Overview

overview

8

Static

static

URLScan

urlscan

1

https://steamunlocke...

windows10-2004-x64

8

Analysis

  • max time kernel
    2452s
  • max time network
    2111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2023, 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://steamunlocked.net/scooby-doo-and-the-spooky-swamp-free-download/

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 64 IoCs
  • Registers COM server for autorun 1 TTPs 64 IoCs
    persistence
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 3 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 60 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://steamunlocked.net/scooby-doo-and-the-spooky-swamp-free-download/
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:17414 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3068
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3196
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\HOW TO RUN GAME!!.txt
      1⤵
        PID:4928
      • C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby2.exe
        "C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby2.exe"
        1⤵
          PID:5004
        • C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\_Redist\dxwebsetup.exe
          "C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\_Redist\dxwebsetup.exe"
          1⤵
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:4416
          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
            C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
            2⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops desktop.ini file(s)
            • Enumerates connected drives
            • Drops file in System32 directory
            • Drops file in Windows directory
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:1112
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_24_x64.inf
              3⤵
              • Executes dropped EXE
              PID:2268
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_25_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4836
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_26_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4320
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_27_x64.inf
              3⤵
              • Executes dropped EXE
              PID:1252
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_28_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4776
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_29_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:3896
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT_x64.inf
              3⤵
              • Executes dropped EXE
              PID:1780
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_0.dll
              3⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              PID:728
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_30_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3176
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_1_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3348
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_1.dll
              3⤵
              • Loads dropped DLL
              • Modifies registry class
              PID:668
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe xinput1_1_x64.inf, Install_Driver
              3⤵
              • Executes dropped EXE
              PID:1796
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_2_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:4464
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_2.dll
              3⤵
              • Loads dropped DLL
              • Modifies registry class
              PID:4164
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe xinput1_2_x64.inf, Install_Driver
              3⤵
              • Executes dropped EXE
              PID:4676
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_3_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4668
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_3.dll
              3⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              • Modifies registry class
              PID:4772
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_31_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4240
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_4_x64.inf
              3⤵
              • Executes dropped EXE
              PID:1364
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_4.dll
              3⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              • Modifies registry class
              PID:3736
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_32_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:2196
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_00_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:2316
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_5_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:812
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_5.dll
              3⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              PID:2652
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_6_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4200
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_6.dll
              3⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              • Modifies registry class
              PID:3380
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_33_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:4036
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_33_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:3524
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_7_x64.inf
              3⤵
              • Executes dropped EXE
              PID:1000
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_7.dll
              3⤵
              • Registers COM server for autorun
              • Loads dropped DLL
              • Modifies registry class
              PID:2752
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
              3⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:2460
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_34_x64.inf
              3⤵
              • Executes dropped EXE
              PID:1972
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_34_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3064
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_8_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:3088
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_8.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:872
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_35_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4428
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_35_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:3944
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_9_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4756
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_9.dll
              3⤵
              • Registers COM server for autorun
              PID:1528
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx9_36_x64.inf
              3⤵
              • Executes dropped EXE
              PID:864
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_36_x64.inf
              3⤵
              • Executes dropped EXE
              PID:1540
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe X3DAudio1_2_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:1444
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT2_10_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4604
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_10.dll
              3⤵
              • Registers COM server for autorun
              PID:4256
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DX9_37_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4064
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_37_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3916
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe X3DAudio1_3_x64.inf
              3⤵
              • Executes dropped EXE
              PID:1096
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_0_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4500
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_0.dll
              3⤵
              • Registers COM server for autorun
              PID:1880
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_0_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:5048
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_0.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:664
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DX9_38_x64.inf
              3⤵
              • Executes dropped EXE
              PID:452
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_38_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3872
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe X3DAudio1_4_x64.inf
              3⤵
              • Executes dropped EXE
              PID:760
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_1_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3948
