    1⤵
      PID:4804
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4864
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\GTA San Andreas\" -spe -an -ai#7zMap19745:88:7zEvent16961
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:3496
      • C:\Users\Admin\Desktop\GTA San Andreas\mtasa-1.5.9.exe
        "C:\Users\Admin\Desktop\GTA San Andreas\mtasa-1.5.9.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of WriteProcessMemory
        PID:2276
        • C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe" /Q
          2⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:492
          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
            C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe /windowsupdate
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops desktop.ini file(s)
            • Enumerates connected drives
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:1748
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_24_x64.inf
              4⤵
              • Executes dropped EXE
              PID:5060
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_25_x64.inf
              4⤵
              • Executes dropped EXE
              PID:1832
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_26_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4920
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_27_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4412
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_28_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4392
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_29_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4600
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT_x64.inf
              4⤵
              • Executes dropped EXE
              PID:648
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_0.dll
              4⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              PID:2444
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_30_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2044
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_1_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:1196
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_1.dll
              4⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              PID:1320
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe xinput1_1_x64.inf, Install_Driver
              4⤵
              • Executes dropped EXE
              PID:1536
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_2_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2928
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_2.dll
              4⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              • Modifies registry class
              PID:3208
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe xinput1_2_x64.inf, Install_Driver
              4⤵
              • Executes dropped EXE
              PID:3240
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_3_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4500
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_3.dll
              4⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              • Modifies registry class
              PID:4552
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_31_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4504
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_4_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4548
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_4.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:400
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_32_x64.inf
              4⤵
              • Executes dropped EXE
              PID:1116
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_00_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:608
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_5_x64.inf
              4⤵
              • Executes dropped EXE
              PID:1344
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_5.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:3896
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_6_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4696
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_6.dll
              4⤵
              • Registers COM server for autorun
              PID:3340
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_33_x64.inf
              4⤵
              • Executes dropped EXE
              PID:208
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_33_x64.inf
              4⤵
              • Executes dropped EXE
              PID:1612
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_7_x64.inf
              4⤵
              • Executes dropped EXE
              PID:3940
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_7.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:760
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
              4⤵
              • Executes dropped EXE
              PID:636
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_34_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2404
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_34_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:3568
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_8_x64.inf
              4⤵
              • Executes dropped EXE
              PID:3348
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_8.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:3772
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_35_x64.inf
              4⤵
              • Executes dropped EXE
              PID:3540
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_35_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:1776
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_9_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:3696
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_9.dll
              4⤵
              • Registers COM server for autorun
              PID:4764
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx9_36_x64.inf
              4⤵
              • Executes dropped EXE
              PID:3844
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_36_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2168
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe X3DAudio1_2_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4884
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT2_10_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2996
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_10.dll
              4⤵
              • Registers COM server for autorun
              PID:1424
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DX9_37_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4312
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_37_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4316
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe X3DAudio1_3_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4320
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_0_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:4296
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_0.dll
              4⤵
              • Registers COM server for autorun
              PID:2748
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_0_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4280
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_0.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:2264
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DX9_38_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4960
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_38_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4908
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe X3DAudio1_4_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:2776
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_1_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4272
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_1.dll
              4⤵
              • Registers COM server for autorun
              PID:1752
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_1_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4632
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_1.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:3184
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DX9_39_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4900
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_39_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4336
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_2_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:5076
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_2.dll
              4⤵
              • Registers COM server for autorun
              PID:4972
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_2_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:1832
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_2.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:4244
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe X3DAudio1_5_x64.inf
              4⤵
              • Executes dropped EXE
              PID:4348
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_3_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4092
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_3.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:4376
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_3_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4392
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_3.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:4600
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DX9_40_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4976
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_40_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:412
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe X3DAudio1_6_x64.inf
              4⤵
              • Executes dropped EXE
              PID:864
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_4_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4740
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_4.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:2468
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_4_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2436
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_4.dll
              4⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:1540
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DX9_41_x64.inf
              4⤵
              • Executes dropped EXE
              PID:1716
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_41_x64.inf
              4⤵
              • Executes dropped EXE
              PID:3668
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DX9_42_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2104
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_42_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:3788
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx11_42_x64.inf
              4⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:2320
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dcsx_42_x64.inf
              4⤵
              • Executes dropped EXE
              PID:2272
            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DCompiler_42_x64.inf
              4⤵
                PID:4524
              • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_5_x64.inf
                4⤵
                  PID:4560
                • C:\Windows\system32\regsvr32.exe
                  C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_5.dll
                  4⤵
                  • Registers COM server for autorun
                  • Modifies registry class
                  PID:4552
                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                  C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_5_x64.inf
                  4⤵
                  • Drops file in System32 directory
                  PID:4504
                • C:\Windows\system32\regsvr32.exe
                  C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_5.dll
                  4⤵
                  • Registers COM server for autorun
                  • Modifies registry class
                  PID:1884
                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                  C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe X3DAudio1_7_x64.inf
                  4⤵
                    PID:232
                  • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                    C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_6_x64.inf
                    4⤵
                      PID:1192
                    • C:\Windows\system32\regsvr32.exe
                      C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_6.dll
                      4⤵
