Malware Analysis Report

2025-08-10 12:04

Sample ID 240222-zq7yxsfa9s
Target https://c4.kemono.su/data/df/5f/df5fb1c3061638667dac8d6d958f5ce7d0674a7af9a212b91b238f09b430f992.bin?f=NinjaRipper2016_setup.exe
Tags
discovery evasion persistence trojan upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://c4.kemono.su/data/df/5f/df5fb1c3061638667dac8d6d958f5ce7d0674a7af9a212b91b238f09b430f992.bin?f=NinjaRipper2016_setup.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence trojan upx

Downloads MZ/PE file

Loads dropped DLL

UPX packed file

Registers COM server for autorun

Executes dropped EXE

Checks whether UAC is enabled

Checks installed software on the system

Drops desktop.ini file(s)

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Modifies data under HKEY_USERS

Enumerates system info in registry

NTFS ADS

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-22 20:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-22 20:56

Reported

2024-02-22 21:12

Platform

win10v2004-20240221-en

Max time kernel

932s

Max time network

934s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://c4.kemono.su/data/df/5f/df5fb1c3061638667dac8d6d958f5ce7d0674a7af9a212b91b238f09b430f992.bin?f=NinjaRipper2016_setup.exe

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOCDEDAAAB\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\x86\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\dxwebsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c1e3f122-a2ea-442c-854f-20d98f8357a1}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0aa000aa-f404-11d9-bd7a-0010dc4f8f81}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_2.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_5.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_2.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54b68bc7-3a45-416b-a8c9-19bf19ec1df5}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1138472b-d187-44e9-81f2-ae1b0e7785f1}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_2.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1138472b-d187-44e9-81f2-ae1b0e7785f1}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3a2495ce-31d0-435b-8ccf-e9f0843fd960}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_0.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_0.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d3332f02-3dd0-4de9-9aec-20d85c4111b6}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_2.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c7338b95-52b8-4542-aa79-42eb016c8c1c}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c1e3f122-a2ea-442c-854f-20d98f8357a1}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0aa000aa-f404-11d9-bd7a-0010dc4f8f81}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_3.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0977d092-2d95-4e43-8d42-9ddcc2545ed5}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_10.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_1.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c7338b95-52b8-4542-aa79-42eb016c8c1c}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_4.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_5.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1138472b-d187-44e9-81f2-ae1b0e7785f1}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0977d092-2d95-4e43-8d42-9ddcc2545ed5}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\system32\regsvr32.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\Downloads\dxwebsetup.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\SET75E.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET185F.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET26ED.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\system32\SET312E.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Feb2006_d3dx9_29_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\xinput1_1.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\system32\SET2BB.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_34.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SETF8A4.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_6.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET2895.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET2961.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\DirectX\WebSetup C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET1C1.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\xactengine3_6.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETFEF2.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET1615.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET2961.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2007_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2007_d3dx10_35_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2010_xaudio_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETED6E.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\xactengine2_2.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET2D20.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2008_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET1886.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\system32\SET20B3.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx11_43.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2007_d3dx10_34_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET1172.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET185F.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET1EBF.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET400.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\XAPOFX1_0.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET19CD.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\system32\SET2343.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\D3DX9_39.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\system32\SET19CD.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET1A46.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET2E01.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET377.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET701.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SETD3A.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET1885.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET32E4.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET1C7D.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET1EC0.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\system32\SET2344.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET2E01.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETFA6E.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx9_33.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET605.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET8E5.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\XAPOFX1_2.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET209A.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SET2DED.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\d3dcsx_43.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\directx\websetup\SET7F52.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SETF229.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETFC63.tmp C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\X3DAudio1_4.dll C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Dec2005_d3dx9_28_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SETEB7C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SET1347.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\up_arrow_dark.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\3Dfx\x86\Napalm\Glide3x.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\MS\x86\D3DImm.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\noesis\import_nr\nrtools.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\NinjaRipper2.exe C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\MS\arm64x\D3D9.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\down_arrow_combo_dark_disabled.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\3dsmax\import_nr\nrimp.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\maya\import_nr\import_nr.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\noesis\import_nr\nrimp.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\wrappers\d3d11.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\intruder.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\wrappers\d3d11.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Svg.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\wrappers\readme_wrappers.txt C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\Doc\ReadmeDirectX.url C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\down_arrow.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\maya\import_nr\nrmayaimp.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Core.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\dgVoodoo.conf C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\3dsmax\import_nr\nrtools.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\MS\x86\D3D9.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\copy_mayaaddon_to_mayadir.bat C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\noesis\fmt_ninjaripper_nr.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\checkbox_checked.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\d3dcompiler_47.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\dxcompiler.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\3Dfx\arm64\Glide.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\translations\Русский.qm C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\wrappers\dxgi.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Gui.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\readme_maya.txt C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\maya\import_nr\__init__.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\maya\import_nr\nrdump.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\down_arrow_dark.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\Qt5Gui.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\dxcompiler.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Network.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\up_arrow.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\3dsmax\import_world.ms C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\3dsmax\import_nr\nr3dsimpmain.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\noesis\import_nr\nrfile.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\libeay32.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\3Dfx\arm64\Glide3x.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\translations\nr.ts C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\dgVoodooCpl.exe C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\3dsmax\import_local.ms C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\wrappers\where_is_opengl.txt C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\maya\import_nr\nrtools.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\noesis\import_nr\nrnoeimp.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\Qt5Network.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\intruder.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\platforms\qwindows.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\wrappers\dxgi.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\3Dfx\x64\Glide3x.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\down_arrow_combo_dark.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin32\Qt5Widgets.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\noesis\import_nr\nrdump.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\images\checkbox_unchecked_dark.png C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\ssleay32.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\wrappers\d3dwrapper.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\3dsmax\import_nr\nrfile.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\importers\maya\import_nr\nrimp.py C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
File created C:\Program Files (x86)\Ninja Ripper 2.0.16\external\dgVoodoo2\3Dfx\x64\Glide.dll C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msdownld.tmp\AS63E962.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS641554.tmp\Aug2008_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS647517.tmp\Feb2010_xaudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS627BC8.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS629CDD.tmp\Feb2006_d3dx9_29_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS63DC62.tmp\Nov2007_x3daudio_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\msdownld.tmp\AS631A2B.tmp\Mar2009_d3dx10_41_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS63CDFA.tmp\Aug2007_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS63FB54.tmp\Jun2008_d3dx10_38_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS64017E.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS63462D.tmp\Jun2010_D3DCompiler_43_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS63844F.tmp\Aug2006_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS63F44F.tmp\Mar2008_xaudio_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS645914.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly\tmp\1DO6YGQN\__AssemblyInfo__.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS6277C1.tmp\Dec2006_d3dx10_00_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS633DB1.tmp\Jun2010_d3dx10_43_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS63844F.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS640508.tmp\Jun2008_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS6418FD.tmp\Aug2008_xaudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS642EE7.tmp\Nov2008_d3dx9_40_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS6465E5.tmp\Aug2009_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS64A540.tmp\MDX_1.0.2907.0_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS64AD00.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly\tmp\R1XFV3AZ\__AssemblyInfo__.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\msdownld.tmp\AS627BC8.tmp\Dec2006_d3dx10_00_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS637069.tmp\Apr2006_d3dx9_30_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS6394E9.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS642B1E.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly\tmp\ZJ7UBF2L\__AssemblyInfo__.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS649513.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS63C05E.tmp\Aug2007_d3dx9_35_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS649021.tmp\Jun2010_xaudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\assembly\tmp\EPP8DOA9\Microsoft.DirectX.DirectSound.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS6465E5.tmp\Aug2009_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\msdownld.tmp\AS6277C1.tmp\Dec2006_d3dx10_00_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS62EB89.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS63844F.tmp\Aug2006_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS63DB68.tmp\Nov2007_x3daudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS62C370.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS63462D.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS63E1B1.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS6429A7.tmp\Nov2008_xaudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe N/A
File created C:\Windows\msdownld.tmp\AS62AD29.tmp\Dec2006_d3dx9_32_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS63BEF6.tmp\Jun2007_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS64556A.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS649292.tmp\Jun2010_xaudio_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000eb7a6b2c8ffa81410000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000eb7a6b2c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900eb7a6b2c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1deb7a6b2c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000eb7a6b2c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31090130" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A637DEB5-D1C6-11EE-8477-4E7D9308121B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4053240453" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{52C0F3C0-D1C6-11EE-8477-4E7D9308121B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bcabfab3b3f7bd409a5875059ab76f1200000000020000000000106600000001000020000000852e776074f45c983c892574fa7d96ff2093d329b2c5bcf35be4566a47bae383000000000e8000000002000020000000d9aac02e794405a205d4d31ac2e3e945f98459eaef886a3bfe31ec649b2aae7420000000ecb3826620f287f90361e1157735e315b83ae298e81e0dcea955edb04b2a6b2f400000001eb85f9b849d21c60c41b5289bd06a18881bafb4ef04d8de7188d43a9e732930c0cb6e878139a00f422aab95ccd935a08ffcd07afd4c54c88b2c207f61d742fb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 402a2e16d365da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0bd4c6ad365da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bcabfab3b3f7bd409a5875059ab76f120000000002000000000010660000000100002000000058a74d4158ab6deab529811ab19e96f2ecd06632336e8b6b9454a815a0871d97000000000e80000000020000200000004bfe47322bae4ec04840d5e13789a9621cdf3709559802bc19c2cd39da30bc68200000004bb4c5b0451a41499d8184e055ce1355a4fdbe0fcedf508c0114aacae7e3a6c0400000004be6a158c35798f104ff6b2696b194b4a74059551cafa8653561792a69e33d064aca46045b97c02c380ff00238e99dabc29b4857cb9539a0785f5122b6ecea56 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bcabfab3b3f7bd409a5875059ab76f12000000000200000000001066000000010000200000006bfa2e72adf617adbe4b979d7e55f65ee89c35be5a357689935eb7b777815475000000000e8000000002000020000000cee0d1684b158aa02966234397fb104fa23313a2454c7e0b373bc68946f5073c20000000a0c00e4a219a9c5bc3dd1b7fb200715922f35cc39d9b838d10c18d9ff9c1c7ef4000000017796e95fbcff1eda00a9841d6dff4a536c8ce935dd8e9cef2a75ada9e5df47d74f04a11690c337c5284921d027c1ae08e073c6d10b124d2c9e482d157a960dc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31090130" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bcabfab3b3f7bd409a5875059ab76f1200000000020000000000106600000001000020000000f0bdbbafa0736b41aa4219341f08ae71706d9fc805cc1ae9d3bd79f1f8995aa7000000000e800000000200002000000030fabbad24f3b80f1934ccd720cb4052a1a0fa1c29fc724e2e840860acac5fa420000000410e8fb878b15a54e51144c0d33f4b0cada743d219427c3d3f0574b8d130d9b14000000049173639444c41f9ae4156fa64bb2834f7c1b6184158f83191275534240783482e12bbe38e8d2faaaa9a7a127eb0970d68888ba9cb89ee22f942c4780b44b8f8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1D337FE8-D1C6-11EE-8477-4E7D9308121B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4053240453" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00e0a4f2d265da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07caef2d265da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "50" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0977d092-2d95-4e43-8d42-9ddcc2545ed5} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c7338b95-52b8-4542-aa79-42eb016c8c1c} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\ = "AudioVolumeMeter" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\ = "XACT Engine" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1138472b-d187-44e9-81f2-ae1b0e7785f1}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8bb7778b-645b-4475-9a73-1de3170bd3af}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_4.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_1.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3a2495ce-31d0-435b-8ccf-e9f0843fd960}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0aa000aa-f404-11d9-bd7a-0010dc4f8f81} C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3a2495ce-31d0-435b-8ccf-e9f0843fd960} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f}\ = "XACT Engine" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\ = "XAudio2" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c1e3f122-a2ea-442c-854f-20d98f8357a1} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0977d092-2d95-4e43-8d42-9ddcc2545ed5} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\ = "AudioVolumeMeter" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_1.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\ = "XACT Engine" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings C:\Users\Admin\Downloads\x86\NinjaRipper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{962f5027-99be-4692-a468-85802cf8de61}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\ = "AudioVolumeMeter" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine3_5.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af} C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8bb7778b-645b-4475-9a73-1de3170bd3af} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54b68bc7-3a45-416b-a8c9-19bf19ec1df5}\ = "XACT Engine" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{77c56bf4-18a1-42b0-88af-5072ce814949} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine3_0.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\ = "XAudio2" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\ = "AudioReverb" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 795551.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 352679.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 35 N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
Token: 35 N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\dxwebsetup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe N/A
N/A N/A C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\x86\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\x86\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\x86\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\x86\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\x86\NinjaRipper.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1332 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1544 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1332 wrote to memory of 1848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://c4.kemono.su/data/df/5f/df5fb1c3061638667dac8d6d958f5ce7d0674a7af9a212b91b238f09b430f992.bin?f=NinjaRipper2016_setup.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff96dce46f8,0x7ff96dce4708,0x7ff96dce4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5916 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8

