Overview

overview

7

Static

static

3

My.Summer....pt.dll

windows10-2004-x64

1

My.Summer....ng.dll

windows10-2004-x64

1

My.Summer....S2.dll

windows10-2004-x64

1

My.Summer....en.dll

windows10-2004-x64

1

My.Summer....ty.dll

windows10-2004-x64

1

My.Summer....ty.dll

windows10-2004-x64

1

My.Summer....er.dll

windows10-2004-x64

1

My.Summer....re.dll

windows10-2004-x64

1

My.Summer....ng.dll

windows10-2004-x64

1

My.Summer....em.dll

windows10-2004-x64

1

My.Summer....UI.dll

windows10-2004-x64

1

My.Summer....ne.dll

windows10-2004-x64

1

My.Summer....ng.dll

windows10-2004-x64

1

My.Summer....ut.dll

windows10-2004-x64

1

My.Summer....ib.dll

windows10-2004-x64

1

My.Summer....tor.js

windows10-2004-x64

1

My.Summer....tor.js

windows10-2004-x64

1

My.Summer....no.dll

windows10-2004-x64

1

My.Summer....ks.dll

windows10-2004-x64

1

My.Summer....el.dll

windows10-2004-x64

1

My.Summer....ck.dll

windows10-2004-x64

1

My.Summer....pi.dll

windows10-2004-x64

1

My.Summer....64.dll

windows10-2004-x64

1

My.Summer....PC.url

windows10-2004-x64

1

My.Summer....up.exe

windows10-2004-x64

7

My.Summer....up.exe

windows10-2004-x64

7

My.Summer....st.exe

windows10-2004-x64

6

My.Summer....64.exe

windows10-2004-x64

7

My.Summer....86.exe

windows10-2004-x64

7

My.Summer....64.exe

windows10-2004-x64

7

My.Summer....86.exe

windows10-2004-x64

7

My.Summer....st.msi

windows10-2004-x64

7

Analysis

  • max time kernel
    273s
  • max time network
    271s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2023, 09:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    My.Summer.Car.v2023.02.22/_Redist/xnafx40_redist.msi

  • Size

    6.7MB

  • MD5

    97c2eebb30c5a88c68c8f24f37183f1d

  • SHA1

    49efdc29f65fc8263c196338552c7009fc96c5de

  • SHA256

    e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7

  • SHA512

    c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da

  • SSDEEP

    98304:wynfL329J1XswfXO6wiBB+4RZg6aENaCZAU5PMO0MntfERyJGH2YPq/:wYD3C1XXfzH+4cLHU5PM/Mnt+YGlq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 21 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 29 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 48 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\My.Summer.Car.v2023.02.22\_Redist\xnafx40_redist.msi
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:396
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:888
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:436
      • C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe
        "C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe" /silent
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        • Modifies registry class
        PID:4768
      • C:\Windows\syswow64\MsiExec.exe
        "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll"
        2⤵
        • Loads dropped DLL
        • Modifies registry class
        PID:4272
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      PID:1508

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e593168.rbs
      Filesize

      17KB

      MD5

      a908f29eb1fbfa6fbf70104b4f3a2bb7

      SHA1

      4277ce0e061955d789bff17fbb0781035c7fed60

      SHA256

      d20b717e62fe79be95eac96b5f31988d1c4ab2d17bcec93cceee88c74cbcfca3

      SHA512

      293ad128afeb9123544f5b55caf5611efc9b4eb2479c18305f7a19cc6550f88b8f5b236d1bc1b6df9c7096de10cd5bc1dca0a1c72662aee1fbeacabe08ad82c2

      Download Submit

    • C:\Config.Msi\e59316a.rbs
      Filesize

      596B

      MD5

      7646c20815e6d88d5a80814a5bdeb9d6

      SHA1

      9a20ef472fb07f9ea5b39f9ea9d08011820fe258

      SHA256

      39fe82e1e383279826c4c20a59f66d9f43108445322bab0306ab889c617ebd15

      SHA512

      195a380980392cb1a89885e369222eae03cc67a81b9384e5cee04a15cafdef27cbc08c60329fbcd5b3156f36d486859994334ed2c43ed8a80493911a1cbd1334