                      • Registers COM server for autorun
                      • Modifies registry class
                      PID:400
                    • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                      C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_6_x64.inf
                      4⤵
                      • Drops file in System32 directory
                      PID:372
                    • C:\Windows\system32\regsvr32.exe
                      C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll
                      4⤵
                      • Registers COM server for autorun
                      • Modifies registry class
                      PID:1356
                    • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                      C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DX9_43_x64.inf
                      4⤵
                        PID:396
                      • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                        C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx10_43_x64.inf
                        4⤵
                          PID:912
                        • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                          C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dx11_43_x64.inf
                          4⤵
                            PID:1636
                          • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                            C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe d3dcsx_43_x64.inf
                            4⤵
                              PID:3336
                            • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                              C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe D3DCompiler_43_x64.inf
                              4⤵
                                PID:304
                              • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XACT3_7_x64.inf
                                4⤵
                                • Drops file in Windows directory
                                PID:212
                              • C:\Windows\system32\regsvr32.exe
                                C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_7.dll
                                4⤵
                                • Registers COM server for autorun
                                • Modifies registry class
                                PID:2252
                              • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe XAudio2_7_x64.inf
                                4⤵
                                • Drops file in System32 directory
                                PID:2204
                              • C:\Windows\system32\regsvr32.exe
                                C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll
                                4⤵
                                • Registers COM server for autorun
                                • Modifies registry class
                                PID:1244
                          • C:\Program Files (x86)\MTA San Andreas 1.5\Multi Theft Auto.exe
                            "C:\Program Files (x86)\MTA San Andreas 1.5\Multi Theft Auto.exe" /nolaunch /kdinstall
                            2⤵
                            • Drops file in Program Files directory
                            • Modifies system certificate store
                            PID:3952
                          • C:\Program Files (x86)\MTA San Andreas 1.5\Multi Theft Auto.exe
                            "C:\Program Files (x86)\MTA San Andreas 1.5\Multi Theft Auto.exe"
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3996
                            • C:\Users\Admin\Desktop\GTA San Andreas\gta_sa.exe
                              "C:\Users\Admin\Desktop\GTA San Andreas\gta_sa.exe"
                              3⤵
                              • NTFS ADS
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious behavior: GetForegroundWindowSpam
                              • Suspicious use of SetWindowsHookEx
                              PID:4728
                              • C:\Program Files (x86)\MTA San Andreas 1.5\mta\wow64_helper.exe
                                "mta\wow64_helper.exe" BF=1396&BM=1392&CR=1384&SR=1388
                                4⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3584
                            • C:\Program Files (x86)\MTA San Andreas 1.5\Multi Theft Auto.exe
                              "C:\Program Files (x86)\MTA San Andreas 1.5\Multi Theft Auto.exe"
                              3⤵
                                PID:4404
                                • C:\Users\Admin\Desktop\GTA San Andreas\gta_sa.exe
                                  "C:\Users\Admin\Desktop\GTA San Andreas\gta_sa.exe"
                                  4⤵
                                  • Drops file in Program Files directory
                                  • Suspicious behavior: GetForegroundWindowSpam
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of SetWindowsHookEx
                                  PID:608
                                  • C:\Program Files (x86)\MTA San Andreas 1.5\mta\wow64_helper.exe
                                    "mta\wow64_helper.exe" BF=2992&BM=3048&CR=3052&SR=3012
                                    5⤵
                                      PID:3152
                                    • C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe
                                      "C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\locales" --log-severity=warning --resources-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --kgfiv8n=PHQGHUMEAYLNLFDXFIRCVSCXGGBWKF --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\cefdebug.txt" --mojo-platform-channel-handle=4280 --field-trial-handle=4448,i,12439036487292927785,4158151739743599476,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
                                      5⤵
                                        PID:416
                                      • C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe
                                        "C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\locales" --log-severity=warning --resources-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --kgfiv8n=PHQGHUMEAYLNLFDXFIRCVSCXGGBWKF --log-file="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\cefdebug.txt" --mojo-platform-channel-handle=4580 --field-trial-handle=4448,i,12439036487292927785,4158151739743599476,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                        5⤵
                                          PID:4288
                                        • C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe
                                          "C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --locales-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\locales" --log-severity=warning --resources-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --kgfiv8n=PHQGHUMEAYLNLFDXFIRCVSCXGGBWKF --log-file="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\cefdebug.txt" --mojo-platform-channel-handle=3456 --field-trial-handle=4448,i,12439036487292927785,4158151739743599476,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                          5⤵
                                            PID:4272
                                          • C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe
                                            "C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe" --type=renderer --locales-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\locales" --log-severity=warning --resources-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --kgfiv8n=PHQGHUMEAYLNLFDXFIRCVSCXGGBWKF --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\cefdebug.txt" --disable-gpu-compositing --enable-blink-features=ShadowDOMV0,CustomElementsV0,HTMLImports --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=5076 --field-trial-handle=4448,i,12439036487292927785,4158151739743599476,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
                                            5⤵
                                              PID:4612
                                            • C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe
                                              "C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe" --type=renderer --locales-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\locales" --log-severity=warning --resources-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --kgfiv8n=PHQGHUMEAYLNLFDXFIRCVSCXGGBWKF --first-renderer-process --no-sandbox --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\cefdebug.txt" --disable-gpu-compositing --enable-blink-features=ShadowDOMV0,CustomElementsV0,HTMLImports --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=5040 --field-trial-handle=4448,i,12439036487292927785,4158151739743599476,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:1
                                              5⤵
                                                PID:3060
                                              • C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe
                                                "C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\CEFLauncher.exe" --type=gpu-process --no-sandbox --locales-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\locales" --log-severity=warning --resources-dir-path="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --kgfiv8n=PHQGHUMEAYLNLFDXFIRCVSCXGGBWKF --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --log-file="C:\Program Files (x86)\MTA San Andreas 1.5\MTA\CEF\cefdebug.txt" --mojo-platform-channel-handle=4276 --field-trial-handle=4448,i,12439036487292927785,4158151739743599476,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2
                                                5⤵
                                                  PID:1820
                                        • C:\Windows\system32\vssvc.exe
                                          C:\Windows\system32\vssvc.exe
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:3480
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
                                          1⤵
                                          • Checks SCSI registry key(s)
                                          • Modifies data under HKEY_USERS
                                          PID:3624
                                        • C:\Windows\system32\srtasks.exe
                                          C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                                          1⤵
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:5108
                                        • C:\Windows\System32\GameBarPresenceWriter.exe
                                          "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                          1⤵
                                            PID:4816
                                          • C:\Windows\System32\GamePanel.exe
                                            "C:\Windows\System32\GamePanel.exe" 000000000003029E /startuptips
                                            1⤵
                                            • Checks SCSI registry key(s)
                                            PID:2648
                                          • C:\Windows\System32\bcastdvr.exe
                                            "C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
                                            1⤵
                                            • Drops desktop.ini file(s)
                                            • Checks processor information in registry
                                            PID:3824
                                          • C:\Windows\system32\AUDIODG.EXE
                                            C:\Windows\system32\AUDIODG.EXE 0x2c4
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:4788
                                          • C:\Windows\System32\GameBarPresenceWriter.exe
                                            "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
                                            1⤵
                                              PID:3800
                                            • C:\Windows\System32\GamePanel.exe
                                              "C:\Windows\System32\GamePanel.exe" 00000000000702EE /startuptips
                                              1⤵
                                                PID:2756
                                              • C:\Windows\System32\GamePanel.exe
                                                "C:\Windows\System32\GamePanel.exe" 00000000000802FE /startuptips
                                                1⤵
                                                  PID:4508