C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe

"C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe"

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe

"C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ninjaripper1.7.1_with_new_script.7z"

C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe

"C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe"

C:\Users\Admin\AppData\Local\Temp\7zOCDEDAAAB\NinjaRipper.exe

"C:\Users\Admin\AppData\Local\Temp\7zOCDEDAAAB\NinjaRipper.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7240 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap31638:112:7zEvent5255

C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe

"C:\Users\Admin\AppData\Local\Temp\7zOCDE99DBE\NinjaRipper.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6675:124:7zEvent9904

C:\Users\Admin\Downloads\x86\NinjaRipper.exe

"C:\Users\Admin\Downloads\x86\NinjaRipper.exe"

C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe

C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5684 CREDAT:17410 /prefetch:2

C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe

C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5624 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,14743706896245153012,17175753060335082298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7376 /prefetch:8

C:\Users\Admin\Downloads\dxwebsetup.exe

"C:\Users\Admin\Downloads\dxwebsetup.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe

"C:\Users\Admin\Downloads\Roblox-2008-Client-master\Roblox.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5472 CREDAT:17410 /prefetch:2

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_24_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_25_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_26_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_27_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_28_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_29_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_0.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_30_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_1.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe xinput1_1_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_2.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe xinput1_2_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_3.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_31_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_4.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_32_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_00_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_5.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_6.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_33_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_33_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_7.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_34_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_34_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_8_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_8.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_35_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_35_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_9_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_9.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx9_36_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_36_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe X3DAudio1_2_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT2_10_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_10.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DX9_37_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_37_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe X3DAudio1_3_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_0_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_0.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_0_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_0.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DX9_38_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_38_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe X3DAudio1_4_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_1.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_1.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DX9_39_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_39_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_2.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_2.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe X3DAudio1_5_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_3.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_3.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DX9_40_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_40_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe X3DAudio1_6_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_4.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_4.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DX9_41_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_41_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DX9_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx11_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dcsx_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DCompiler_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_5.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_5.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe X3DAudio1_7_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_6.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DX9_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx10_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dx11_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe d3dcsx_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe D3DCompiler_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XACT3_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_7.dll

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe XAudio2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38e0855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 c4.kemono.su udp
NO 91.149.227.4:443 c4.kemono.su tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 4.227.149.91.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 c5.kemono.su udp
NO 91.149.227.5:443 c5.kemono.su tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 5.227.149.91.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 193.78.101.95.in-addr.arpa udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 c4.kemono.su udp
NO 91.149.227.4:443 c4.kemono.su tcp
US 8.8.8.8:53 c5.kemono.su udp
NO 91.149.227.5:443 c5.kemono.su tcp
GB 92.123.128.144:443 www.bing.com tcp
US 8.8.8.8:53 144.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 cgig.ru udp
EE 185.4.73.39:80 cgig.ru tcp
EE 185.4.73.39:80 cgig.ru tcp
EE 185.4.73.39:443 cgig.ru tcp
US 8.8.8.8:53 39.73.4.185.in-addr.arpa udp
EE 185.4.73.39:443 cgig.ru tcp
EE 185.4.73.39:443 cgig.ru tcp
EE 185.4.73.39:443 cgig.ru tcp
EE 185.4.73.39:443 cgig.ru tcp
EE 185.4.73.39:443 cgig.ru tcp
US 8.8.8.8:53 s.w.org udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
US 172.64.192.22:443 www.ezojs.com tcp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
GB 172.217.16.238:443 translate.google.com tcp
DE 52.222.190.45:443 cdn.amplitude.com tcp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 g.ezoic.net udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.19.215.37:443 cdn.otnolatrnup.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 172.64.193.4:443 go.ezodn.com tcp
US 172.64.193.4:443 go.ezodn.com tcp
US 172.64.193.4:443 go.ezodn.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
BE 64.233.184.155:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 8.8.8.8:53 otnolatrnup.com udp
US 8.8.8.8:53 translate.googleapis.com udp
US 100.20.30.202:443 api.amplitude.com tcp
GB 142.250.187.202:443 translate.googleapis.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 34.120.63.153:443 prebid.media.net tcp
DE 18.193.147.171:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 18.159.171.162:443 btlr.sharethrough.com tcp
DE 18.159.171.162:443 btlr.sharethrough.com tcp
DE 18.159.171.162:443 btlr.sharethrough.com tcp
DE 18.159.171.162:443 btlr.sharethrough.com tcp
DE 18.159.171.162:443 btlr.sharethrough.com tcp
BE 64.233.184.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 22.192.64.172.in-addr.arpa udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 45.190.222.52.in-addr.arpa udp
US 8.8.8.8:53 178.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
US 8.8.8.8:53 56.92.85.52.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 4.193.64.172.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 155.184.233.64.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 171.147.193.18.in-addr.arpa udp
US 8.8.8.8:53 162.171.159.18.in-addr.arpa udp
US 8.8.8.8:53 202.30.20.100.in-addr.arpa udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
IE 99.81.54.149:443 ad.crwdcntrl.net tcp
IE 108.128.158.24:443 ad.crwdcntrl.net tcp
DE 52.85.92.52:443 tags.crwdcntrl.net tcp
GB 172.217.16.238:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 149.54.81.99.in-addr.arpa udp
US 8.8.8.8:53 24.158.128.108.in-addr.arpa udp
US 8.8.8.8:53 52.92.85.52.in-addr.arpa udp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 ad34e15ac20d54138e23833c7e57be75.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
GB 216.58.204.65:443 ad34e15ac20d54138e23833c7e57be75.safeframe.googlesyndication.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
DE 54.192.210.17:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 id5-sync.com udp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
DE 162.19.138.116:443 id5-sync.com tcp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
US 34.120.135.53:443 oajs.openx.net udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 17.210.192.54.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
GB 216.58.212.193:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 23.37.0.27:443 contextual.media.net tcp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 23.37.0.235:443 ads.pubmatic.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 27.0.37.23.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 235.0.37.23.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 download2337.mediafire.com udp
US 199.91.155.78:443 download2337.mediafire.com tcp
US 199.91.155.78:443 download2337.mediafire.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.143:443 ag.gbc.criteo.com tcp
FR 185.235.86.152:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 78.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 143.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 152.86.235.185.in-addr.arpa udp
US 104.19.215.37:80 otnolatrnup.com tcp
US 104.19.215.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
DE 54.230.206.56:443 woreppercomming.com tcp
US 8.8.8.8:53 www.ovardu.com udp
US 104.21.96.72:443 www.ovardu.com tcp
US 8.8.8.8:53 56.206.230.54.in-addr.arpa udp
US 8.8.8.8:53 72.96.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.opera.com udp
DE 18.195.1.56:443 www.opera.com tcp
US 8.8.8.8:53 56.1.195.18.in-addr.arpa udp
GB 142.250.187.202:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 195.98.74.40.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.166:443 r.bing.com tcp
GB 92.123.128.166:443 r.bing.com tcp
GB 92.123.128.177:443 th.bing.com tcp
GB 92.123.128.177:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 166.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 177.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.10:443 codeload.github.com tcp
US 8.8.8.8:53 10.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.134.139:443 aefd.nelreports.net tcp
GB 88.221.134.139:443 aefd.nelreports.net tcp
GB 88.221.134.139:443 aefd.nelreports.net tcp
GB 88.221.134.139:443 aefd.nelreports.net udp
US 8.8.8.8:53 139.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
GB 92.123.128.134:443 www.bing.com tcp
GB 92.123.128.134:443 www.bing.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 134.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.177:443 th.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.133:443 r.bing.com tcp
GB 92.123.128.177:443 th.bing.com tcp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 96.17.178.185:443 aefd.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.37.1.217:443 www.microsoft.com tcp
GB 23.37.1.217:443 www.microsoft.com tcp
US 8.8.8.8:53 217.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 assets.onestore.ms udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 152.199.19.160:443 ajax.aspnetcdn.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
GB 104.84.71.30:443 assets.onestore.ms tcp
US 8.8.8.8:53 160.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 159.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 30.71.84.104.in-addr.arpa udp
GB 23.44.233.159:443 c.s-microsoft.com tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 177.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 download.microsoft.com udp
GB 2.18.109.111:443 download.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 13.107.246.64:443 acctcdnmsftuswe2.azureedge.net tcp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 146.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 111.109.18.2.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.23:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 20.189.173.23:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 download.microsoft.com udp
GB 2.18.109.111:80 download.microsoft.com tcp
GB 2.18.109.111:443 download.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aa6f46176fbc19ccf3e361dc1135ece0
SHA1 cb1f8c693b88331e9513b77efe47be9e43c43b12
SHA256 2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819
SHA512 5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