      Download Submit

    • C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Apr2007_d3dx9_33_x86.cab
      Filesize

      1.5MB

      MD5

      3676d740157493e80e7b8641289c003c

      SHA1

      8135aeeab67151dd4e2418d4907077f646e72873

      SHA256

      219441f975c200352a12dc3d8f82811fc7b53ed28d63761327933afbb660f876

      SHA512

      abfc5ea36a7368a34193c8f3771ae4e36c0d570ae0a20b11892184cd4e384d6abe6542769e3c890293b4e640faecf6392f84f5733017d8d86c65456caa24c6f7

      Download Submit

    • C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Apr2007_xinput_x86.cab
      Filesize

      55KB

      MD5

      f83f54f45ac15a32dc17614c4f6882d4

      SHA1

      fc8542fcd33bb9e669806409f677edec9bfb64fb

      SHA256

      5ab7bb15394e4ece850da5453413ab1de2ea97d5c93f86482b75073aaa05da9c

      SHA512

      e4dcccc3a4299d262b94b24ff4b29394bed71e211b80a8a457acc4ab89325500082e6a9b597bc7b1dbc35746d01a9aa038a9c3a401aa42a426fcc3d15f410c9a

      Download Submit

    • C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_X3DAudio_x86.cab
      Filesize

      20KB

      MD5

      ed093ce20bddc7c42ede4daf772ed5aa

      SHA1

      21beb0ef8130be1c62b8467dfb67bf3f7548cea1

      SHA256

      7fbf09682fd15d721ff2c5cb110b5ffcf5982cd2dd8d72b708cf3cd0bc4fa250

      SHA512

      734e397f4ed2554944e1d1f6f799794c4027792a06e9da25bab58e6e4ff58146058d8b45ff0cb9c861f77989cad029164945f22ffcb459432e1d3a2c7172525c

      Download Submit

    • C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_XACT_x86.cab
      Filesize

      90KB

      MD5

      5cf3585c99a59319ac10e18cc92f0024

      SHA1

      c48c25e6b7094eaf337fa986960f9895e5f465ba

      SHA256

      0ba00c41443639dea9b816fa2608088ccef5dbe850531dff4c1e7993804b0b60

      SHA512

      26b8213a5105b37912632c8abc1a07381210836e620f8f70d77b3b412a406e2e38df7af037001fe27f2da874e143c59aa7dbff90a9183e7619a8e5af0a23b158

      Download Submit

    • C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_XAudio_x86.cab
      Filesize

      270KB

      MD5

      5da6e4a80fa53568d2fdde31cbff2979

      SHA1

      9606fda70427cd9f4eb8e67b625417e2775e6876

      SHA256

      281bb0e12f617e9ae7fe3301a7d4a08201b377caa0311a886e8cddc2526f734a

      SHA512

      649fc2578388064267ebe8e55daada29d2e51ae6422b10088b6bfacd229bc0439aafdc4f9af7b3b5e187df179c72b4d85f70839a8c91505d17da06d53a40cf3b

      Download Submit

    • C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Mar2009_d3dx9_41_x86.cab
      Filesize

      1.5MB

      MD5

      0fdd6e4e5dfc5d913261355746402214

      SHA1

      a80c28755c9d3ca163bd377d1bd951a1c111733c

      SHA256

      5146e15d4c65590704286bfcfbbcc31e98a6832f8a7cc3bfdcb1e7fa5a647bb1

      SHA512

      9eb85c4507881fc1004c906ee954273bfbea8979d70b2321f197a3cf82121734225103e4239a9bfb591a980b70400a5d19b93482abc108c46614a20476a81f90

      Download Submit

    • C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\dxupdate.cab
      Filesize

      93KB

      MD5

      c187448c8104d30087f3f25a9d112014

      SHA1

      b64ac3e44f2f38a3bf8400f11a40a39039fc9caa

      SHA256

      54d68f154058433865708ee0dbf3ecf2d609ffbd618e84a1056440379494d9fd

      SHA512

      9148cece409557444eeaf66dee58e2a6043a64d7b76b91e6c4074a5ba0d066cd1ebb2c60d44e1c7a40ca1dc63d72aa7afcc410202901d5afbf2116e3ba8b0f11