                                                Network

                                                MITRE ATT&CK Enterprise v6

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_24.dll
                                                  Filesize

                                                  3.4MB

                                                  MD5

                                                  b165df72e13e6af74d47013504319921

                                                  SHA1

                                                  c45b192cf8904b7579bbc26c799aa7ffa5cbb1d4

                                                  SHA256

                                                  1ec422bd6421c741eef57847260967f215913649901e21dd9c46eb1b3bb10906

                                                  SHA512

                                                  859b6cd538735e5cc1c44f63d66b25588ad1ad32202cae606ff95b8c4a80f6a66db9ef7c5d43820010de9334b8bbbfb079939ce89ba0b760f5d651d7fa8268ed

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_24_x64.inf
                                                  Filesize

                                                  679B

                                                  MD5

                                                  2c4e850789bf9606aa4783cd9c26099a

                                                  SHA1

                                                  036ee1c9ce3b8c495b3d155fe83e54c00a2611d4

                                                  SHA256

                                                  f02bd6bb0ca1ed41698def1465c05f5b47ca459f886647f2d84f85c5c09dad9c

                                                  SHA512

                                                  f09cb85eb7024c89024d12dd40021d1df046bb825a985bee1cb164a5c026693325bc5d64491702731ed5cb71b5af7eef34f8a922bee6d9d5881ff113dce23d21

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_25.dll
                                                  Filesize

                                                  3.6MB

                                                  MD5

                                                  4c56e7c5b2a61353e534c7d15d05856d

                                                  SHA1

                                                  e6e0a59a1e8217ae06cda29942537bc4be25d5a1

                                                  SHA256

                                                  10b09474bfe4e2bb395472628646bc5f353fbfbec976575c45eeff49984ebaa6

                                                  SHA512

                                                  6f630ea0764b4551d80a96f6c2b9391ed5741f14431eec951699c0e42b9434a45841d71bea5576b285cc20d38fd082b4cfc8062e4aa61f80aed9e57869cdd5d2

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_25_x64.inf
                                                  Filesize

                                                  667B

                                                  MD5

                                                  fbed164855ae10f4c2d4eb238f414e6a

                                                  SHA1

                                                  7c3ec7759a23e77242bdc70c8033c013f2c794d6

                                                  SHA256

                                                  9af2752d59fc38dd26d30769132a0887ff4123269c0dc4406f5107295e69c7c1

                                                  SHA512

                                                  68e7d441aa0b842329f63ed34bb392d1582b635eee1bd1c8a797e9a59303fc85b0d842de0fd29d88fa3c8ac0bb6d858671101633161487d6353e73c862fb228d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_26.dll
                                                  Filesize

                                                  3.6MB

                                                  MD5

                                                  44f5c5e27d6825e4e62420bc29b8b533

                                                  SHA1

                                                  046455294e199af99c7c2d9174d25b230e6fd0e6

                                                  SHA256

                                                  30b06dbbd202494bae3b87487e7273adcffd17a9d2c29977030fde0570aa841b

                                                  SHA512

                                                  0c9adca329c386cb2caf0f36d672ba326929f02c29748b13188bb7ade3fbec9131ce86a6bf1b3064a2fbb8de6b8adc34208f667df31c5db182918e79744a830b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_26_x64.inf
                                                  Filesize

                                                  667B

                                                  MD5

                                                  831fb8a4394d256a5d7c15c16757912c

                                                  SHA1

                                                  961d7274de32808c4dce971d943ddd79a12e8d49

                                                  SHA256

                                                  6c152334efa5b011a44f160a23a5c58b66f3bcebbf6c4bc0722a526d36699a4b

                                                  SHA512

                                                  40f3d40cb40bd887ffa15a5fc60468e48f06bb1704d19061f9b51a9e2c15ab363644aac4618276910f6fc8d90f1083931916a9943306dcf736fc72feba2385c8

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_27.dll
                                                  Filesize

                                                  3.6MB

                                                  MD5

                                                  914c3237e4d145a18dcd1d0d4c8659e1

                                                  SHA1

                                                  32503c8f8d80551c896bc2dbf2c8ae3c490f0ec4

                                                  SHA256

                                                  f9dd288c9895973f8db1856d172779041c6dee173ad1ef53b1727fc85cb6b75f

                                                  SHA512

                                                  c760b5b0b5507da8f2336b2b0625f344f28fac33da16a7d8771a122b0ba54ebf5d2a2f702f4ebb83ded746f38d63abd378a9aa3b3e50579fab7c047fe38e2c02