\??\pipe\LOCAL\crashpad_1332_WVBOKMRXXQYIZQOL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1af9fbc1d4655baf2df9e8948103d616
SHA1 c58d5c208d0d5aab5b6979b64102b0086799b0bf
SHA256 e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135
SHA512 714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7a9f4216a6f664a8bde34e388d43bbcc
SHA1 3f6dab4ddf4a317beee1d62092018d618bde1afd
SHA256 731620edf5bd7cc9b5207b36eb911f39d324a197e7976649f5d8f9886573db44
SHA512 27a1a832ca193a2acd87beba89f278d5aa305054217c3b5f7a02dc90df300d041da71dcfdb82a0c13423eb4d84bb5605f926e1f73c33525ddf21574ff2744c3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b1c441af05de9908201c45cdc3d46a19
SHA1 1646e321b7737be16e04876d101b44742bb278e6
SHA256 786d7806322af518e1a02504d9de337368512d4d8348e28351c387416f0bb6e3
SHA512 d5e657938e6e12ff9c20def40be5b923b4ab9e6335c99999b7aa40eaa6e56c52d1b27589c7232ca37d4c710ea3b503a43fd4facc95d4bbe3a4dbc67cd8ed6b01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dae59a89959c8ac6b7ce2f2920732d7e
SHA1 e8d1b5fdcc3e732f37406842bb4f2e1be4a4ac2f
SHA256 ddc6d4de755e9e6b1606930694818dbb683ce58134d6f55c823505d10e00e6e2
SHA512 e25933fa69bb85179bb8972357772a5b7667220fb4311d52006be7fd597d86ac5f193b9cdcdb184efbddb51357ef528fd2f3fa0ad0e31642b0d3d3e5a251718d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2630a504387025e65d1f7d52788b1fff
SHA1 818ff8898aad896fa99a408968fb48bace2bdb5a
SHA256 c05aa208057018cecdcae87571c4b6bd45f1bcce4c4997730b9e6d598ab6cf7b
SHA512 4ac9796e856645c92da76b6bf3a428c816185cb728a213142bfb9d9e4c32f39cf72878e1e837c18ef173c18d7772bf0ede4e181a6fde812f161f471746a5ada0

C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe

MD5 5bd69ca052b7ec312c61033b56409731
SHA1 3cc8d82f7c87fecad38138ff05f7d29f89ce0007
SHA256 72f1417cc924ece4134458aa03494a8dddd1c2ecda28af1d813db60ca10cb660
SHA512 5a33e66e776b9e1e7d14e4820b11f749528d4dba97646ba3a58576f99dd97c1b77e3b03cc4db10efc3c0b1c54f280538be6681911d9927498324f7d79d6ef445

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ad74592f17e52c83065ab1d77a9c32dd
SHA1 ce045f67e56da481a48ec68207b502cbcdf9676b
SHA256 c39b14842365b875b8f512f41bab8323df2bb63125633dd4ff2dff39f56d42dc
SHA512 30a3451ed7f110579ee4d82d1f9c16f3cc7fca60f9c3a3c2e4042deaee4119e1970dbe8e4fd4611f2bffaad7cd43fc5643decba43a60269bcef7e7ad4ee65ae4

C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe

MD5 7e52622312b4b1be3d09721c998dd748
SHA1 fed189a480cf21f54e518a8068d8610eadbde51e
SHA256 3a1e0649613f980e405661100eb1ca59205ed975df63f5f5b7b29dca0b8cfe4f
SHA512 d4f540df19604a07b7eee23823ec7b4650da7540aa27d8d26aeae3a8a06d152870ea12cd1ed96bff3e6372682abd4907b892b9c78edc8cb8d277bdd50ea77b8c

C:\Users\Admin\Downloads\NinjaRipper2016_setup.exe

MD5 03993034fa8878687793843d9670d4c2
SHA1 63aa5ba2e7a0c99c614a01cac637076ba73144c2
SHA256 0640d20f48613259c79cbc21e94b77ec3460f73d20f50ad20648a6e69e763c0b
SHA512 99e0c5460ef1c1a9110d50f6b2d134811f0c8c2d9db2690312c4ae51dd79a4fc2f08889c993def3f4176e8c115897f11953e23b7501631ea09aa41856ef971b4

C:\Users\Admin\AppData\Local\Temp\nszA5EC.tmp\LangDLL.dll

MD5 08de81a4584f5201086f57a7a93ed83b
SHA1 266a6ecc8fb7dca115e6915cd75e2595816841a8
SHA256 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
SHA512 b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

C:\Users\Admin\AppData\Local\Temp\nszA5EC.tmp\InstallOptions.dll

MD5 90bb49f3fd416f912a637526914bd044
SHA1 626051dd6c759a5b847664549736c37aba9ede5a
SHA256 1f8e8f336df6773d6b63bd5a7efbfc889d08888fec55da402eaf93cb950aa283
SHA512 5156923f51be2057f7003577b46732f6b0b0bb55402f49df3747085b9802b3a2492cd5f087ef988db5a69f241c10163ada0e649b149da8a198b7fc2cc83334e5

C:\Users\Admin\AppData\Local\Temp\nszA5EC.tmp\ioSpecial.ini

MD5 a0408d210a7a75e7ae67fbff44071aff
SHA1 a2a4fd378d06ac1462d89d090eb68e259a6b1c5f
SHA256 a31d0b8ddb4db150872165194220b032beecb29a7659d1758689b6cc88cdb558
SHA512 012721c3644b65957b2c480aa4f07bcfaa8892febfd81f58a8932b7eadaab16ec1373808cf87a0f57e8206966c5e070bbdb9cdd94fa0db8909a6881fb6f26525

C:\Users\Admin\AppData\Local\Temp\nszA5EC.tmp\System.dll

MD5 6e55a6e7c3fdbd244042eb15cb1ec739
SHA1 070ea80e2192abc42f358d47b276990b5fa285a9
SHA256 acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA512 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe

MD5 64c22a5c9aa1b0e706780973f6d6c488
SHA1 d1b21a904d75ad2d5595fb5a0cc44fd73efd32b0
SHA256 912b6707bb04ab79eb4e40484095c8a98a621cef29f92d8d8a2039cf79fb3696
SHA512 b6a015d3b19df328968aa1cada55421b12569645ba8fa69daafa1dd3147cbdbc7aa4b886023ef698635f513f27161b3d9d95ce18800ee242362eeafc395149d1