      Download Submit

    • C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll
      Filesize

      46KB

      MD5

      ba187b4db5dae1bee29e6f18b7775b8b

      SHA1

      efce87100c26165cfd7eb627534e42cb72ddb5b7

      SHA256

      11bcc9f47d9b0397f6d78c08e7208ee812cbef54bb02a8c3a681608879471c8c

      SHA512

      c9c2c3760e495c611a925bb5ae162d4c4ac90f53e2c0a9d20f68085ab43cc0f0a7ad1d201564649e4cf67ef4402d874626c6911f01f8a055da0b993730afc12c

      Download Submit

    • C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll
      Filesize

      46KB

      MD5

      ba187b4db5dae1bee29e6f18b7775b8b

      SHA1

      efce87100c26165cfd7eb627534e42cb72ddb5b7

      SHA256

      11bcc9f47d9b0397f6d78c08e7208ee812cbef54bb02a8c3a681608879471c8c

      SHA512

      c9c2c3760e495c611a925bb5ae162d4c4ac90f53e2c0a9d20f68085ab43cc0f0a7ad1d201564649e4cf67ef4402d874626c6911f01f8a055da0b993730afc12c

      Download Submit

    • C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DSETUP.dll
      Filesize

      91KB

      MD5

      4d48dbe4d3a06c497435014e5c583f34

      SHA1

      159cbc37080b7ea3ceae8d25125b99f9f4948341

      SHA256

      9d47b4fa2dcce6a02a51324cfb97f5e153086c2eb8832b211e175cbe5fb850b3

      SHA512

      b8029bde36e4d6581916c131ec51d74f4a2b03abf5a238c503e1c7b19980d0946606375f0b4c3bd10b9c514e084368c356be8536b282bee887037d7d7f139732

      Download Submit

    • C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DSETUP32.DLL
      Filesize

      1.6MB

      MD5

      7c7cc9feb1026678c48bbabe84ea57c2

      SHA1

      4fe9c466fc65cf07af0e1440743b1822ab65849b

      SHA256

      a5c6df12f9fe2edab2a22fe7abf3cb17eac110a6fd469f2570ba04afc88ad767

      SHA512

      d9cca6dfd5966d45342b87afb6091bc8ad3beff039f9bc9c523f8118dc6723337c279cd652c19624250ed3934d8f4a2b15670652867c0114b7e785bbab4212e0

      Download Submit

    • C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe
      Filesize

      512KB

      MD5

      11dd6e8ab9759d1ac91ffe0d0e4949cb

      SHA1

      2a86774d0c87050d5c7aa9738cc3975303a40d0e

      SHA256

      16953a202265db5655b3dd972b855619728da76545a2f94bcbb6c43262f48d5b

      SHA512

      06828f51b3866f7c2b29861707bf8552b742e366783115b3062f08a9c0005c96507ecf1fff92ad41dc0318ad715176c39c84ff0424372b080bf7c031e4f307de

      Download Submit

    • C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe
      Filesize

      512KB

      MD5

      11dd6e8ab9759d1ac91ffe0d0e4949cb

      SHA1

      2a86774d0c87050d5c7aa9738cc3975303a40d0e

      SHA256

      16953a202265db5655b3dd972b855619728da76545a2f94bcbb6c43262f48d5b

      SHA512

      06828f51b3866f7c2b29861707bf8552b742e366783115b3062f08a9c0005c96507ecf1fff92ad41dc0318ad715176c39c84ff0424372b080bf7c031e4f307de

      Download Submit

    • C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dsetup.dll
      Filesize

      91KB

      MD5

      4d48dbe4d3a06c497435014e5c583f34

      SHA1

      159cbc37080b7ea3ceae8d25125b99f9f4948341

      SHA256

      9d47b4fa2dcce6a02a51324cfb97f5e153086c2eb8832b211e175cbe5fb850b3

      SHA512

      b8029bde36e4d6581916c131ec51d74f4a2b03abf5a238c503e1c7b19980d0946606375f0b4c3bd10b9c514e084368c356be8536b282bee887037d7d7f139732