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_1.dll
              3⤵
              • Registers COM server for autorun
              PID:1848
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_1_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3384
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_1.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:1372
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DX9_39_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4136
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_39_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:2528
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_2_x64.inf
              3⤵
              • Executes dropped EXE
              PID:700
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_2.dll
              3⤵
              • Registers COM server for autorun
              PID:392
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_2_x64.inf
              3⤵
              • Executes dropped EXE
              PID:400
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_2.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:1220
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe X3DAudio1_5_x64.inf
              3⤵
              • Executes dropped EXE
              PID:2736
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_3_x64.inf
              3⤵
              • Executes dropped EXE
              PID:2348
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_3.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:1660
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_3_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • Drops file in Windows directory
              PID:2000
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_3.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:764
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DX9_40_x64.inf
              3⤵
              • Executes dropped EXE
              PID:4360
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_40_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:4372
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe X3DAudio1_6_x64.inf
              3⤵
              • Executes dropped EXE
              PID:5112
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_4_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3220
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_4.dll
              3⤵
              • Registers COM server for autorun
              PID:4272
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_4_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              • Drops file in Windows directory
              PID:2964
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_4.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:1892
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DX9_41_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:2016
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_41_x64.inf
              3⤵
              • Executes dropped EXE
              PID:316
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DX9_42_x64.inf
              3⤵
              • Executes dropped EXE
              PID:2780
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_42_x64.inf
              3⤵
              • Executes dropped EXE
              PID:2280
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx11_42_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in System32 directory
              PID:5080
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dcsx_42_x64.inf
              3⤵
              • Executes dropped EXE
              PID:116
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DCompiler_42_x64.inf
              3⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              PID:4444
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_5_x64.inf
              3⤵
              • Executes dropped EXE
              PID:3452
            • C:\Windows\system32\regsvr32.exe
              C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_5.dll
              3⤵
              • Registers COM server for autorun
              • Modifies registry class
              PID:8
            • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
              C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_5_x64.inf
              3⤵
                PID:2648
              • C:\Windows\system32\regsvr32.exe
                C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_5.dll
                3⤵
                • Registers COM server for autorun
                • Modifies registry class
                PID:1448
              • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe X3DAudio1_7_x64.inf
                3⤵
                • Drops file in System32 directory
                PID:1104
              • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_6_x64.inf
                3⤵
                • Drops file in Windows directory
                PID:4356
              • C:\Windows\system32\regsvr32.exe
                C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_6.dll
                3⤵
                • Registers COM server for autorun
                PID:2516
              • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_6_x64.inf
                3⤵
                • Drops file in System32 directory
                PID:2068
              • C:\Windows\system32\regsvr32.exe
                C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll
                3⤵
                • Registers COM server for autorun
                • Modifies registry class
                PID:920
              • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DX9_43_x64.inf
                3⤵
                • Drops file in Windows directory
                PID:2404
              • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx10_43_x64.inf
                3⤵
                • Drops file in Windows directory
                PID:4836
              • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dx11_43_x64.inf
                3⤵
                  PID:1084
                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe d3dcsx_43_x64.inf
                  3⤵
                  • Drops file in System32 directory
                  PID:3200
                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe D3DCompiler_43_x64.inf
                  3⤵
                  • Drops file in Windows directory
                  PID:4320
                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XACT3_7_x64.inf
                  3⤵
                    PID:3672
                  • C:\Windows\system32\regsvr32.exe
                    C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_7.dll
                    3⤵
                    • Registers COM server for autorun
                    • Modifies registry class
                    PID:4512
                  • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                    C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe XAudio2_7_x64.inf
                    3⤵
                      PID:944
                    • C:\Windows\system32\regsvr32.exe
                      C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll
                      3⤵
                      • Registers COM server for autorun
                      • Modifies registry class
                      PID:320
                • C:\Windows\system32\vssvc.exe
                  C:\Windows\system32\vssvc.exe
                  1⤵
                  • Checks SCSI registry key(s)
                  • Suspicious use of AdjustPrivilegeToken
                  PID:1604
                • C:\Windows\system32\srtasks.exe
                  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                  1⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:5056
                • C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby2.exe
                  "C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby-Doo.and.the.Spooky.Swamp\Scooby2.exe"
                  1⤵
                  • Suspicious use of SetWindowsHookEx
                  PID:4816
                • C:\Windows\system32\OpenWith.exe
                  C:\Windows\system32\OpenWith.exe -Embedding
                  1⤵
                  • Suspicious use of SetWindowsHookEx
                  PID:2392
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                  1⤵
                  • Drops desktop.ini file(s)
                  • Checks processor information in registry
                  PID:3676
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
                  1⤵
                  • Checks processor information in registry
                  PID:4476
                • C:\Windows\system32\OpenWith.exe
                  C:\Windows\system32\OpenWith.exe -Embedding
                  1⤵
                  • Suspicious use of SetWindowsHookEx
                  PID:4844
                • C:\Windows\system32\AUDIODG.EXE
                  C:\Windows\system32\AUDIODG.EXE 0x510 0x4f4
                  1⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:380

                Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                  Filesize

                  1KB

                  MD5

                  586e3ed4faca9a09274f14693a18ada0

                  SHA1

                  5cb107a7ca3eb4a72715c2c1b872c021e59a0817

                  SHA256

                  01cbf776c5c8fd0b8293cfb84115dea622a3ad007e3cf6ff8c969cae24f493f9

                  SHA512

                  e64b25f65df4d40332e7d3359dfb2ee8baf8b86b44f2e268383ddfb51629fc66cfe592062f6fb9329823c0ccaa01874ad980cae74f28899499791d8c962814ba

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                  Filesize

                  471B

                  MD5

                  a84659e00d09b65942dd6319948f4b09

                  SHA1

                  5019ed50b4dc83eb14ee8f741b7fb78b0cd32483

                  SHA256

                  5883ea503ab00c9fa511bb6ba9f0367ef9e37951f681ed647d76e61646946708

                  SHA512

                  974b291e90ddf2bea9436bfb1ba6649530a29d1611885fc909e41a99f47211414c9cb86d13cbd30229274da1ca35533ad0da2c695499df77036cfe0b096ca404

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                  Filesize

                  724B

                  MD5

                  f569e1d183b84e8078dc456192127536

                  SHA1

                  30c537463eed902925300dd07a87d820a713753f

                  SHA256

                  287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

                  SHA512

                  49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_15F934FF48FB1733D8E1597F1CF89F8E
                  Filesize

                  471B

                  MD5

                  17cf9dce587a0172ed5024014092613a

                  SHA1

                  c4d54d41bb2065c443b71ce4cb0765afcf25ff5d

                  SHA256

                  c9e7f02104dba48ac14728545d4e4fbc2393ab6c2cb4b36504aad9626f8d10b1

                  SHA512

                  f0a65589627b6572c572246afb34bd963aeb3e64415a833bb35c7c65d5016ca3f28a8af2d8f727857677c42e2570c66fe219bd5f31a46df07d50edd0bee97928

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                  Filesize

                  410B

                  MD5

                  97aee7e8650be974a5dd256c8e349567

                  SHA1

                  ad98225ee7868c29b2856f18f4499f74a5c6e303

                  SHA256

                  106722433eacca17ba5c9c33cc6023ee230eae71df7175b2e3098e3da977be01

                  SHA512

                  4a8371aad1235116aa6872618c30c588570a452109955469248439839cc007994282cc6c863891e5b7160e9a0999d567a85a382a9a4c4426170fa7433114bee1

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                  Filesize

                  434B

                  MD5

                  4c7b4e31cf8ffd280151d92b89c59935

                  SHA1

                  fb213ca126f55b48e627fdce0d46454437ed9ea0

                  SHA256

                  62bc5498cd94c1d88df42b9122e529c03a1b032d1fefb72b27c1ad85dbc25748

                  SHA512

                  902074616d4d14ccf832c3a7dc092d1ecfd70b9dd8c7351b58a1dc161363a707551f97e84a2d02acb447151d8e1f2773cc1bdf8e960b28fe189877790ec044a0

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                  Filesize

                  392B

                  MD5

                  98f229af08fb0c20f78536968455d874

                  SHA1

                  dd308439e013db4f5f9ea005ef3d0b999ace4739

                  SHA256

                  99f0b262a2afae855ca00206af66d5aa9672bff1ce2ea8b7a64ca14b3d022bed

                  SHA512

                  657ae9dfee4b6d54348a2f6071d2413d331104269c45831c84dcb9cf13e0140dc0c71649966089249a2012b1e55efde482b67fd08e8f574222ba4b8706f8dbf0

                  Download Submit

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_15F934FF48FB1733D8E1597F1CF89F8E
                  Filesize

                  406B

                  MD5

                  cd73858615e527386b640bb900ccb340

                  SHA1

                  6bdaa18c01210bebc51cda5e106fd5423d101dcc

                  SHA256

                  4f1793ed8c7df97748f626675a4bf3b395645ba198f518cec8f07adebe793cc1

                  SHA512

                  f5efcfda155b61a0f98af2cb8cb77936fecbea4dd6277e804eab65d4e89e2ef9408fc826c6dd667cf1c7874137189788261cdf7227d7bf3ab7815d21b15d5199

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
                  Filesize

                  15KB

                  MD5

                  1a545d0052b581fbb2ab4c52133846bc

                  SHA1

                  62f3266a9b9925cd6d98658b92adec673cbe3dd3

                  SHA256

                  557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                  SHA512

                  bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
                  Filesize

                  852B

                  MD5

                  c63b78be661db700e44996e6e90901c6

                  SHA1

                  14860bb02fe3b5d0d9ee424b618e359150b9116e

                  SHA256

                  7c9a34cf2493d57cb4c921fd93fba2a0009cfda1a4b1ddfeeceee8e019c28e42

                  SHA512

                  359a46776040af3f134d29a45ffda0e48642f70490f74a1fc5539f7c697ef3a02a50b0adeddd012414b4b295eec447a7c587b4b4e3b7db2244ff0e98f0fdbd7a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dqptnfu\imagestore.dat
                  Filesize