C:\Users\Admin\AppData\Local\Temp\nszA5EC.tmp\ioSpecial.ini

MD5 82a0d4a3f0b4fbaab0deb342ae02f41e
SHA1 7d574a83ea650d23440b32c97b256c4ae523c370
SHA256 ed005cb69415ef6a6a0a7a332d10ea2ba05ddcb3b5f04096a2e57fc4fe2d6aaa
SHA512 ed2d81ddffc152841370083b75bd40558a4cfe79318252ece08e10953f6024a1ab2f51fcb63f29b4ddf5d57346cabb894914c000a6e45d62c377b0d8cea7faa6

C:\Users\Admin\AppData\Local\Temp\nszA5EC.tmp\ioSpecial.ini

MD5 b4eff804180567f564e4088884583c30
SHA1 173bc7f1bfc2a21022778ad4b12af81829d4fe56
SHA256 34f145f97665fa582fafe692e8949418f3c32e56a1a996b4e4198ca77603204c
SHA512 0bec9e189c6e6cb1625c84341019b12acb48ca2822d9a48614c937e1038707bcd8758f64b3117139d352e873b586d04f189fa36d54363bf1fe6244b36b679eb8

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe

MD5 1ec466702dfafb866e84873facc7c821
SHA1 eef39a9b841b4b4a09301fa6eb278b48c6d31e95
SHA256 6cf4e1480fd18e84801b4054a72ea26130a8242bef060bce57a27a56d1fc2c8a
SHA512 0e283edb00f2589401aa6fe46813f4231b8f0738c3bdc7fa63e4bfe4169506d637f8b908976ae7703e6885a56a4106e9099ee201707026ff7df9fdd225c1b3c1

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\NinjaRipper2.exe

MD5 47b21e108e1ed879e72e025e4e260249
SHA1 b4efffdb80b58c3ac3f6cef9dbb3e957711b3849
SHA256 022600671205aa52658226eb68819f302ceee1941172aadd9fe26e08005d63b6
SHA512 12af2feadfe1768166be9b4462f8b32ab3c86cbc379d70858701d6fdd303b5fcba949dae3519bad7ea6ec156e3379c08c64364e3b1c19ac2ea51610ab809d904

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Network.dll

MD5 5d8982d204b556b91d24630230abb2b7
SHA1 3ad5e7b35060c7d587694388788873881b0eb3da
SHA256 9b92a1a1bcceb16e6f655888014504b966949f641ba1d062b2bc0c33254855cf
SHA512 f3a7908fca067d96aecbfc82c63e96fa44542acfdc449430f3c0b591b9c0520bb94145f660d724e49c160415d62745d130ef4fdc67a9527167996c6e28aefeac

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Gui.dll

MD5 35e30573ac1dc8381d449c0c805379b3
SHA1 91bbe5eef28e7a1e7d59ee26165c42bb45bb4e27
SHA256 144a3d0558ff0eaeb7cd2a9a7cda572cbf322127e2ebbed5cd7e5142f69b5c9c
SHA512 d22345815eaa1219145446db597bb0ab491b4097c656a6e071039bdcd44e2f541c03f8322fd31de074523dace4853f435450905dd3f6a508ac7cd59cde8e53eb

memory/5028-480-0x00007FF95D130000-0x00007FF95D67F000-memory.dmp

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Core.dll

MD5 e60180863f90c02bec768cbd130894b0
SHA1 0755f526ed7d3ae15283dee1a6d0f39766fd4cb1
SHA256 256985f80c7f03900514a2d787413cc61e28d91e33a8754fc68f738f2004eaaa
SHA512 6343272f8f2339fffda00b97df00f7a58040fa400edfa59e21ddd25ca9bb27d8b565d418f2cf6bf3a15a3f4c2cea050a33c269adbe66b9905499681ad00281ac

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Core.dll

MD5 077717afb0d203a15042bce4d40dac7f
SHA1 f2b82518511336863ac1854739df0b091ed42e6e
SHA256 c9caf42b5b046f718f458d4b80eb9f126e428532a9868566f6effa935b9dab8c
SHA512 a87942a20cb6eb5c6f15103b017a9f256755d700a258cdb5209d6aa34251e771c5727590f4eb2b734f33c0cfccdab82b02369dfb55354fe89ec917d1e9fc8045

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Gui.dll

MD5 0c72b3aa8c9445549984cbff1225d56b
SHA1 501ed7e9187bc367582387bdafc70ed065dc3ba0
SHA256 bc7b6805b5c78caa449cc83f16aa91d5a57b08cebb407b3729d757b23cd5f0fb
SHA512 17abecd7b4884dce140e5e95f57f0333e3e9328a2abd9bffc035fc76eb46ea922303e666b16333c8a9bcd05acf3c9e771c5a2a0f86a50856728b54c72cc21089

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Network.dll

MD5 09d20091f279d65332e44a77c0eb95cc
SHA1 efffb99f5822edcb43b8a5f63597c0ec8784fbc4
SHA256 34e9012127545428a1ad2253ef22de6b1d5c036f847e2479234eaf2ec3c4944f
SHA512 e38b6d1ad38b860d478c703f175aa914ccc3f6e84576d4cfa82a8e5367ce978fdb2b7b8ffe99cb67a626859ef957596b9682ebb45e07929c7876bc9c0fa43509

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Widgets.dll

MD5 7394ff4e01795f96b57421a931b779a5
SHA1 9c8e35e3b1151271f8ebfa21c567319ef9904397
SHA256 5797a639a13c82237cebdb1fd567730c69167ccd100e7466bfc495a40f20b992
SHA512 9b58950ce1f0fba61984664ebf3ef0c57547e4b29e824ae830f4b3b43b3135c1267f53e852863f755c17db0bd03a7d6b73d1ae15e5af924bb4f318cb62024923

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\Qt5Widgets.dll

MD5 1e07c5658fe00797b7581fb4491a5533
SHA1 e67d4b91c68042cb17944ebf576ba1dd4abe3862
SHA256 bcd01bc4cb4ba99631e2a4255278d845b9f5bf5ceaf5e75062e913c3f9409b78
SHA512 41a110e1304d36c61305d8cb1b6945051064fa4e61371b2dde536b521c5167e880a95270ceb67f0b60c2cd7a8ef53b72f27071582e7fff547ca23eb9597cc2cb

memory/5028-481-0x00007FF97CE10000-0x00007FF97CE12000-memory.dmp

memory/5028-483-0x00007FF673830000-0x00007FF674D26000-memory.dmp

memory/5028-482-0x00007FF673830000-0x00007FF674D26000-memory.dmp

C:\Program Files (x86)\Ninja Ripper 2.0.16\config\nrcommon.xml

MD5 d0f57050a1d3c09639996f50b6a0ebda
SHA1 b9e71ca2707806ac04a6b3b264c5aa5511c4577a
SHA256 f9bb61624dde0d6f68ccdd8dd1ba9fe4a88f4bb57b80287d72b314c5a9506516
SHA512 316994786fe83bafced806e6a4d247414f3c534e908140ebb77ba1ce8f433d83b816eb49253febf3994ae6fae77df518a4145098336afdcfc9fc37fd5c2e04b0

C:\Program Files (x86)\Ninja Ripper 2.0.16\themes\Dark.qss

MD5 e5248c77566861986af84575778006bc
SHA1 16e9c01623ca528a8e41c8b487cd3956230e99db
SHA256 85e52d4054ff5a2c282a18276a0b4efe3ebc3f1d70dc95145244b4199a264826
SHA512 85d4c198537b4231ebe0cdbe3ffbbb71e091f3b3245f9587ddb1890a5ce710a17288814d70c54580064cd90b37a2c7e3e7fff51babeca2a6ca85f0a1d380a68c

C:\Program Files (x86)\Ninja Ripper 2.0.16\config\process_inject.xml

MD5 2d8af340d27e02e3f2bca1142bdc2bda
SHA1 985151f95611267eddd5e08c538bacd0dccbf034
SHA256 112ea44a6effc201c95b533facd2532cd5f10fe5ff2382263ea5ec5544a77dd5
SHA512 c1790716d5eaf85765853806fbdd57b2671e4e29f3095ca13fe5056d6dc98cfd24aab0bfc2c756dfcae5d6fadd9beafffb1719c1bc55a687b80316bdad0c0396

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\platforms\qwindows.dll

MD5 4292628c40cc8c40931ee30221ec061f
SHA1 f546450736e18addb607dbeb09a9197043e92c51
SHA256 53b49f347379ccb99bb5a40bc8e7d5fb182b12019321664eb65b66c8cde582d7
SHA512 843f12e6a554399bfcdb2264f8566b802123c71fe2df76ffb66d3230697a485803f86f730fa278e85597ac615c0c4f802356c83c3920c9904f6da4bc1a3e2bb3

C:\Program Files (x86)\Ninja Ripper 2.0.16\bin64\platforms\qwindows.dll

MD5 2fb10f22f18edb6575b8d14b3c9997d7
SHA1 7f8564d85b65678d904a3cfbe6abdd6effb03f9e
SHA256 93b79dadedbbf95907c246563d91bb817394d89e1cfc537b5cf0561eb365b98e
SHA512 261e16031a0444e91bba127f08b4d6136ca54a5a3b940061b65ea172f12d1a4fbeee5c7c0beb6618ac4a0c60d34991f5167e66e6e611a642bacae5c2bd359439