      Download Submit

    • C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dsetup32.dll
      Filesize

      1.6MB

      MD5

      7c7cc9feb1026678c48bbabe84ea57c2

      SHA1

      4fe9c466fc65cf07af0e1440743b1822ab65849b

      SHA256

      a5c6df12f9fe2edab2a22fe7abf3cb17eac110a6fd469f2570ba04afc88ad767

      SHA512

      d9cca6dfd5966d45342b87afb6091bc8ad3beff039f9bc9c523f8118dc6723337c279cd652c19624250ed3934d8f4a2b15670652867c0114b7e785bbab4212e0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\FEB2010_X3DAudio_x86.inf
      Filesize

      1KB

      MD5

      e84adf38d499ae39090ad60fd76d76e3

      SHA1

      6af4d58bc04aac2723e8b97649f1b35fb1aca84c

      SHA256

      d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a

      SHA512

      6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\FEB2010_XACT_x86.inf
      Filesize

      1KB

      MD5

      82c10b720e33be099f69e4010d44ecd2

      SHA1

      e95a2eb23db3fd610d71089500aad523f93c9469

      SHA256

      e850fdb84bcac0f667927e53fee943efd3f43be6c6a0ae1e17f3fff83ddb2635

      SHA512

      853261c439b26cdc8991ac289b9f9925976452ed613481b0cf09e75444882805ffa15633eba441d8e1a04641f5f6378b68e2270a6a48d3911d7f9c2c0b1235bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\FEB2010_XAudio_x86.inf
      Filesize

      1KB

      MD5

      e6e942a2cfbb587bfcc4203b5bb34fd4

      SHA1

      2e0172ea1936911a98e11a6e98990703e24172c0

      SHA256

      74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca

      SHA512

      3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\Mar2009_d3dx9_41_x86.inf
      Filesize

      1KB

      MD5

      b37a5ff044eb65521a290c79ba1a3e00

      SHA1

      ed505464894bd3e52654834487f3821ae117edfe

      SHA256

      bd29711cc2ecd924990167ffa95f48842e24aeed3acef1023717040240b4bbb6

      SHA512

      eae4408cfa7f9c39b101489688cc570a184b8a57f3d20d3b0452a581fb80c4f485dc2f512a39669a92a5bde81fbf474e1585f566ff482e87610780c23126c21e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\X3DAudio1_7.dll
      Filesize

      21KB

      MD5

      c811e70c8804cfff719038250a43b464

      SHA1

      ec48da45888ccea388da1425d5322f5ee9285282

      SHA256

      288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3

      SHA512

      09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\XAPOFX1_4.dll
      Filesize

      72KB

      MD5

      e4ce2af32f501a7f7dddd908704a0ee6

      SHA1

      9dc2976efb15b6fba08bebdeb98929b6961063a5

      SHA256

      0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06

      SHA512

      ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\XAudio2_6.dll
      Filesize

      515KB

      MD5

      4976243bd70fae3d1d24e49739ab2710

      SHA1

      6ef27b10bcf4e697fe77c3e964b326be11e4444f

      SHA256

      61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7

      SHA512

      af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\apr2007_d3dx9_33_x86.inf
      Filesize

      1KB

      MD5

      044cae9c30c88bda73727243f5e5206d

      SHA1

      de744e349cf4ea458b10657d510966d21ad08d67

      SHA256

      349a09a2791d697bffffc61410a536cdcf258f0d7c86dda44a297e8aec4bdf00

      SHA512

      18e501142004afbcd28b41bdd3a9b19e2eebc047d7858ee11a9135f19759cfd8c643ff074a51e937bbcab7162888fd95effc146be21fe63dfc300ef03ed44056

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\apr2007_xinput_x86.inf
      Filesize

      1KB

      MD5

      e188f534500688cec2e894d3533997b4

      SHA1

      f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

      SHA256

      1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

      SHA512

      332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\d3dx9_33.dll
      Filesize