                  3KB

                  MD5

                  0e7c64fc0b44edb0ead6b119ed681112

                  SHA1

                  4af5d391d6cc3c8057ceb4a2bea0318fe4012d3f

                  SHA256

                  3dd632f4b979607c28e9ff2a96c59377bff0f26e640b590ea91e0b5e05a7fc64

                  SHA512

                  b7d5c7e2bb551460f7b7b5182d31aef1f507368cd4e0404f22616cc3b4738ba962de3644770871e29b8dac5f153f7e5588ff56a5fc360fc7265d0957bfb5455a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_24.dll
                  Filesize

                  3.4MB

                  MD5

                  b165df72e13e6af74d47013504319921

                  SHA1

                  c45b192cf8904b7579bbc26c799aa7ffa5cbb1d4

                  SHA256

                  1ec422bd6421c741eef57847260967f215913649901e21dd9c46eb1b3bb10906

                  SHA512

                  859b6cd538735e5cc1c44f63d66b25588ad1ad32202cae606ff95b8c4a80f6a66db9ef7c5d43820010de9334b8bbbfb079939ce89ba0b760f5d651d7fa8268ed

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_24_x64.inf
                  Filesize

                  679B

                  MD5

                  2c4e850789bf9606aa4783cd9c26099a

                  SHA1

                  036ee1c9ce3b8c495b3d155fe83e54c00a2611d4

                  SHA256

                  f02bd6bb0ca1ed41698def1465c05f5b47ca459f886647f2d84f85c5c09dad9c

                  SHA512

                  f09cb85eb7024c89024d12dd40021d1df046bb825a985bee1cb164a5c026693325bc5d64491702731ed5cb71b5af7eef34f8a922bee6d9d5881ff113dce23d21

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_25.dll
                  Filesize

                  3.6MB

                  MD5

                  4c56e7c5b2a61353e534c7d15d05856d

                  SHA1

                  e6e0a59a1e8217ae06cda29942537bc4be25d5a1

                  SHA256

                  10b09474bfe4e2bb395472628646bc5f353fbfbec976575c45eeff49984ebaa6

                  SHA512

                  6f630ea0764b4551d80a96f6c2b9391ed5741f14431eec951699c0e42b9434a45841d71bea5576b285cc20d38fd082b4cfc8062e4aa61f80aed9e57869cdd5d2

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_25_x64.inf
                  Filesize

                  667B

                  MD5

                  fbed164855ae10f4c2d4eb238f414e6a

                  SHA1

                  7c3ec7759a23e77242bdc70c8033c013f2c794d6

                  SHA256

                  9af2752d59fc38dd26d30769132a0887ff4123269c0dc4406f5107295e69c7c1

                  SHA512

                  68e7d441aa0b842329f63ed34bb392d1582b635eee1bd1c8a797e9a59303fc85b0d842de0fd29d88fa3c8ac0bb6d858671101633161487d6353e73c862fb228d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_26.dll
                  Filesize

                  3.6MB

                  MD5

                  44f5c5e27d6825e4e62420bc29b8b533

                  SHA1

                  046455294e199af99c7c2d9174d25b230e6fd0e6

                  SHA256

                  30b06dbbd202494bae3b87487e7273adcffd17a9d2c29977030fde0570aa841b

                  SHA512

                  0c9adca329c386cb2caf0f36d672ba326929f02c29748b13188bb7ade3fbec9131ce86a6bf1b3064a2fbb8de6b8adc34208f667df31c5db182918e79744a830b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_26_x64.inf
                  Filesize

                  667B

                  MD5

                  831fb8a4394d256a5d7c15c16757912c

                  SHA1

                  961d7274de32808c4dce971d943ddd79a12e8d49

                  SHA256

                  6c152334efa5b011a44f160a23a5c58b66f3bcebbf6c4bc0722a526d36699a4b

                  SHA512

                  40f3d40cb40bd887ffa15a5fc60468e48f06bb1704d19061f9b51a9e2c15ab363644aac4618276910f6fc8d90f1083931916a9943306dcf736fc72feba2385c8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_27.dll
                  Filesize

                  3.6MB

                  MD5

                  914c3237e4d145a18dcd1d0d4c8659e1

                  SHA1

                  32503c8f8d80551c896bc2dbf2c8ae3c490f0ec4

                  SHA256

                  f9dd288c9895973f8db1856d172779041c6dee173ad1ef53b1727fc85cb6b75f

                  SHA512

                  c760b5b0b5507da8f2336b2b0625f344f28fac33da16a7d8771a122b0ba54ebf5d2a2f702f4ebb83ded746f38d63abd378a9aa3b3e50579fab7c047fe38e2c02