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 35d4b64a50a01eb14b627955c1557ac5
SHA1 b1ba02eb772ebc10d1eae7ecd676c7a3c67fa3ba
SHA256 bfd38b50f5a3d6cf62bd8dbb6be1b28ea333a6203ab834c1278f79484919ad2f
SHA512 1cf89de1162018b73866bfd367bd2d5c58cfb7eb8eee65cbb33d45d5b3774f170ea13f4725c20445d4f45b298e46beb1cd3fbe1ee124ccfe55e128a6ca046a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c0af3a9049ced2a6177bf5650b2b3ef
SHA1 45389497d30b3ab1e0da6d1e355e942b86384dc9
SHA256 f32c752da3c4aed2b91d8b9b534af5592cf96eaefd135cc76c57c29a47d5eb90
SHA512 95f048fb63048131ae790f84d61173a331ae04fc8b30b654a0437097234faeebe78692c198e2004dabb6e9046d4f46eadca9c25418290dedd3f563309e3590df

memory/5028-516-0x00007FF673830000-0x00007FF674D26000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16cfa8d17b89373d6723840bf040883c
SHA1 4f764aae753eb18f7a67ae73c0ea17756e106f40
SHA256 223ca20cdb3c32514d212609e37722c279554ddeab652635e34cd1752d767a0b
SHA512 772464ae6f471f2641cfe7e9e59f23ea96e4caee3686074cb62182565628f4d1654b48e9005452f0c6898f7c04399f7611bb131da270b9942028c20898704fc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a35095b1de367a1358d0ed99cc5fa0c3
SHA1 bbccfe0f2c4e6083b811c03963878d41c7c4fc96
SHA256 30fb4b2d7edd07444b570d26176a683a49cedb6d007b14052790381d77a8aa55
SHA512 a5645924407ec868ee494147fbe737f580148cc7cdd54b12d83062179e279f37a8b589e10483569359340dd743cab2480feeee98487aecbc8ba88fcdf6ac096f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b18411255d32352b537146d59ad3ab47
SHA1 70910b4ecce3a604ccd758696dc452d3edda0b63
SHA256 fb477342be9f8d45a073088e1df9412f7991939f7188f30ab5c45b98fba42c06
SHA512 ddee14c5d4c22a5e01d294f2e76411dc8305d8f82a2e5f01fdb2da85d225bb6ad67d52ce3228f5d6b507a27562c4e1d889f280769e1879682c2fd735d51b4b71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b04cf.TMP

MD5 7c4e927dc98ecc133de93f1346f26f7a
SHA1 937e45f4103f19b5107b35f383e92fd0cd9d976b
SHA256 bf8a2dad99e96051a9f00d303eec7d73b03c9e6e5716c2d9e260f1bbc861ba9a
SHA512 bb8450b2346efcb111b9a57e4a1c3bb0c60b601d48df4a571e0480187f3191f7a7262b0ff49a4d611cd6857402f068841d92af50dedfe24d01b696ed72cc612c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e9904b73bcd301686013f43c5ab4413
SHA1 0366e68e890efe021effc211219eda187e190c5f
SHA256 5b10882f082c817beafd28b6a7782927691b1bec85ffe458b2f46d9f0ce403aa
SHA512 e3bfacf9a0c2a13f78abc688632d3e31c7de3725ff5d9bfad4f6feda8d4f2c7448ec42a6db06c988a5171a4c0f22937dc8fd734975882f985b1723ab1bf62445

C:\Users\Admin\Downloads\ninjaripper1.7.1_with_new_script.7z

MD5 cc454eb1fdcc4776afdd344ac45a524b
SHA1 8fc424b2addb5cd6b26772ddb6837dc2b1f09976
SHA256 19fb1f20d4f435a35056380bb07f3736467b1f30a0c727fb9c6a754897782d55
SHA512 ad54dde73675cfad09b4ab787386170637783870077fadef89c4f768975e888e3dbe042698cb7ea055b69c5a86d89893c72dae2ebdebd0de4f664b1b6e2baf3e

C:\Users\Admin\AppData\Local\Temp\7zOCDE6B00B\ripdump.exe

MD5 8d609911365949348777f5db224ebd75
SHA1 78a047d2dc6980c0c453c404f13fa13756a1123e
SHA256 1e6c5b07d3903ad9e1a715b4585e4d7dd1ab3995652fddea6f01ef4413f032af
SHA512 bebb763fba396eb2a68434551ef8ff83e9f4fd47ea4cb84662e895f4342b841353a4ee918accd1bc95ad5420255e0fd0716844d9eaf84cfd22090215b2f43a20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 796c652e8da0f5d6fc02856e4ec61cc9
SHA1 a24665d96e396dfe00ef917cbdd05b95f557d99f
SHA256 b1492a30696f8ef4f853db10bb81eb6e305d86421cdadd437aae090f905ce26e
SHA512 078e20340cebf2f426f3b61ae204888e41199ddce07e3b3824043edf19fc7579c315b4d8f79c8a26e27ea4a197c8b60066c3e1b20f13cc4ac5424aaa85c6ee17

C:\Users\Admin\AppData\Local\Temp\7zOCDEDAAAB\NinjaRipper.exe

MD5 d8d424a642fe52e5159aa52d34769cc0
SHA1 684302fb7e6406da5671448fe826293023408281
SHA256 8962947853edbc15e41f85d9e7468355a345f26e9ac9b70744f652b5beb85ed1
SHA512 5c261b5cbc2b8c9899058fba72a4939d3e889678b2cb8d366425d5b25ecfbb7da5d223f6bcf934cbd5c263242352d5700e231a4dd576ff71ae19e4e0f75d7e43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5f9160e59c66c059d1288da35090902f
SHA1 006eaf70d9262423c8c9b7f011d7d8ad7c46425f
SHA256 0d920d81cd689289931e01e3e0451077abc326e546238a041ec9423b1a3dd502
SHA512 f2db023afad3294ec9507e6490cbbb25321eec4dd9c991033c4f76ef0a86df48fd6fb10cf8719ddfcdddbce78044998b4cf79400fe1232096f0ef09dcf30e532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f43ab48097df0c0dcce30dff8bc949a8
SHA1 f8e78747c82369553d869ca50f567083402f1fb3
SHA256 3ca5361b64e54e38da39c837adf479dba93a669800e919b8c30c8653ac4c29ba
SHA512 e79cefc53a28b07f764e4e43456e30b19335a4b1307c98e5c485016d3335cafc9bbe3bd201c11ea049272f7a014563603c45e69e5e1efcd60bcd96a70316c1d5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 f11ea88996343792763ca879be59da5a
SHA1 b83d41c5d1cf5d4d0f6f12c420871dbd7a7b2909
SHA256 60e4d15c3c8833b2733dedccfdf2eb38025be0078c3ee4bf2d439aa166362548
SHA512 bd330b3d4d8009ea02c1846a4cd9de78e49fd0cf888819edffc40f1e2eba903f8441055c1abbf29ffd066417cb53956074ec350c2d1cd550f097446f1d45f24a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 f68632aa5d3e98a58fe9fada5211febc
SHA1 bf6b5102f254b26754670167850ff6ce768aef2c
SHA256 ba68cab83b62503de3be4f947927c29b3028278d72f76bacfc9167b19686e784
SHA512 3eec0d228b76c6307e31be975a2d0e013c3ab145ed8a95ad20d99fa7f9498fc30bfccc3107fb80849d828b6bc6c539d606e897fda030be459859d627eb9e43c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 63d760a71457110ad218a74b213bb572
SHA1 9df81a00c714c657ebb39db2a769ac263ebf1737
SHA256 86104d63c1412e6bc3f7a86cf5f88dba7d10e231ef81cf7e184494c5d9d332fc
SHA512 dec2f98139954dfffa5807a166a172eabe11bb00c0fab2a73b95ff1a5b1576c13c717cd88ac377c221b2ef5ef8ea5dcf144755e14bbaf7bb6323f678644095f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e66eec48e77e296a0d19467152f770da
SHA1 8cd7424ddf950b6e382c7108aae24e202466b427
SHA256 aa834f6a131c50440b3a06d6ef44f25a47b241fe275f97ea66eb8594d8904cf5
SHA512 039649c136790da146edb7bd361e52a7c9951105102ee1854397cae80111f596e6d0cc79ed20da0bfaf035e51507e3934836cf05e87534fda78068add5e37d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9c986c2e0f4e02bc122e308914624c13
SHA1 d0b662e6e8e69818efffc96b975d3364ecb89d46
SHA256 6e25c59453e2ff188cf2f8e339af89d8a8677a245c16e2ada0ad73ca51ba72a4
SHA512 d41b8f4613fa63548cf915be75ed12484cc1ef7870477fca657bb834256e241c9a7fb5d33396bc2bb03331eb140a912acb04093e66c561c04d582e5130af18d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 025b9f1b64a7ab1307bce8cd347a7518
SHA1 4ef5891693104cbbcd6cfef6f256b688c5f2a86a
SHA256 66670be949ce855dede8c87ce0e6317f0359798137a4a97b95fec3cd83894b8d
SHA512 54f8b16faf7e26c721db47a74ce01d3005d09762fa0b06e2a927911090e7a737647829dbd54f42effe692ec6b4c85a25ac348078d071e1e618945598963ea6c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9ec47d3de1ad2606823f04f15e16650c
SHA1 3d690f82f485ea54f781413273f29f809b9d52cb
SHA256 90eb812d49c48adf972f1ed8b53314918eac5007f416413bb24b9188b830140f
SHA512 2898b57e9ddc2670184bbcb1c3d7210c82a644d4073d4a3b3de1426a55bfdc86adfbe9022731270858d86a65d3f4239580a23a0e81c471984dbf19bf0a2fc44d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 566dfd5a3dad94184136dee37273bff9
SHA1 1168daab023f35b1ac993e78510b672d9e4eaa17
SHA256 7e07995d3f477d122471122f5c8f682937c5027fd56f77d030aa5a86f317879e
SHA512 5e2e8b0844c279ee4fbbaeffe6dc026dd746cd4124f227215c2cd3df4e3d4706b71501964a353951c48ba1f33cffcb3855b292795bd4d62b9823dbc782dcd2f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0979447eaf97c9f8b182167355f8747
SHA1 a559b9e4c4f1726c4360574f8afa74d0c521d86d
SHA256 e2c60d4b6264b3c313656fb92cf42baa9327949fe0b99372014a8fd70eb35106
SHA512 ad98236dbe85d76df14ed4d78eb07542130f8469f4bebe0870fa66167da6fc3c427c8a69353261e54bb843c06d12110cfe2978b3f01823e122bf3d65fd1bdb23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