      3.3MB

      MD5

      cdb1cd22baff21f48606b3c1a18b000b

      SHA1

      9315b5db975a34dbebdb4dcae652ba1db01c482c

      SHA256

      c6b7b2ad7742dde5dd8d1a35fdc1c185e586e551ad9c74d3fb21759cd8ca4da8

      SHA512

      c5fb24de8f1ee6fc1ed6e74580b5d22599ea4eb6c3589645fff0b15dc8dca051c4917e60fbc00ca86542dd63a8f5e40da92ea77e24826c0c6bdba9b58c36d4db

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\d3dx9_41.dll
      Filesize

      4.0MB

      MD5

      3fa06cf5079b84155d18b05c08f7131b

      SHA1

      fafe52876151a08f39dbb6b4aa137dd85558ba5f

      SHA256

      6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6

      SHA512

      24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\dxupdate.dll
      Filesize

      169KB

      MD5

      c4842e139fca422e265c91c44a1341d6

      SHA1

      299a5ab4644fe7302b515aa10ef0f1715046275c

      SHA256

      b1f954cd75dc3c9d5bc57f1a4c28720ee3639aa8a4306f3da7b27d3c361ff8f5

      SHA512

      e85a35164e0feafa73a676dacf67d275b8e8aa5be40d861743662a7d1ac8135625c2d59a73e5c77fe1e3e8bd8523d9c823c89137aa4cb1b32d392cd9a1b59989

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\dxupdate.dll
      Filesize

      169KB

      MD5

      c4842e139fca422e265c91c44a1341d6

      SHA1

      299a5ab4644fe7302b515aa10ef0f1715046275c

      SHA256

      b1f954cd75dc3c9d5bc57f1a4c28720ee3639aa8a4306f3da7b27d3c361ff8f5

      SHA512

      e85a35164e0feafa73a676dacf67d275b8e8aa5be40d861743662a7d1ac8135625c2d59a73e5c77fe1e3e8bd8523d9c823c89137aa4cb1b32d392cd9a1b59989

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\dxupdate.dll
      Filesize

      169KB

      MD5

      c4842e139fca422e265c91c44a1341d6

      SHA1

      299a5ab4644fe7302b515aa10ef0f1715046275c

      SHA256

      b1f954cd75dc3c9d5bc57f1a4c28720ee3639aa8a4306f3da7b27d3c361ff8f5

      SHA512

      e85a35164e0feafa73a676dacf67d275b8e8aa5be40d861743662a7d1ac8135625c2d59a73e5c77fe1e3e8bd8523d9c823c89137aa4cb1b32d392cd9a1b59989

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\dxupdate.inf
      Filesize

      12KB

      MD5

      8c281fcb5546d1ed3cdaf6e3f7303139

      SHA1

      de342a17f2df0386f6584e2f55ae43c558ceb6c4

      SHA256

      7530c6e18dbb522c5f4fbf6714962c185ea318f9eab7aeb833b0cc07cd2fe656

      SHA512

      344ea0a375c8851fcf413f441a1cac3013b3748d1630a4d677da72e98f41823bf9427d896de7e1fe35bf868279538cf3b8322aa6ef20025bff48a6bb7f8c42d3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\xactengine3_6.dll
      Filesize

      233KB

      MD5

      f81c4678a55ffee585ac75825faf5582

      SHA1

      8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc

      SHA256

      8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f

      SHA512

      8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DX3C44.tmp\xinput1_3.dll
      Filesize

      79KB

      MD5

      77f595dee5ffacea72b135b1fce1312e

      SHA1

      d2a710b332de3ef7a576e0aed27b0ae66892b7e9

      SHA256

      8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

      SHA512

      a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

      Download Submit

    • C:\Windows\Installer\e593167.msi
      Filesize

      6.7MB

      MD5

      97c2eebb30c5a88c68c8f24f37183f1d

      SHA1

      49efdc29f65fc8263c196338552c7009fc96c5de

      SHA256

      e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7

      SHA512

      c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da

      Download Submit

    • C:\Windows\Logs\DirectX.log
      Filesize

      10KB

      MD5

      00fd637e39bb2a9ef8e2607db3387f2d

      SHA1

      97a69ef1ef9f6ca22b5a617f43dffb2707b17205

      SHA256

      f9bc3998117b19117c8854380571bd37a453c65c461b7267eb742617f2845e7c

      SHA512

      ca8cd096caa2dc3782d62c37de04a0d5a61173d00d56f8d9acfefb2d8e68c478e5b6f080b8dd21750157074dda8bda7d5abb3aa1e7b933e335a3d97ddb53c460