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\d3dx9_27_x64.inf
                  Filesize

                  667B

                  MD5

                  925202b48a83647982cb0d55ab10668d

                  SHA1

                  b04a29859288545a3f8f9daf6aa39bb7a8b4b59c

                  SHA256

                  6f56c5be97e703584dd832f35ebdc78c6aeb07cc9df155d47ed9903142086488

                  SHA512

                  72b6b4b951d04ecee1c4ea613734113b864a542dcc554e86e8d7b7fa2b0d05a1e7623051ca0809c3e934cf28cadca54acb76ad515f71a263ffd17c3872677b69

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\dxupdate.dll
                  Filesize

                  173KB

                  MD5

                  7ed554b08e5b69578f9de012822c39c9

                  SHA1

                  036d04513e134786b4758def5aff83d19bf50c6e

                  SHA256

                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                  SHA512

                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\dxupdate.dll
                  Filesize

                  173KB

                  MD5

                  7ed554b08e5b69578f9de012822c39c9

                  SHA1

                  036d04513e134786b4758def5aff83d19bf50c6e

                  SHA256

                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                  SHA512

                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  56KB

                  MD5

                  ac36c85030678eb69a498793a36a81e9

                  SHA1

                  a1719053eec7a206bd1d005e1038a1a7ca2eb1a0

                  SHA256

                  85a8b155b066d81efb5d4959f5ea59a9ce43d40663cb2aba05ef0e6d01c22c18

                  SHA512

                  47f26ed02bedc96b504344ac53418f63b1da4844b6db61d334dd9b09d0481584dbddc166a654c5b553d5609fb8fb90c01dee9329c68dd74c24ee6bd8eb136d06

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  56KB

                  MD5

                  ac36c85030678eb69a498793a36a81e9

                  SHA1

                  a1719053eec7a206bd1d005e1038a1a7ca2eb1a0

                  SHA256

                  85a8b155b066d81efb5d4959f5ea59a9ce43d40663cb2aba05ef0e6d01c22c18

                  SHA512

                  47f26ed02bedc96b504344ac53418f63b1da4844b6db61d334dd9b09d0481584dbddc166a654c5b553d5609fb8fb90c01dee9329c68dd74c24ee6bd8eb136d06

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  56KB

                  MD5

                  afd73a6c2e1172e4075c8b37816eb391

                  SHA1

                  eceaeaca967c9ac3239f65b4d4f75d994dabd7ee

                  SHA256

                  ea544793b661304f31f18e9d107a4b4b46bd198d806f6366870746fe52e01df9

                  SHA512

                  5c313c81808c664f056ccd64784e607439ed45874fe322afdf690aba6d8dc54c2b54e42f69ce003bd0aefd0ebe5518f102f846aaa96254d3218d62b4f5dc463b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  56KB

                  MD5

                  afd73a6c2e1172e4075c8b37816eb391

                  SHA1

                  eceaeaca967c9ac3239f65b4d4f75d994dabd7ee

                  SHA256

                  ea544793b661304f31f18e9d107a4b4b46bd198d806f6366870746fe52e01df9

                  SHA512

                  5c313c81808c664f056ccd64784e607439ed45874fe322afdf690aba6d8dc54c2b54e42f69ce003bd0aefd0ebe5518f102f846aaa96254d3218d62b4f5dc463b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  59KB

                  MD5

                  44f9c211701098d36dde44c5cf3afd63

                  SHA1

                  c020bb7dfb5932c5cbe19ca5d9feffde05781134

                  SHA256

                  d636d29f6019bcc232e62553728871097097aae05a6426bb86af15720de2e0e6

                  SHA512

                  b8aa96c4b8861b76f0c5c606f5458cc1e06e6e2ecd684f9ebde9e68a4d5057e84413816d78f88525fef63f4863a4b498c6d8cbc74faf8c555029dde7e34dec5a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  59KB

                  MD5

                  44f9c211701098d36dde44c5cf3afd63

                  SHA1

                  c020bb7dfb5932c5cbe19ca5d9feffde05781134

                  SHA256

                  d636d29f6019bcc232e62553728871097097aae05a6426bb86af15720de2e0e6

                  SHA512

                  b8aa96c4b8861b76f0c5c606f5458cc1e06e6e2ecd684f9ebde9e68a4d5057e84413816d78f88525fef63f4863a4b498c6d8cbc74faf8c555029dde7e34dec5a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  61KB