MD5 576c0c0e7e839e204685fc8f72e79bbc
SHA1 d75d7f26f269834aa201f373f90a058cf13220f1
SHA256 3d2f4b4ff61d29d90e733e97186280b947d6c5dc02aae40d56be4ad40c70645a
SHA512 2ad648a396edd73df88c275cf068dc7ab900e9dc47cd6842fe3c2d3a227a20cee11e27d38e3bb1041c7fd7c532567c626ac52e2fed9ea33da0b951eefba58861

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1568a6558f87c8206437cf3096ab47e
SHA1 1474f2c3b4cd4d12156f1d7730ffb8378a8ad6e2
SHA256 cf63e924418357fc2c2e619da24933dd9dc0222a94eeb1c3b427538bd42b1bf4
SHA512 9992e9fef27bf7b465ec1e1572eb9ed039fb8a2faf7f773dd6e1b6d5891051f2215875ba5460851f0185a09c98c5c2b024f41ed9110a4c779de76163d5b40d92

memory/5284-2140-0x0000000010000000-0x00000000101A6000-memory.dmp

memory/5284-2141-0x0000000000F20000-0x00000000013E3000-memory.dmp

memory/5284-2143-0x0000000002F40000-0x0000000002F41000-memory.dmp

C:\Windows\INF\c_volume.PNF

MD5 8b0c8f54383cef8ac91d3c21663b21fc
SHA1 0bc698df786a3396c58ecca34207a4c81985af10
SHA256 41cef722ddac2159237cc6c4adc318e75d5b1159373d616e9bdd35f807d2280e
SHA512 80a87ef617b5fb2e8ff1cc63b45d2f7f8a368da382bb9bf6d5863f83748f3ea1ade79c6ac7a0de8203d1d43eef01a603bfbc9d47a0d3b9fa56bd71b235c6c8b0

memory/5284-2158-0x0000000004C70000-0x0000000004C71000-memory.dmp

memory/5284-2170-0x0000000010000000-0x00000000101A6000-memory.dmp

memory/5284-2178-0x0000000006EA0000-0x0000000006FCB000-memory.dmp

memory/5520-2197-0x00000000010C0000-0x0000000001583000-memory.dmp

memory/5520-2198-0x0000000010000000-0x00000000101A6000-memory.dmp

memory/5520-2200-0x0000000004B50000-0x0000000004B51000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\~DF7ADD81B5C861D337.TMP

MD5 0fbc924ed39953271e4089f2941a6daf
SHA1 a70cea15cb3f0cbdfef703fcafccffcec8caa439
SHA256 6503f4c6430b9f1c6fb890b473dc499b421a98fcd5519f7b5af1d089064402cf
SHA512 add65e0021ae5593c2fc4fa7726a44903d08c664c6ccb2d844a88fd0d052db2df5a003db33408af6258958d17e381b327a737cffd32b28e275aeb417a889fe04

memory/5520-2216-0x0000000006CB0000-0x0000000006DDB000-memory.dmp

memory/5520-2218-0x0000000003420000-0x0000000003421000-memory.dmp

memory/5520-2219-0x0000000010000000-0x00000000101A6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 bbc7e5859c0d0757b3b1b15e1b11929d
SHA1 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512 f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7e0e4b547a145c2923d0303c7501dc61
SHA1 4cb3d6b33261d612e3a0a4bf0ee5792a7009221f
SHA256 4add155d4b7f83ea28b7e99b39205a6cd96cb2f994a67ac2b5e15ad1af500262
SHA512 9702818265362cb6c42788bd224d4236fb70115f1a2671a972a286d054ea54dc3a185f6a9c4f11a6e4e4654779f7b92fed5bad9d4fcb213e17a8f3a558305f80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dab25103f42098c2ae7e8c7eca9dc239
SHA1 bc363a0beca694c99c131b91a9d232571ea137fa
SHA256 74cfee3e4538818bf67a1a5c410acf020a4708b28e84eeb10aeadb37689ac943
SHA512 8755ef2a1a272c16f45fabbdad9bf7899b255ec0fa024305df0e43662db34495107935e9abcdf6572a4e54b17d385f31bec52cbd6979cac44ee28ff20d9447d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 2cbd6ad183914a0c554f0739069e77d7
SHA1 7bf35f2afca666078db35ca95130beb2e3782212
SHA256 2cf71d098c608c56e07f4655855a886c3102553f648df88458df616b26fd612f
SHA512 ff1af2d2a883865f2412dddcd68006d1907a719fe833319c833f897c93ee750bac494c0991170dc1cf726b3f0406707daa361d06568cd610eeb4ed1d9c0fbb10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58ee054503615b14cfb1d1c2fbaab795
SHA1 dc0b224db28476478cd3e384bfb8674fac714667
SHA256 9dc764a12e41a38f6e41cec173c748f498fa43e72c14f9159bf0237b7db37ac2
SHA512 ae6c40b604d6d45073ed2d7483cfc1d8b6361bd839c0b1e07440f89f8ef3b0a12577f93959f6c56d9508b1bcec291ec94a0db79d75933b14bde01f178c17c673

C:\Windows\SysWOW64\directx\websetup\dsetup32.dll

MD5 a5412a144f63d639b47fcc1ba68cb029
SHA1 81bd5f1c99b22c0266f3f59959dfb4ea023be47e
SHA256 8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6
SHA512 2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

C:\Windows\SysWOW64\directx\websetup\dsetup.dll

MD5 984cad22fa542a08c5d22941b888d8dc
SHA1 3e3522e7f3af329f2235b0f0850d664d5377b3cd
SHA256 57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308
SHA512 8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 375fe194334a2cb01a755304928a8cbd
SHA1 6a470f1ecc758cfa96fa83981fe7d0b1b6a7c88a
SHA256 f054248891c1de8e388767c882cc341fb2373f1e97a5a2a04a0e00df896737f9
SHA512 aae3be497d6849f5c872f93dab48e316d605f4e2255399aef4b72a9acc28bb5b320b83a07cb0a387750f708310969bc67053de385b68e767ac0ad9c94a9b7ecb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d660dbb1917907b2aff512a6d85f9190
SHA1 00ea974bdd40f9c9f78d1a66f0b70f45215afa1a
SHA256 fc085d503da80f8b644db93b073914c91d0f9b6012f7613c8e91121fcc577a4d
SHA512 1f3a09d3a7e8990221fd55f5c6da25e01596a2cd5e2ae527a3a88e71a7899732b30787c955482d3e1de3d6ad51d31f82b5c7196b4240785c8e56752a2d5b3ba9

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 d6f81567baaf05b557d9bc6c348cb5f1
SHA1 0c840165fcd34d996c85b6b44b00c7206bf772b6
SHA256 e60413bec64775bf1933ef4f9673c8bcfbe0ce71e950fd589bbd14c0f9a00359
SHA512 09b84cc9199592821d7de38cbe24332097b276bb25b6d09f7dcdc3a6b17369ee944a6f8120f13ea6a5c15eb759a90d7ce29cc845a5c0680ff2fa53e2623171e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 efd3aa31ce3dc62e9882268e724619f5
SHA1 ab8b4781ed87594ae9227753ef962a8230ad7131
SHA256 dc0f1098d8af8e535655fbc28d372490f4ee191897ce1dfa599bf9eb5f1d5ed7
SHA512 2e27fb564ee360f118274a73503b50701b29f692c579a0e8b79f8c6b3cf953c518a46dee72ddb9cab7498591bda8c29e233828b1bb6880f59c1e86a720758959

C:\Windows\SysWOW64\directx\websetup\dxupdate.cab

MD5 4afd7f5c0574a0efd163740ecb142011
SHA1 3ebca5343804fe94d50026da91647442da084302
SHA256 6e39b3fdb6722ea8aa0dc8f46ae0d8bd6496dd0f5f56bac618a0a7dd22d6cfb2
SHA512 6f974acec7d6c1b6a423b28810b0840e77a9f9c1f9632c5cba875bd895e076c7e03112285635cf633c2fa9a4d4e2f4a57437ae8df88a7882184ff6685ee15f3f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

MD5 2c4d9e4773084f33092ced15678a2c46
SHA1 bad603d543470157effd4876a684b9cfd5075524
SHA256 ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a
SHA512 d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.cif