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Graphics\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Graphics.dll
      Filesize

      417KB

      MD5

      c76b932d5308f2c33b2b25077fc93fdc

      SHA1

      3877403187dc35eb57cbe9940166e57021b2275b

      SHA256

      39aed7fd8e308ccace5ce9390256f1c829ca72c2eccd97d4a0f629f24015d3a5

      SHA512

      d84c39c2aaff47a0a9899a695ccf450b1c126388f25e9c186a313a31c81f584768d8a5928916fe6e0a7dafee66c7d11909ebdd1468b7b80a3892de1ddf252f74

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Xact\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Xact.dll
      Filesize

      74KB

      MD5

      cf7788e795f1c743d6ee0bf8de3fa502

      SHA1

      db2bf000c096a91aca46da5fe35326761c63053f

      SHA256

      6824bb0b7b42626d1ed5b7ab7e4dab4a380fa010175d4de0fadb1c3904e491d1

      SHA512

      13cd0d8d7479d7bb9b721cbd8109764bfb58e4dc01661e8fd6819f1cb182e408766e7cc61103e95763bdc1e11ab4b901ae05c8748e18b5f730ec78c5868f7781

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.dll
      Filesize

      657KB

      MD5

      343f79fe3dcfe0828f7ac2a13f8f7210

      SHA1

      8daafd2b9e44f0b46b2dc6ba4607ef155964db0e

      SHA256

      8b7aa4c4939f243b21432747281cc8aacdcda56191a16d9eaa036b4136cf0da4

      SHA512

      651d7acf8effe6a77ce094c88163adb950830d2f5779f900129391f2f9ca7393163749084e861fbd742e26f61c350225107d64dcf888c0b5d4ac9de8ae99d44a

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Avatar\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Avatar.dll
      Filesize

      24KB

      MD5

      7b26de335983eb8b800a67ef5ff077d5

      SHA1

      f614672dd8b25985a417ed339a6a6532c9e57800

      SHA256

      7688ebdffc98433eef8aada293a8c4beec6d6acfc0e1f91ca8eb2f1c350e7cec

      SHA512

      fc14dcda0703c8ade152bee32b4c4175c37e98500cc1370d4de0ffd0eac398edae3a42d29711e6ec841231fab0eed228fc6eba69347b54a8e125866ae6822043

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.GamerServices\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.GamerServices.dll
      Filesize

      70KB

      MD5

      f1e460b7805cbc4901c410f2767912ab

      SHA1

      01e7f335e58af5140bc7953518739f43c59f1c98

      SHA256

      627e84c06cc4e409870b068c9ec9149adba425e47e64185f92d839db2aa35484

      SHA512

      3f34bb839deb6af6b68946aaeac17fa3a1e419d2f8310f37d1f460bda329c2bd46e380fe18f883389dcc64e482e596a0b31e0291b202abefe1c6976d5dec8751

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Input.Touch\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Input.Touch.dll
      Filesize

      22KB

      MD5

      911fbe5496efbaed4ea67497fa63c633

      SHA1

      570911a579cd752ceedbe9b07efc1c8c832cfda9

      SHA256

      2191bad4540b50723acbda55bd2c6e5d80cc6f84ad989ff89ddda672348577b2

      SHA512

      6ffc30116c62f9a91e5d6fee4133e87417df14aafdf5443f7002b46c20ddbf0eca242ea54f8711b31defb42ad0ef3f5f11b16e699ce3dbdaa728ec1661e00d7d

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Net\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Net.dll
      Filesize

      53KB

      MD5

      378479eead647cedc6b74bf84e5514a2

      SHA1

      8dac9af1bec30f93a4aa6650ced1f64dd0791841

      SHA256

      3c0b37068ad56193fd613eb8f6bd321e7e08a99b9cf85606ccddf060afb1263b

      SHA512

      6b0cb09a21121d2eed1277c0989d5ae142b6c724886ada5f713f762c61641901fadbb4fdea115cbdb662ceee220aa7d684e5a7a0613fc3a642bbad36e9c22e88