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\d3dx9_27_x64.inf
                                                  Filesize

                                                  667B

                                                  MD5

                                                  925202b48a83647982cb0d55ab10668d

                                                  SHA1

                                                  b04a29859288545a3f8f9daf6aa39bb7a8b4b59c

                                                  SHA256

                                                  6f56c5be97e703584dd832f35ebdc78c6aeb07cc9df155d47ed9903142086488

                                                  SHA512

                                                  72b6b4b951d04ecee1c4ea613734113b864a542dcc554e86e8d7b7fa2b0d05a1e7623051ca0809c3e934cf28cadca54acb76ad515f71a263ffd17c3872677b69

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  56KB

                                                  MD5

                                                  ac36c85030678eb69a498793a36a81e9

                                                  SHA1

                                                  a1719053eec7a206bd1d005e1038a1a7ca2eb1a0

                                                  SHA256

                                                  85a8b155b066d81efb5d4959f5ea59a9ce43d40663cb2aba05ef0e6d01c22c18

                                                  SHA512

                                                  47f26ed02bedc96b504344ac53418f63b1da4844b6db61d334dd9b09d0481584dbddc166a654c5b553d5609fb8fb90c01dee9329c68dd74c24ee6bd8eb136d06

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  56KB

                                                  MD5

                                                  ac36c85030678eb69a498793a36a81e9

                                                  SHA1

                                                  a1719053eec7a206bd1d005e1038a1a7ca2eb1a0

                                                  SHA256

                                                  85a8b155b066d81efb5d4959f5ea59a9ce43d40663cb2aba05ef0e6d01c22c18

                                                  SHA512

                                                  47f26ed02bedc96b504344ac53418f63b1da4844b6db61d334dd9b09d0481584dbddc166a654c5b553d5609fb8fb90c01dee9329c68dd74c24ee6bd8eb136d06

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  56KB

                                                  MD5

                                                  afd73a6c2e1172e4075c8b37816eb391

                                                  SHA1

                                                  eceaeaca967c9ac3239f65b4d4f75d994dabd7ee

                                                  SHA256

                                                  ea544793b661304f31f18e9d107a4b4b46bd198d806f6366870746fe52e01df9

                                                  SHA512

                                                  5c313c81808c664f056ccd64784e607439ed45874fe322afdf690aba6d8dc54c2b54e42f69ce003bd0aefd0ebe5518f102f846aaa96254d3218d62b4f5dc463b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  56KB

                                                  MD5

                                                  afd73a6c2e1172e4075c8b37816eb391

                                                  SHA1

                                                  eceaeaca967c9ac3239f65b4d4f75d994dabd7ee

                                                  SHA256

                                                  ea544793b661304f31f18e9d107a4b4b46bd198d806f6366870746fe52e01df9

                                                  SHA512

                                                  5c313c81808c664f056ccd64784e607439ed45874fe322afdf690aba6d8dc54c2b54e42f69ce003bd0aefd0ebe5518f102f846aaa96254d3218d62b4f5dc463b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  59KB

                                                  MD5

                                                  44f9c211701098d36dde44c5cf3afd63

                                                  SHA1

                                                  c020bb7dfb5932c5cbe19ca5d9feffde05781134

                                                  SHA256

                                                  d636d29f6019bcc232e62553728871097097aae05a6426bb86af15720de2e0e6

                                                  SHA512

                                                  b8aa96c4b8861b76f0c5c606f5458cc1e06e6e2ecd684f9ebde9e68a4d5057e84413816d78f88525fef63f4863a4b498c6d8cbc74faf8c555029dde7e34dec5a

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  59KB

                                                  MD5

                                                  44f9c211701098d36dde44c5cf3afd63

                                                  SHA1

                                                  c020bb7dfb5932c5cbe19ca5d9feffde05781134

                                                  SHA256

                                                  d636d29f6019bcc232e62553728871097097aae05a6426bb86af15720de2e0e6

                                                  SHA512

                                                  b8aa96c4b8861b76f0c5c606f5458cc1e06e6e2ecd684f9ebde9e68a4d5057e84413816d78f88525fef63f4863a4b498c6d8cbc74faf8c555029dde7e34dec5a

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  61KB

                                                  MD5

                                                  def5caad8a452d6515bd40df6dd6b51f

                                                  SHA1

                                                  c26a793ef0a117b9b960caaabf31fef6036576de

                                                  SHA256

                                                  34df5a253007edd15d14f28a333bac638fe961f0f3941b192d7a6a760c2635fe

                                                  SHA512

                                                  2f3984f126de1c89cb815e00587d41c9bc32358530d9d2931ef917f6d3a45422a80caf6bcbb1615a61e51d7cb81532795cafefdfc39f9dab7c2f7d70cc22a1bf

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  61KB

                                                  MD5

                                                  def5caad8a452d6515bd40df6dd6b51f

                                                  SHA1

                                                  c26a793ef0a117b9b960caaabf31fef6036576de

                                                  SHA256

                                                  34df5a253007edd15d14f28a333bac638fe961f0f3941b192d7a6a760c2635fe

                                                  SHA512

                                                  2f3984f126de1c89cb815e00587d41c9bc32358530d9d2931ef917f6d3a45422a80caf6bcbb1615a61e51d7cb81532795cafefdfc39f9dab7c2f7d70cc22a1bf