                  MD5

                  def5caad8a452d6515bd40df6dd6b51f

                  SHA1

                  c26a793ef0a117b9b960caaabf31fef6036576de

                  SHA256

                  34df5a253007edd15d14f28a333bac638fe961f0f3941b192d7a6a760c2635fe

                  SHA512

                  2f3984f126de1c89cb815e00587d41c9bc32358530d9d2931ef917f6d3a45422a80caf6bcbb1615a61e51d7cb81532795cafefdfc39f9dab7c2f7d70cc22a1bf

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  61KB

                  MD5

                  def5caad8a452d6515bd40df6dd6b51f

                  SHA1

                  c26a793ef0a117b9b960caaabf31fef6036576de

                  SHA256

                  34df5a253007edd15d14f28a333bac638fe961f0f3941b192d7a6a760c2635fe

                  SHA512

                  2f3984f126de1c89cb815e00587d41c9bc32358530d9d2931ef917f6d3a45422a80caf6bcbb1615a61e51d7cb81532795cafefdfc39f9dab7c2f7d70cc22a1bf

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\infinst.exe
                  Filesize

                  65KB

                  MD5

                  60db6abbe4d4f22d87cd15c9bdae79e7

                  SHA1

                  4dc25047507cb28a0855c8c2f5bf11fb0dbf1366

                  SHA256

                  10e420d85c6d2905d9ca076681c3b1d648bc1b5b3893c8eb5ff420d2b964f0cb

                  SHA512

                  846fc61367cc3fff2c0516c1872f1380e120684853fa9e4a6d077f94c83c99dfdc9f3d2cf7de587fe3988a3224b7ea7e0f27c7a76e11c5a6daaf03ed15864476