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Storage\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Storage.dll
      Filesize

      20KB

      MD5

      17c4074e1d0977182060959ec63e18a6

      SHA1

      af73bc4b90899793525ca472a1b90312c33063e9

      SHA256

      7edbb80c699ce3ead8aee5a512ee34c7718cb5dceeb1d0577e788ad8d0ad9383

      SHA512

      b7d7fc7b21f3fd480e6ee40cfb3682b898382ad2397cc38ef7258db68dcac31de0f64b8adae5ac92d0b31c3cf85c2489a04dfa77675104134d874fb4871e91b0

      Download Submit

    • C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Video\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Video.dll
      Filesize

      17KB

      MD5

      94b8554692a89f1955b9219e0f26442b

      SHA1

      cd34862740a30b2f0fd391fa16b082edb79d155b

      SHA256

      63c7673c936747abd9ebe779e8837c8b8add2c078a31216684fbf8c6bcab2745

      SHA512

      9a6762e9cd8bd26dd347c8166dc59b31159c9e5295d39773c69228d73b5f3f850bbd41f733b1f880623bcd4c929f13d66e2168f2e1972842a6e031d069ec92b4

      Download Submit

    • C:\Windows\SysWOW64\XAudio2_6.dll
      Filesize

      515KB

      MD5

      4976243bd70fae3d1d24e49739ab2710

      SHA1

      6ef27b10bcf4e697fe77c3e964b326be11e4444f

      SHA256

      61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7

      SHA512

      af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

      Download Submit

    • C:\Windows\SysWOW64\xactengine3_6.dll
      Filesize

      233KB

      MD5

      f81c4678a55ffee585ac75825faf5582

      SHA1

      8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc

      SHA256

      8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f

      SHA512

      8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

      Download Submit

    • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
      Filesize

      23.0MB

      MD5

      af80bdfe9210291a2a355f1cfcf39423

      SHA1

      b854a5855cf87682bb615a9bbfa3f7ecf2d2d421

      SHA256

      977613cac23cf72b7dda539d12ca486966a222115c34e9e6f788ab15ec8a2e7b

      SHA512

      0215c474978bac53c096282eba624ec0bbcf5bf0d165c9184e1e1732f8296096449f7b4bb9428905e7d50ceec0969df3ed00345b7b9b35da9e6bb22ef154e1c0

      Download Submit

    • \??\Volume{650106ce-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{15ac3678-e279-470d-805e-127cba140b92}_OnDiskSnapshotProp
      Filesize

      5KB

      MD5

      490c4f4cd68230b0c379f6ecb59262f2

      SHA1

      756ccc47fc50963fa1e7e425debdac0ae1352331

      SHA256

      013abd03e16024b11cf1a133a9d3d2f60fb07d1e44501da46b305b2c9c358920

      SHA512

      53adbfba14d49f2020dc18b96c613e3ef67842d25b64dcc0fa76d022a49d75dc4efca341a3bf7bdde09adb8ef4ef0bf4e3b0012f6b4087708f2c8b4c39361544

      Download Submit

    • memory/888-43-0x000001DBB5380000-0x000001DBB538C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/888-40-0x000001DBB55F0000-0x000001DBB5604000-memory.dmp

      Filesize

      80KB

      Download

    • memory/888-49-0x0000000000180000-0x0000000000196000-memory.dmp

      Filesize

      88KB

      Download

    • memory/888-46-0x000001DBB55D0000-0x000001DBB55DA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/888-34-0x0000000000110000-0x000000000017C000-memory.dmp

      Filesize

      432KB

      Download

    • memory/888-31-0x000001DBB53B0000-0x000001DBB53C8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/888-28-0x000001DBB5390000-0x000001DBB53A8000-memory.dmp

      Filesize

      96KB

      Download

    • memory/888-25-0x0000000000060000-0x000000000010A000-memory.dmp

      Filesize

      680KB

      Download

    • memory/888-37-0x000001DBB5370000-0x000001DBB537C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/888-22-0x000001DBB5360000-0x000001DBB536C000-memory.dmp

      Filesize

      48KB

      Download