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  65KB

                                                  MD5

                                                  60db6abbe4d4f22d87cd15c9bdae79e7

                                                  SHA1

                                                  4dc25047507cb28a0855c8c2f5bf11fb0dbf1366

                                                  SHA256

                                                  10e420d85c6d2905d9ca076681c3b1d648bc1b5b3893c8eb5ff420d2b964f0cb

                                                  SHA512

                                                  846fc61367cc3fff2c0516c1872f1380e120684853fa9e4a6d077f94c83c99dfdc9f3d2cf7de587fe3988a3224b7ea7e0f27c7a76e11c5a6daaf03ed15864476

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\DXE7F1.tmp\infinst.exe
                                                  Filesize

                                                  65KB

                                                  MD5

                                                  60db6abbe4d4f22d87cd15c9bdae79e7

                                                  SHA1

                                                  4dc25047507cb28a0855c8c2f5bf11fb0dbf1366

                                                  SHA256

                                                  10e420d85c6d2905d9ca076681c3b1d648bc1b5b3893c8eb5ff420d2b964f0cb

                                                  SHA512

                                                  846fc61367cc3fff2c0516c1872f1380e120684853fa9e4a6d077f94c83c99dfdc9f3d2cf7de587fe3988a3224b7ea7e0f27c7a76e11c5a6daaf03ed15864476

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll
                                                  Filesize

                                                  93KB

                                                  MD5

                                                  984cad22fa542a08c5d22941b888d8dc

                                                  SHA1

                                                  3e3522e7f3af329f2235b0f0850d664d5377b3cd

                                                  SHA256

                                                  57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                                                  SHA512

                                                  8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll
                                                  Filesize

                                                  1.5MB

                                                  MD5

                                                  a5412a144f63d639b47fcc1ba68cb029

                                                  SHA1

                                                  81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                                                  SHA256

                                                  8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                                                  SHA512

                                                  2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif
                                                  Filesize

                                                  56KB

                                                  MD5

                                                  7b1fbe9f5f43b2261234b78fe115cf8e

                                                  SHA1

                                                  dd0f256ae38b4c4771e1d1ec001627017b7bb741

                                                  SHA256

                                                  762ff640013db2bd4109d7df43a867303093815751129bd1e33f16bf02e52cce

                                                  SHA512

                                                  d21935a9867c0f2f7084917c79fbb1da885a1bfd4793cf669ff4da8c777b3a201857250bfb7c2b616625a8d3573c68395d210446d2c284b41cf09cc7cbb07885

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                  Filesize

                                                  515KB

                                                  MD5

                                                  ac3a5f7be8cd13a863b50ab5fe00b71c

                                                  SHA1

                                                  eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

                                                  SHA256

                                                  8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

                                                  SHA512

                                                  c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                                                  Filesize

                                                  515KB

                                                  MD5

                                                  ac3a5f7be8cd13a863b50ab5fe00b71c

                                                  SHA1

                                                  eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

                                                  SHA256

                                                  8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

                                                  SHA512

                                                  c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf
                                                  Filesize

                                                  477B

                                                  MD5

                                                  ad8982eaa02c7ad4d7cdcbc248caa941

                                                  SHA1

                                                  4ccd8e038d73a5361d754c7598ed238fc040d16b

                                                  SHA256

                                                  d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00

                                                  SHA512

                                                  5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
                                                  Filesize

                                                  288KB

                                                  MD5

                                                  2cbd6ad183914a0c554f0739069e77d7

                                                  SHA1

                                                  7bf35f2afca666078db35ca95130beb2e3782212

                                                  SHA256

                                                  2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f

                                                  SHA512

                                                  ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Temp\dxwebsetup.exe
                                                  Filesize

                                                  288KB

                                                  MD5

                                                  2cbd6ad183914a0c554f0739069e77d7

                                                  SHA1

                                                  7bf35f2afca666078db35ca95130beb2e3782212

                                                  SHA256

                                                  2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f

                                                  SHA512

                                                  ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10

                                                  Download Submit

                                                • C:\Users\Admin\Desktop\GTA San Andreas\mtasa-1.5.9.exe
                                                  Filesize

                                                  99.1MB

                                                  MD5

                                                  3a18551eb8a004be178629a088ba2763

                                                  SHA1

                                                  586612e58bcbee1d6ee86804709fcc3cd7cc6143

                                                  SHA256

                                                  1a1cf5342a69dc344d5b4e71f4822b93440377952f5bd5ca53da9c06d325624d

                                                  SHA512

                                                  c4dcbd716b5267f0df3465a9ef16ba18f3b29222ce64e8d0269c2defcf572dfcc66e578083a26e47a6def9ed4b7eeacc0b8bc99ceb0c537d6ab1c396660a9ab1

                                                  Download Submit

                                                • C:\Users\Admin\Desktop\GTA San Andreas\mtasa-1.5.9.exe
                                                  Filesize

                                                  99.1MB

                                                  MD5

                                                  3a18551eb8a004be178629a088ba2763

                                                  SHA1

                                                  586612e58bcbee1d6ee86804709fcc3cd7cc6143

                                                  SHA256

                                                  1a1cf5342a69dc344d5b4e71f4822b93440377952f5bd5ca53da9c06d325624d

                                                  SHA512

                                                  c4dcbd716b5267f0df3465a9ef16ba18f3b29222ce64e8d0269c2defcf572dfcc66e578083a26e47a6def9ed4b7eeacc0b8bc99ceb0c537d6ab1c396660a9ab1

                                                  Download Submit

                                                • C:\Windows\DirectX.log
                                                  Filesize