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  2.6MB

                  MD5

                  a73e7421449cca62b0561bad4c8ef23d

                  SHA1

                  cf51ca7d28fcdc79c215450fb759ffe9101b6cfe

                  SHA256

                  7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059

                  SHA512

                  63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  2.6MB

                  MD5

                  a73e7421449cca62b0561bad4c8ef23d

                  SHA1

                  cf51ca7d28fcdc79c215450fb759ffe9101b6cfe

                  SHA256

                  7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059

                  SHA512

                  63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  2.7MB

                  MD5

                  5e2b8b8a5ed016468716b9ff82a1806f

                  SHA1

                  f1772121149d87745738cd471d0e504301a9ad0d

                  SHA256

                  5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799

                  SHA512

                  4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  2.7MB

                  MD5

                  5e2b8b8a5ed016468716b9ff82a1806f

                  SHA1

                  f1772121149d87745738cd471d0e504301a9ad0d

                  SHA256

                  5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799

                  SHA512

                  4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  554KB

                  MD5

                  fb3bc0754921873a65f5fbdca845e6ee

                  SHA1

                  67cde5bc8577cd3040e275d290ac021874da9fe8

                  SHA256

                  f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8

                  SHA512

                  292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  554KB

                  MD5

                  fb3bc0754921873a65f5fbdca845e6ee

                  SHA1

                  67cde5bc8577cd3040e275d290ac021874da9fe8

                  SHA256

                  f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8

                  SHA512

                  292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  562KB

                  MD5

                  afcf5f50c632f3a5598abc28f196d77c

                  SHA1

                  294385693592f9d6320f8b0b18f45bc194d01a4d

                  SHA256

                  5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013

                  SHA512

                  29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  562KB

                  MD5

                  afcf5f50c632f3a5598abc28f196d77c

                  SHA1

                  294385693592f9d6320f8b0b18f45bc194d01a4d

                  SHA256

                  5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013

                  SHA512

                  29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  563KB

                  MD5

                  ccd53738df4fa27849b6bb05dd67d10d

                  SHA1

                  28126653a3d1b4574fcb0c09176f5fa0ff28ef78

                  SHA256

                  c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62

                  SHA512

                  aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  563KB

                  MD5

                  ccd53738df4fa27849b6bb05dd67d10d

                  SHA1

                  28126653a3d1b4574fcb0c09176f5fa0ff28ef78

                  SHA256

                  c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62

                  SHA512

                  aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  564KB

                  MD5

                  43c280c3b15ceb2472ab560d09629664

                  SHA1

                  e3a897d7608d03c93b5c2b8aef52703452cf6696

                  SHA256

                  bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c

                  SHA512

                  5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  564KB

                  MD5

                  43c280c3b15ceb2472ab560d09629664

                  SHA1

                  e3a897d7608d03c93b5c2b8aef52703452cf6696

                  SHA256

                  bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c

                  SHA512

                  5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  564KB

                  MD5

                  490807c150b7d8be44bde871f4df8c56

                  SHA1

                  69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e

                  SHA256

                  36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77

                  SHA512

                  9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  564KB

                  MD5

                  490807c150b7d8be44bde871f4df8c56

                  SHA1

                  69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e

                  SHA256

                  36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77

                  SHA512

                  9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  565KB

                  MD5

                  933085360527de1b4947289ca468184e

                  SHA1

                  d5ee5e1e3c992c7518b5ce510c627c1564131b12

                  SHA256

                  78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d

                  SHA512

                  2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  565KB

                  MD5

                  933085360527de1b4947289ca468184e

                  SHA1

                  d5ee5e1e3c992c7518b5ce510c627c1564131b12

                  SHA256

                  78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d

                  SHA512

                  2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  550KB

                  MD5

                  d3f1922325be8e7e1c72bfd8179454ce

                  SHA1

                  89134f43ce2af4adfbc4087392aee6fe56be7ff4

                  SHA256

                  8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12

                  SHA512

                  d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\DXFEA2.tmp\microsoft.directx.direct3dx.dll
                  Filesize

                  550KB

                  MD5

                  d3f1922325be8e7e1c72bfd8179454ce

                  SHA1

                  89134f43ce2af4adfbc4087392aee6fe56be7ff4

                  SHA256

                  8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12

                  SHA512

                  d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup.dll
                  Filesize

                  93KB

                  MD5

                  984cad22fa542a08c5d22941b888d8dc

                  SHA1

                  3e3522e7f3af329f2235b0f0850d664d5377b3cd

                  SHA256

                  57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                  SHA512

                  8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dsetup32.dll
                  Filesize

                  1.5MB

                  MD5

                  a5412a144f63d639b47fcc1ba68cb029

                  SHA1

                  81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                  SHA256

                  8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                  SHA512

                  2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll
                  Filesize

                  173KB

                  MD5

                  7ed554b08e5b69578f9de012822c39c9

                  SHA1

                  036d04513e134786b4758def5aff83d19bf50c6e

                  SHA256

                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                  SHA512

                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll
                  Filesize

                  173KB

                  MD5

                  7ed554b08e5b69578f9de012822c39c9

                  SHA1

                  036d04513e134786b4758def5aff83d19bf50c6e

                  SHA256

                  fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                  SHA512

                  7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif
                  Filesize

                  56KB

                  MD5

                  7b1fbe9f5f43b2261234b78fe115cf8e

                  SHA1

                  dd0f256ae38b4c4771e1d1ec001627017b7bb741

                  SHA256

                  762ff640013db2bd4109d7df43a867303093815751129bd1e33f16bf02e52cce

                  SHA512

                  d21935a9867c0f2f7084917c79fbb1da885a1bfd4793cf669ff4da8c777b3a201857250bfb7c2b616625a8d3573c68395d210446d2c284b41cf09cc7cbb07885

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                  Filesize

                  515KB

                  MD5

                  ac3a5f7be8cd13a863b50ab5fe00b71c

                  SHA1

                  eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

                  SHA256

                  8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

                  SHA512

                  c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe
                  Filesize

                  515KB

                  MD5

                  ac3a5f7be8cd13a863b50ab5fe00b71c

                  SHA1

                  eee417cd92e263b84dd3b5dcc2b4b463fe6e84d9

                  SHA256

                  8f5e89298e3dc2e22d47515900c37cca4ee121c5ba06a6d962d40ad6e1a595da

                  SHA512

                  c8bbe791373dad681f0ac9f5ab538119bde685d4f901f5db085c73163fc2e868972b2de60e72ccd44f745f1fd88fcde2e27f32302d8cbd3c1f43e6e657c79fba

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.inf
                  Filesize

                  477B

                  MD5

                  ad8982eaa02c7ad4d7cdcbc248caa941

                  SHA1

                  4ccd8e038d73a5361d754c7598ed238fc040d16b

                  SHA256

                  d63c35e9b43eb0f28ffc28f61c9c9a306da9c9de3386770a7eb19faa44dbfc00

                  SHA512

                  5c805d78bafff06c36b5df6286709ddf2d36808280f92e62dc4c285edd9176195a764d5cf0bb000da53ca8bbf66ddd61d852e4259e3113f6529e2d7bdbdd6e28

                  Download Submit

                • C:\Users\Admin\Downloads\Scooby-Doo.and.the.Spooky.Swamp.zip.dz1zkhl.partial
                  Filesize

                  1451.8MB

                  MD5

                  9a91f708a5f4c45db99f8141d6cdfb7b

                  SHA1

                  c9330ab22e048f4a449237a3caabcf1f804447c1

                  SHA256

                  f002072d73a071c12403c5898c3b385be05d3916acfdcefc5dd55716b68c371c

                  SHA512

                  3663d7046b4397194c1d51808cad351d2b023d3af07c3cf19c3c3345604a7bd9d57789c1729041da71bff5fc66655c19901eeea8075e9bb917cae3b948482ff8