MD5 b36d3f105d18e55534ad605cbf061a92
SHA1 788ef2de1dea6c8fe1d23a2e1007542f7321ed79
SHA256 c6c5e877e92d387e977c135765075b7610df2500e21c16e106a225216e6442ae
SHA512 35ae00da025fd578205337a018b35176095a876cd3c3cf67a3e8a8e69cd750a4ccc34ce240f11fae3418e5e93caf5082c987f0c63f9d953ed7cb8d9271e03b62

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 cec960807fa5bec11ad4a31c3512da4d
SHA1 a3ac60a3518747d3bbead5edfd17e155cf7ce9f7
SHA256 f960075a7b1c2590e18700f3230f7baea9aced3e6ba5dc93dac193027b5cec48
SHA512 2da2d935f9b96bd36536f3a7a494775c8ed9bfef6538ffe66307b73cd5c82210fc43bbe6706d74d99dd5b924fb78a0d1beceee8c0e22d91e17b1346dd85690ec

C:\Windows\Logs\DirectX.log

MD5 abdcdbf1b4b703a2a365363d314ea7c0
SHA1 3cbd04025016fde6146f1a8edb68a024711bff41
SHA256 13f90c7164094de1e8b49c9888a981d45bee07127baf88d1e2c615fa6ce0a3ba
SHA512 9a1e9b35bb8905f543ca55cd9a3cf3ed134dc1c32a360161f062408207d4f819b39b2da6ba785cf0a739cfa774053c66a744cea11a21db51b0daf6e5332a89f6

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9JAOIJQMGEX5BEF6DHNZ.temp

MD5 71830ced0dfbe8dcde3da4c1f2d5dff5
SHA1 bfaf262987be1f89f7e1dd5ce36d52688a29b356
SHA256 042ec471032b4b3f42d41b49a5b5c8972145b810fa6d5d0b0a8568dc9aeeb45a
SHA512 9dba5caf64b99d627db15472596471bd6a223d0dff6af982c89955f56e496e348914fe7d3c5d24d12a1a44e1d1162cc7844fe73396edb2e6cea37086922e558d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll

MD5 7ed554b08e5b69578f9de012822c39c9
SHA1 036d04513e134786b4758def5aff83d19bf50c6e
SHA256 fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2
SHA512 7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 135f36c496de6829050cc982ad175858
SHA1 8ff30ef9fe31963f07fa256d83ee13252238da18
SHA256 c9ebd0c038382084726724ee5203e547bb79c34a99e95bb4e1e9b4bfd8def35d
SHA512 357d286aff5b36796ef3f22148e334ae48cf473541954c8b25730ec8853a839b82419876bb53b2bb6455aab8b270bb83153bd4f8689fa9f89d865d7697f6b085

C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x86.cab

MD5 e207fb904e641246f3f7234db74121fc
SHA1 1be8c50c074699bdd9184714e9022b7a2f8bf928
SHA256 3fdf63211b0dd38069a9c1df74d7bc42742de003cef72ad1486aaa92d74546fa
SHA512 ed95d53bc351c98c0322753265b0a21c98df97d0e2fbbc58a6836bff374b7540b0cea21371cd4a7ead654210a42e1f9809cac6e4eae2ecf0ef2b88e220dc37f7

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 8edbf083b200f13b4e48010cf3c42332
SHA1 7902f5760e9771ff1d4026ff75778f436f749b0d
SHA256 9732f05584afcea70b945009299835b7e0fa05aae20d956c710ee127d1e607ff
SHA512 0fc08168a63228641e4d65b1e75c90d9ff8bbe16475140530ccd2f63c11a2c51c660d4a7bd1fb347d8467600460ff156a18716399013a268280f9a9e0363ca7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3af6781b39ef934c5aff0e3f562709e2
SHA1 fd13068ec965a82550b3b02b1fd45dbfaca5e04c
SHA256 bc3cf6c32d05423ba9904c626e9dcad7b9611fec2706a9958545743747ce4ade
SHA512 ee9fe22493fe58b2773dd243874d35559d2eb8cf23191bde0ebdc364e6c85b9c5f9a773c0ef1e03a0eed4c1e4f673e140dbc27157fd648b2a28d2f6dad005b24

C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x64.cab

MD5 b0669f7d395078bee0087b089f0b45c5
SHA1 30506fc3dce9532ef0a8cb3973347ec9c3c9875f
SHA256 e63a67783ef7624559f95ab697bf8afbdab7ace31200283ef840e6b94aa16e5a
SHA512 d7efcfd85b3cb6cb9b1936b701a9d7d91a6094aa08d8c933edf8493c6ad57be05a579980a404b35e9721f71b45f4cae28399fca3ff5df20a9a3138b90f86b94c

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 a2f81d61adb271cf23e42c94e7aad855
SHA1 c5565b10b6292a73905902caf2d6b4e1e2f77569
SHA256 97d97b1c7f27857c71ad255d8127d6aee07ac9d9ff89cf26122d2b67725245dd
SHA512 017d88238780208ad5b449dd33410fcf00786e9c36190cbdb411f2859937dadb7739071a3f5a11787a18a20076f43bdc407586f39714ba902c6fb438e22fa811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0040e12e0f4142c6f4a6ff9d6728ac80
SHA1 e892881c7065ceb1f6da1fcb504f5434e4b3d78c
SHA256 370303e3a54ab204f7e1c6c29b743640c4152daf857253e2a4953feca6e2c294
SHA512 93091fa7fe7a75afebde801d06472498adb8c06c531ee16e03d34ba7475eb3b276f66f0a9d792272555f982d510bf741cb9ed5926252352db098cdeee27d0ea5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a868ddf7edf65eef72b4431df2a4ff3d
SHA1 32a920721ef3dd0fb397d6c67680d7ccee9176ce
SHA256 cc8a5f9e714725829864fad429dfcfdd276f1a00ef52cb0c9024bdecf0a49acf
SHA512 b8b97493adc569c4d283c7e03480c7f275157c5f5431e0230e141b2f4c3e787a6d81f645074b582293a13a994f7424ffca76a3cd9d139c78aec26a166f8f8a19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69ec2ffc4b6c615f7790c2a345059b33
SHA1 8959a2f1448f6863ffaab7e19836b20eea5ddf21
SHA256 c2ca63ce7453b43de8c6665973ea5ca89094f55bfb1c48593adbd7f9fc88ab0a
SHA512 3273f5b5aef8a5cb50eb58bd10c8c2f8bd8de618e7e174680a02a186e924b8f57dc910e0b7bb7bfc4c701f9173768527479bbda40fdb335717bfff15c2d093ee

C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x86.cab

MD5 16b968ca0c435ee45e77a84c2d0364a9
SHA1 90b17a60a34f6335787a6b2d489cbcd3a4ea98c8
SHA256 6dd7c0abe37d3df7aa6db7bb352260f4a15dc965ff9d30aa32fe9595c1a18300
SHA512 3bbbfdf8b5673641ec066c3fb52e6b0d5ce0bc6ed6bff17ab4ac3fa69a8628b09e5ec8322fc39d2a206974b54d297caaff9410197e26d090fe74f963cd535045

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 84e7f66b5ed338ed3eaeca26cd1e6660
SHA1 f682429a9c2061bf8615744c0ceb69ccd15c4c6d
SHA256 2cc62335a6f4c282413540cee8933bf2ddc862a320901031a5f380848540c794
SHA512 ed9f91ed7cc5e99efeaf087cc1dd07475af6ada26fc03b8ea49bcdcdca09ebc3ec97cbddd5b4eba42274de4506d8d6682ddf2550ff06cb74acf5e1d2131b91a4

C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x64.cab

MD5 a9d582e44e46e36f37edb7cbc761179d
SHA1 ed1bef64385e94ce89afa704d38408e23b31fa79
SHA256 c26633d38e0a91b9be70382e916a83d50e219609f7e05cfb2d27dfafbe480b43
SHA512 20011bfb547dedce8e6fceda22c3a3a83db140e8a20844f3b0e8741b4474c1fea73d84708b801e83eae3cd2d8a2d6c851c3f7cd0154c0382a78bc2c2df6b01e5

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x86.cab

MD5 75c33157d8a1b123d01b2eac91573c98
SHA1 e3e65896ce0520413979c0143c3aa9bd3a6a27d3
SHA256 02daa8b5ac3752f76c3bfd9a505ebf22b1b4b41e44eb92ce2799033b2330d186
SHA512 f0f1f1dea5938e1c7ff2adf7c8d421c2e68e6d3a8cdf18d0f2f3fe1c6837a4f37b367d2d974c35832d1d85a619948dd0f250c7d6dc4ae39f618f5a2893eac7dd

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 3109026ab67d6498a40ee6b9476e3dbd
SHA1 c3001686c01c5f3faa0217496a281e958507d7ec
SHA256 f3b914fc3e918ae6f11f166cc1b4f9612d92d4dfc92603e617204b0a7feafc63
SHA512 faa693d6c1a92e3eb7f19b93b1a06d36aa6128a5001cb79cc961bd624751bd6d079b17a7f9ed3e2083a95f6af265e140e182221c5c70ae08ebc0fd1c736a2671

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x64.cab

MD5 681407075e9b19e5ef2218832f6fad71
SHA1 e4f4d292a36cd9a3034007ef9d2005694307eb52
SHA256 f9bd5bb083bd55d1d2a690bc66d6d9da0b1a8b49f09e811e788c030669121118
SHA512 e983e7dd3f40510816ff3ae836600a186dba827b484b0c346c20e43e229189a86d4cb5cf219c1fc35b77ab0668866446f6e9206b279931c927d4ed66ad3625f1