                                                  315B

                                                  MD5

                                                  455e4b65665999751cb12b4519844e01

                                                  SHA1

                                                  4bc7d1107012eb8841ad9bc0c11a7b256b2cc9f1

                                                  SHA256

                                                  7320d995daef51926f14537db1da9f26c29256efadd369eb06914d0a9ed6b345

                                                  SHA512

                                                  6903cf51841abbd04057f52c277632530f39d7388027ce5ffaf71cabe85fccd4b4b501ac09836e98f4e63ebeda2219f37ea5f428285a36bc6c43cc5685ca0373

                                                  Download Submit

                                                • C:\Windows\DirectX.log
                                                  Filesize

                                                  511B

                                                  MD5

                                                  de4851b0ee7949c4f3d85900b15850d4

                                                  SHA1

                                                  b939cb31bd11113410ce17d7f1352752b5b4e6e9

                                                  SHA256

                                                  b098b6555571c0255f3203b4fd514b944fdeb13c3e19a032565d73e917a800f7

                                                  SHA512

                                                  8be66246de6f09ef3f9de230a69adcc89db9be5658ddf64b3c0e5568a99f78267b4f9e7f5f9c213c484b8c49e19288fa004f2087a10358530db137169055fccc

                                                  Download Submit

                                                • C:\Windows\DirectX.log
                                                  Filesize

                                                  707B

                                                  MD5

                                                  9d65d483ffe7c80a0ccec678cdadcade

                                                  SHA1

                                                  23c90fbb4d60b8a4eb5c2af32c9273b5b7eb97c4

                                                  SHA256

                                                  f024266818993ed644bb3e3a1431da8893f24a26dc91398c7d736a1d838d1f46

                                                  SHA512

                                                  47baad17d6f071b17dd78647123df8a3d93e526831f75fb41631d0eadc4f6618e924f4379c131a9004ea8a29ba361478fa5397b09cefc9ea545932ae37e03a0e

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\dxupdate.dll
                                                  Filesize

                                                  173KB

                                                  MD5

                                                  7ed554b08e5b69578f9de012822c39c9

                                                  SHA1

                                                  036d04513e134786b4758def5aff83d19bf50c6e

                                                  SHA256

                                                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                                                  SHA512

                                                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\dxupdate.dll
                                                  Filesize

                                                  173KB

                                                  MD5

                                                  7ed554b08e5b69578f9de012822c39c9

                                                  SHA1

                                                  036d04513e134786b4758def5aff83d19bf50c6e

                                                  SHA256

                                                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                                                  SHA512