                  Download Submit

                • C:\Windows\DirectX.log
                  Filesize

                  315B

                  MD5

                  a0f48d73f61bf35e68d118bc63b59949

                  SHA1

                  8e426f9d8747eee0e4b54ae0ab1f5f22faf7879c

                  SHA256

                  0b7e8fdb7a322fdb685d5de4a84aa3182cc747104f5c6179097dabe77437813f

                  SHA512

                  3ba6514e71085d892db377d792a1a6842247f024b3240cbdcc297812a825873a9a5bb75ff10d598df1376eabcfaec7c8d0d8b22854076b328213a76dbd74740e

                  Download Submit

                • C:\Windows\DirectX.log
                  Filesize

                  511B

                  MD5

                  4ff939d603084f85b6a89428e08dcee0

                  SHA1

                  ed5f6fbf25c15cb30aa2d8aed9185ee09737b34a

                  SHA256

                  2705a2fbc74b8101eabd2ffbe7709d2d3799de7d97737855d32b8751373120c0

                  SHA512

                  124672dc2ff8665b3c7495d1b91f4cb291cc5c98b6adff50d6d2e085e2a6dc192cb83d588e835fb62b9a06dd51b87c2fc18d59e3abbe5c7675a48ca0e51c74a1

                  Download Submit

                • C:\Windows\DirectX.log
                  Filesize

                  707B

                  MD5

                  8ba2e6ab9834f2f2e6ee0feee5770639

                  SHA1

                  8debd8c71d1464250982d482820927ba9ffeac65

                  SHA256

                  6260c031b8782b16b2ada68311e495e5d346187b2aa1795884f1468e694a9293

                  SHA512

                  46e3e1296e310db56c5cddc55458b62cadb91fa915734a04d8dd6cfcdb4224b5b92d144f62c2ca28981a7254bfb384ebbe5e4f46a4079d11fd551a57f2a4c00a

                  Download Submit

                • C:\Windows\SysWOW64\directx\websetup\dsetup.dll
                  Filesize

                  93KB

                  MD5

                  984cad22fa542a08c5d22941b888d8dc

                  SHA1

                  3e3522e7f3af329f2235b0f0850d664d5377b3cd

                  SHA256

                  57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                  SHA512

                  8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                  Download Submit

                • C:\Windows\SysWOW64\directx\websetup\dsetup.dll
                  Filesize

                  93KB

                  MD5

                  984cad22fa542a08c5d22941b888d8dc

                  SHA1

                  3e3522e7f3af329f2235b0f0850d664d5377b3cd

                  SHA256

                  57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308

                  SHA512

                  8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

                  Download Submit

                • C:\Windows\SysWOW64\directx\websetup\dsetup32.dll
                  Filesize

                  1.5MB

                  MD5

                  a5412a144f63d639b47fcc1ba68cb029

                  SHA1

                  81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                  SHA256

                  8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                  SHA512

                  2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                  Download Submit

                • C:\Windows\SysWOW64\directx\websetup\dsetup32.dll
                  Filesize

                  1.5MB

                  MD5

                  a5412a144f63d639b47fcc1ba68cb029

                  SHA1

                  81bd5f1c99b22c0266f3f59959dfb4ea023be47e

                  SHA256

                  8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6

                  SHA512

                  2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

                  Download Submit

                • memory/872-238-0x00000000006B0000-0x0000000000719000-memory.dmp

                  Filesize

                  420KB

                  Download

                • memory/872-239-0x00000000006B1000-0x000000000070C000-memory.dmp

                  Filesize

                  364KB

                  Download

                • memory/2652-222-0x0000000002271000-0x00000000022C8000-memory.dmp

                  Filesize

                  348KB

                  Download

                • memory/2652-221-0x0000000002270000-0x00000000022D4000-memory.dmp

                  Filesize

                  400KB

                  Download

                • memory/2752-231-0x0000000001F90000-0x0000000001FF6000-memory.dmp

                  Filesize

                  408KB

                  Download

                • memory/2752-232-0x0000000001F91000-0x0000000001FEA000-memory.dmp

                  Filesize

                  356KB

                  Download

                • memory/3380-225-0x0000000000970000-0x00000000009D4000-memory.dmp

                  Filesize

                  400KB

                  Download

                • memory/3380-226-0x0000000000971000-0x00000000009C8000-memory.dmp

                  Filesize

                  348KB

                  Download

                • memory/4816-268-0x00000000008D0000-0x00000000008E6000-memory.dmp

                  Filesize

                  88KB

                  Download

                • memory/4816-269-0x00000000008D1000-0x00000000008E0000-memory.dmp

                  Filesize

                  60KB

                  Download