                                                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  2.6MB

                                                  MD5

                                                  a73e7421449cca62b0561bad4c8ef23d

                                                  SHA1

                                                  cf51ca7d28fcdc79c215450fb759ffe9101b6cfe

                                                  SHA256

                                                  7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059

                                                  SHA512

                                                  63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  2.6MB

                                                  MD5

                                                  a73e7421449cca62b0561bad4c8ef23d

                                                  SHA1

                                                  cf51ca7d28fcdc79c215450fb759ffe9101b6cfe

                                                  SHA256

                                                  7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059

                                                  SHA512

                                                  63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  2.7MB

                                                  MD5

                                                  5e2b8b8a5ed016468716b9ff82a1806f

                                                  SHA1

                                                  f1772121149d87745738cd471d0e504301a9ad0d

                                                  SHA256

                                                  5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799

                                                  SHA512

                                                  4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  2.7MB

                                                  MD5

                                                  5e2b8b8a5ed016468716b9ff82a1806f

                                                  SHA1

                                                  f1772121149d87745738cd471d0e504301a9ad0d

                                                  SHA256

                                                  5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799

                                                  SHA512

                                                  4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  550KB

                                                  MD5

                                                  d3f1922325be8e7e1c72bfd8179454ce

                                                  SHA1

                                                  89134f43ce2af4adfbc4087392aee6fe56be7ff4

                                                  SHA256

                                                  8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12

                                                  SHA512

                                                  d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  550KB

                                                  MD5

                                                  d3f1922325be8e7e1c72bfd8179454ce

                                                  SHA1

                                                  89134f43ce2af4adfbc4087392aee6fe56be7ff4

                                                  SHA256

                                                  8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12

                                                  SHA512

                                                  d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  554KB

                                                  MD5

                                                  fb3bc0754921873a65f5fbdca845e6ee

                                                  SHA1

                                                  67cde5bc8577cd3040e275d290ac021874da9fe8

                                                  SHA256

                                                  f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8

                                                  SHA512

                                                  292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  554KB

                                                  MD5

                                                  fb3bc0754921873a65f5fbdca845e6ee

                                                  SHA1

                                                  67cde5bc8577cd3040e275d290ac021874da9fe8

                                                  SHA256

                                                  f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8

                                                  SHA512

                                                  292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  562KB

                                                  MD5

                                                  afcf5f50c632f3a5598abc28f196d77c

                                                  SHA1

                                                  294385693592f9d6320f8b0b18f45bc194d01a4d

                                                  SHA256

                                                  5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013

                                                  SHA512

                                                  29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  562KB

                                                  MD5

                                                  afcf5f50c632f3a5598abc28f196d77c

                                                  SHA1

                                                  294385693592f9d6320f8b0b18f45bc194d01a4d

                                                  SHA256

                                                  5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013

                                                  SHA512

                                                  29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  563KB

                                                  MD5

                                                  ccd53738df4fa27849b6bb05dd67d10d

                                                  SHA1

                                                  28126653a3d1b4574fcb0c09176f5fa0ff28ef78

                                                  SHA256

                                                  c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62

                                                  SHA512

                                                  aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  563KB

                                                  MD5

                                                  ccd53738df4fa27849b6bb05dd67d10d

                                                  SHA1

                                                  28126653a3d1b4574fcb0c09176f5fa0ff28ef78

                                                  SHA256

                                                  c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62

                                                  SHA512

                                                  aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  564KB

                                                  MD5

                                                  43c280c3b15ceb2472ab560d09629664

                                                  SHA1

                                                  e3a897d7608d03c93b5c2b8aef52703452cf6696

                                                  SHA256

                                                  bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c

                                                  SHA512

                                                  5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  564KB

                                                  MD5

                                                  43c280c3b15ceb2472ab560d09629664

                                                  SHA1

                                                  e3a897d7608d03c93b5c2b8aef52703452cf6696

                                                  SHA256

                                                  bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c

                                                  SHA512

                                                  5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  564KB

                                                  MD5

                                                  490807c150b7d8be44bde871f4df8c56

                                                  SHA1

                                                  69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e

                                                  SHA256

                                                  36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77

                                                  SHA512

                                                  9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  564KB

                                                  MD5

                                                  490807c150b7d8be44bde871f4df8c56

                                                  SHA1

                                                  69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e

                                                  SHA256

                                                  36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77

                                                  SHA512

                                                  9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  565KB

                                                  MD5

                                                  933085360527de1b4947289ca468184e

                                                  SHA1

                                                  d5ee5e1e3c992c7518b5ce510c627c1564131b12

                                                  SHA256

                                                  78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d

                                                  SHA512

                                                  2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\DXE7F1.tmp\microsoft.directx.direct3dx.dll
                                                  Filesize

                                                  565KB

                                                  MD5

                                                  933085360527de1b4947289ca468184e

                                                  SHA1

                                                  d5ee5e1e3c992c7518b5ce510c627c1564131b12

                                                  SHA256

                                                  78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d

                                                  SHA512

                                                  2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll
                                                  Filesize

                                                  173KB

                                                  MD5

                                                  7ed554b08e5b69578f9de012822c39c9

                                                  SHA1

                                                  036d04513e134786b4758def5aff83d19bf50c6e

                                                  SHA256

                                                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                                                  SHA512

                                                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll
                                                  Filesize

                                                  173KB

                                                  MD5

                                                  7ed554b08e5b69578f9de012822c39c9

                                                  SHA1

                                                  036d04513e134786b4758def5aff83d19bf50c6e

                                                  SHA256

                                                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                                                  SHA512

                                                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\AccessControl.dll
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  65d017ba65785b43720de6c9979a2e8c

                                                  SHA1

                                                  0aed2846e1b338077bae5a7f756c345a5c90d8a9

                                                  SHA256

                                                  ccc6aaf1071d9077475b574d9bf1fc23de40a06547fc90cf4255a44d3bf631ac

                                                  SHA512

                                                  31a19105892d5a9b49eb81a90a2330c342a5504fa4940b99a12279a63e1a19ee5d4b257d0900794ff7021a09408995a5d12e95cc38f09cf12fb2fd860d205c95

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\InstallOptions.dll
                                                  Filesize

                                                  15KB

                                                  MD5

                                                  89351a0a6a89519c86c5531e20dab9ea

                                                  SHA1

                                                  9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

                                                  SHA256

                                                  f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

                                                  SHA512

                                                  13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\LangDLL.dll
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  a1cd3f159ef78d9ace162f067b544fd9

                                                  SHA1

                                                  72671fdf4bfeeb99b392685bf01081b4a0b3ae66

                                                  SHA256

                                                  47b9e251c9c90f43e3524965aecc07bd53c8e09c5b9f9862b44c306667e2b0b6

                                                  SHA512

                                                  ccc70166c7d7746cd42cd0cec322b2adf4a478ff67c35d465f0f0f5b2b369c996a95557b678c09cb21b8311d8a91eed4196ddc218ea7d510f81464669b911362

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\NSISdl.dll
                                                  Filesize

                                                  15KB

                                                  MD5

                                                  7caaf58a526da33c24cbe122e7839693

                                                  SHA1

                                                  7687112cb6593947226f8a8319d6e2d0cdef3b11

                                                  SHA256

                                                  19debdc4c0b6f5dc9582bda7a2c1146516f683e8d741190e6d4b81ad10b33f61

                                                  SHA512

                                                  aafd0cb2abb3d2dee95c2d037a6a1a5bff0518e3210ced0c39e6d6696e4fab4734df01476fe9dcb208f02c529cd03346bc8b7f3319ae49701bbf2cb453d59bae

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\System.dll
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  bf712f32249029466fa86756f5546950

                                                  SHA1

                                                  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

                                                  SHA256

                                                  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

                                                  SHA512

                                                  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\System.dll
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  bf712f32249029466fa86756f5546950

                                                  SHA1

                                                  75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

                                                  SHA256

                                                  7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

                                                  SHA512

                                                  13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\UAC.dll
                                                  Filesize

                                                  14KB

                                                  MD5

                                                  adb29e6b186daa765dc750128649b63d

                                                  SHA1

                                                  160cbdc4cb0ac2c142d361df138c537aa7e708c9

                                                  SHA256

                                                  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

                                                  SHA512

                                                  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\nsArray.dll
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  7fc4723bb0a4118e5f91047021d1aacd

                                                  SHA1

                                                  092a321a21d802045105ecc8cd3c9d7d2c6da923

                                                  SHA256

                                                  8f9bfeebfa3b070b116de61a63271b6c25af0dbb4bbfb4ae73e334d1f8517efd

                                                  SHA512

                                                  1fe86533987ff1c4d446b231dc1ff2c3bbce224ae91b73ffead539f08740bfb06d2f40f1aedf0571106dc4e12eec27aa32018c2bf5361b7488c07b4d90800f02

                                                  Download Submit

                                                • \Users\Admin\AppData\Local\Temp\nsyBEAA.tmp\nsDialogs.dll
                                                  Filesize

                                                  9KB

                                                  MD5

                                                  4ccc4a742d4423f2f0ed744fd9c81f63

                                                  SHA1

                                                  704f00a1acc327fd879cf75fc90d0b8f927c36bc

                                                  SHA256

                                                  416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

                                                  SHA512

                                                  790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

                                                  Download Submit

                                                • \Windows\SysWOW64\directx\websetup\dsetup.dll
                                                  Filesize

                                                  93KB

                                                  MD5

                                                  984cad22fa542a08c5d22941b888d8dc

                                                  SHA1

                                                  3e3522e7f3af329f2235b0f0850d664d5377b3cd

                                                  SHA256

                                                  57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                                                  SHA512

                                                  8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                                                  Download Submit

                                                • \Windows\SysWOW64\directx\websetup\dsetup32.dll
                                                  Filesize

                                                  1.5MB

                                                  MD5

                                                  a5412a144f63d639b47fcc1ba68cb029

                                                  SHA1

                                                  81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                                                  SHA256

                                                  8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                                                  SHA512

                                                  2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                                                  Download Submit

                                                • memory/608-1311-0x000000000A0E0000-0x000000000A0EC000-memory.dmp

                                                  Filesize

                                                  48KB

                                                  Download

                                                • memory/608-1310-0x000000000A0E0000-0x000000000A0E6000-memory.dmp

                                                  Filesize

                                                  24KB

                                                  Download

                                                • memory/608-1307-0x000000000A0E0000-0x000000000A0EE000-memory.dmp

                                                  Filesize

                                                  56KB

                                                  Download

                                                • memory/608-1309-0x000000000A0E0000-0x000000000A0E4000-memory.dmp

                                                  Filesize

                                                  16KB

                                                  Download

                                                • memory/608-1306-0x000000000A430000-0x000000000A44D000-memory.dmp

                                                  Filesize

                                                  116KB

                                                  Download

                                                • memory/608-1291-0x000000000A430000-0x000000000A435000-memory.dmp

                                                  Filesize

                                                  20KB

                                                  Download

                                                • memory/608-1289-0x000000000A430000-0x000000000A44D000-memory.dmp

                                                  Filesize

                                                  116KB

                                                  Download

                                                • memory/608-1298-0x000000000A0E0000-0x000000000A0EC000-memory.dmp

                                                  Filesize

                                                  48KB

                                                  Download

                                                • memory/608-1308-0x000000000A430000-0x000000000A435000-memory.dmp

                                                  Filesize

                                                  20KB

                                                  Download

                                                • memory/608-1293-0x000000000A0E0000-0x000000000A0E4000-memory.dmp

                                                  Filesize

                                                  16KB

                                                  Download

                                                • memory/608-1299-0x000000000A0E0000-0x000000000A0E4000-memory.dmp

                                                  Filesize

                                                  16KB

                                                  Download

                                                • memory/608-1296-0x000000000A0E0000-0x000000000A0EE000-memory.dmp

                                                  Filesize

                                                  56KB

                                                  Download

                                                • memory/608-1371-0x0000000000400000-0x0000000001577000-memory.dmp

                                                  Filesize

                                                  17.5MB

                                                  Download

                                                • memory/608-1256-0x000000006F590000-0x000000006F5A0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/608-1295-0x000000000A0E0000-0x000000000A0E6000-memory.dmp

                                                  Filesize

                                                  24KB

                                                  Download

                                                • memory/608-1200-0x000000006F590000-0x000000006F5A0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/2276-172-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-142-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-191-0x0000000073690000-0x000000007369B000-memory.dmp

                                                  Filesize

                                                  44KB

                                                  Download

                                                • memory/2276-190-0x00000000736A0000-0x00000000736AA000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/2276-189-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-188-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-186-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-184-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-185-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-183-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-119-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-182-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-180-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-178-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-176-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-175-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-173-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-171-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-170-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-168-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-169-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-120-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-167-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-166-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-164-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-163-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-162-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-121-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-161-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-159-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-158-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-157-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-156-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-122-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-155-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-154-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-123-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-153-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-124-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-152-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-151-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-150-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-149-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-125-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-127-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-128-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-129-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-130-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-131-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-132-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-148-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-147-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-146-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-145-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-133-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-134-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-135-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-144-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-143-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-784-0x00000000734F0000-0x00000000734FB000-memory.dmp

                                                  Filesize

                                                  44KB

                                                  Download

                                                • memory/2276-193-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-141-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-660-0x0000000000B80000-0x0000000000B8A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/2276-656-0x0000000000B80000-0x0000000000B8A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/2276-657-0x0000000000B80000-0x0000000000B8A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/2276-653-0x0000000000B80000-0x0000000000B8A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                  Download

                                                • memory/2276-651-0x00000000734F0000-0x00000000734FB000-memory.dmp

                                                  Filesize

                                                  44KB

                                                  Download

                                                • memory/2276-140-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-633-0x00000000734F0000-0x00000000734FB000-memory.dmp

                                                  Filesize

                                                  44KB

                                                  Download

                                                • memory/2276-136-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-137-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-139-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/2276-138-0x0000000077550000-0x00000000776DE000-memory.dmp

                                                  Filesize

                                                  1.6MB

                                                  Download

                                                • memory/4728-1007-0x000000006F590000-0x000000006F5A0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/4728-1017-0x0000000000400000-0x0000000001577000-memory.dmp

                                                  Filesize

                                                  17.5MB

                                                  Download

                                                • memory/4728-916-0x000000006F590000-0x000000006F5A0000-memory.dmp

                                                  Filesize

                                                  64KB

                                                  Download

                                                • memory/4728-883-0x0000000000400000-0x0000000001577000-memory.dmp

                                                  Filesize

                                                  17.5MB

                                                  Download