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 0f0030a1de7a8f8363f090938f1efc48
SHA1 d3f37f3c419e8705a96d3d37dde643d92a46cb3f
SHA256 9190532c4c161017909da814751fe14ba1b750529c055e8db2d5630554c0e596
SHA512 0a1ae601f55578447773ea440f6622ca04d4d9ca1eb4a244bc6cd379e21cefb8f407fb851a770c1afc043ab63e36f06a6c427db6da71036a8e163e2df399a807

C:\Windows\SysWOW64\directx\websetup\Apr2007_xinput_x86.cab

MD5 b362ec93463d8b6381a864d35d38c512
SHA1 7ce47ebceda117d8b9748b5b2d3a6ae99fc239df
SHA256 b6c1166c57d91afeeeaa745238d0d6465ff2084f0606fd29faf1bfa9e008a6c5
SHA512 cc57733912e2a296a11cd078372c3b43f1256a93ec5becd0d1b520eb210fce60938aa1caa6dbbca03292a05495b5ecd212ee5f77e3ebabb11ef31f1975b2d09e

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 7a9625b0e33a333bff78111d87f3551c
SHA1 72b5e84cdf1ca79273c534d131678faabcae92b1
SHA256 54105c40e60d076517bc71a5594ce0adb7ad155c3eb9ea4baef272c3daf414fa
SHA512 8b1e1f261bd82c611fff8d543a5a913fe7b6e5d70d1b5ee36a6ba868e432ea4fbd20cf8fd5bf5d86e9876fcc16cd684fe2e082db8dcf8f17709e865a32f05fdb

C:\Windows\SysWOW64\directx\websetup\Apr2007_xinput_x64.cab

MD5 fae84e0773a74f367124c6d871516b7b
SHA1 caf8b9d7d4af965bf445d052d1e835b680d6bbc3
SHA256 86ee073c199b5080fe4f5be6ac24bb1117fea42e4bbcd828b4f0ec26c669b22c
SHA512 caf1381cae7417b57faef56d0023bf90c90406748f8813ab85c687ddb81e2498d2f1d5f4bc154903fd5a19836e6f245cd6f5d3927a383f1acc3bcc41b58fd09b

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 57fb131645b8289383e2e621f4c28104
SHA1 71abb1cc810974e75ff084595e16f46bd88da653
SHA256 39b61c1336e7bb95487dccaad47d33cff953589c17f51496a95342fcb17f148e
SHA512 0178f994bce78ef5adbcea90c994a6c7d99813e256f3f86e9559e306f3b795f6f506bd4b78a13a117b4afed36c4b6889b36ffc3c09fab69f94aa0f2404593390

C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x86.cab

MD5 7029866ba46ec477449510beee74f473
SHA1 d2f2c21eab1c277c930a0d2839903ecc55a9b3e8
SHA256 3d4e48874bddcd739cf79bf2b3fd195d7c3e861f738dc2eab19f347545f83068
SHA512 b8d709775c8d7ca246d0e52ff33017ee9a718b6c97c008181cd0c43db7e60023d30d2f99a4930eba124af2f80452cbf27836d5b87e2968fb0f594eca1ebf78dd

C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x86.cab

MD5 9c5dca423d9d68349d290df291ddbeef
SHA1 d9f1cae586470ea309ce9f115525b0504fffaea4
SHA256 5487ed4e969a822e5c481cefb1d4da3066b1d5ec8c55798b246915ecb58a8665
SHA512 9f50599321f45fb7451b0a1c0f1dcbd6b4a4e60ee27b0ef5aa29168c1bce5b08f34329916ea2ea655cd632d0a19c81953c2a5f1277f6a96fb63afc098236509d

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 18b6813f1219a60d1964765f8f74d5ea
SHA1 2b42ab30711bade49e5e6dc1bcf0ba5912484add
SHA256 7c079edb82fb33dbb50e014099db55afb1f338a31b5ee39ac5bc77297195daae
SHA512 46752cb9512a6eeb4a70e1f03f8bb1ad52d9cdae9f1f5a440bbdbcf11de84851390e5634a59bb75463dd7a25fd3ba181c30fb7dc27b087ed1f7c2e5fa4976109

C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x86.cab

MD5 029359ebca4ba5945282e0c021b26102
SHA1 6107919f51e1b952ca600f832a6f86cbbed064b5
SHA256 c44eabf5be3b87cd845950670c27f6a1e5d92b7758ba7c39c7849b1ee1c649c0
SHA512 fa007f257f5267119b247ec4ed368e51fd73e6aea3097e2fc4e78078c063af34d161fd1bdcaf3097bb575d2614dba226a624d060009ee4f7beda697efcf42bb7

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 4e4d61433c4a9738d0eba44631c0fe45
SHA1 ae7b7b6b8d0fd4be884cf4c3d0c6a734c6700042
SHA256 95717606d873b60d96be315921e2dc8e0d33d7e520e544cb68ccfa9d01b77afd
SHA512 dfd088f2cab087e1c8e3bd7c5fd41e98a9ed22c89d7d690c0ea1f65444cd5dda6c8337299afeb1b0ea691a52e1f269a6a023a86c7a7f7d76145b12ea3d1c8a7f

C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x86.cab

MD5 3e91448a7481a78318dce123790ee31a
SHA1 ae5fe894790624bad3e59234577e5cb009196fdf
SHA256 8c062b22dc2814d4f426827b4bf8cfd95989fd986fb3aaa23438a485ee748d6d
SHA512 f8318bd7ca4271fc328d19428e4688da898b6d7fb56cc185ad661d4a18c8169392c63515d7dd2d0b65cbd1f23892d7a0a5d3d77a4cda6230ba03b3b917e5c39a

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 d55dd0f19164f6590f3c2b2175ea076e
SHA1 e847a31ff947ab2011587b32bd10e159feb66fa4
SHA256 ebf31697329a1e22e6ab4cc3c97d140fa76366072c518477425779a9288df983
SHA512 7cffd63923efc25684d22292019390a2110149f377d02d2a1928d834c023f5f970bd6fba34b5e1c55d09a82cfa2491cd4f740d7fa65c90fec7c087ad84c241ee

C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x86.cab

MD5 b1ccaaff46fe022439f7de5eb9ec226f
SHA1 8bb7225df13e6b449d318e2649aeb45a5f24daf7
SHA256 645f8d90b07c69330a8c7c8912d70538411c9a6b2813048da8ad3c3119487f93
SHA512 2b59c07584d45705273a975a0223e4443db190675558ab89d92e1572de4843be3d0d1267818b19185e4e438a8bcfa2af5fb5ef2a119da270be4540576fd78c77

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 6a0ffec5520dd9526d53fb206e92a225
SHA1 3935892003d2c3f6e87c24309515d1668e07dda0
SHA256 13f74a30aba7102226de97797839832b44d9987ce7d23c2c711903a5709b25d4
SHA512 63267ddca50a97491d91cdced635dbbdcbb335cd92c831e32c3e1710c71ef8558d332da0496276c2630ce5f4d840f7eec99788a433a768ab543a6c0affa0d6fc

C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x86.cab

MD5 f6cc1c08d0f569b5f59108d39ce3508b
SHA1 e9cf7edc8c9c4b57a9badd8386a2117ec5785aab
SHA256 4114e76799af3da9db3dae51305dad70a05b757e506e4a327092d536cca7ee75
SHA512 86df72d5b15396acb504c1ac9de7ff5c0cc9c95a90fdd82daedc55baad490cc47a71cb511571d37e25dd9bc1ee9652b9723e33879bc1756a7881a8e61ebc59ed

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 f11b4f2d172ec7cfc259e0de1fc5c69a
SHA1 63d37b5927bf9dea71b31fd58d2c1f31628af88b
SHA256 a8d4f0c54e8af1e6e537f0510983cd2cf477a698c84e270b1a778aa5093be456
SHA512 fe86bb3d3c66f2214b902bad4fc262505074dd7a6e212d18dd754e0f7f5f1856614afa57d037245ae861adb9dca2bbb937d3d5ce6e20c3477f716a417458471c

C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x86.cab

MD5 b3d644a116c54afda42a61b0058be112
SHA1 9af7ddc29eef98810a1a2f85db0b19b2ec771437
SHA256 ca7b9c6a49e986c350147f00a6c95c5b577847b5667b75681a1ee15e3a189106
SHA512 a2d2f12b7b37bd8f5c8465dd13ad31942df11ee5ed5423deeeb178e6b594587706d2c5116258be1562caa5eca691358af3cb83b77898d1012ff521017d199165

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 eb7ec90198bca9379dfe61238e3ee3ef
SHA1 f1306037f93e46233fea7fc931b50ead1109b974
SHA256 830f7d089d575cbfc227a0db375196a7d8d5078af42884e4582660bb2a4bb767
SHA512 1400655e709aaed964be9824fee4b6c4802c107295b377e92f8fa383ab35dba4251927672d35c0c8eeaff1bd595aa41c2157de604531a2603e485bf86866f498

C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x86.cab

MD5 f778928c9eb950ef493857f76a5811ad
SHA1 ea82d97077534751297ae0848fb1672e8f21e51e
SHA256 4891e2dea9d1798f6a89308e58c61a38e612f8433301ea2376ae14c3dfcb3021
SHA512 1f382a287fc6763b8e8d66825e8256dfb7d0dead6b6a6b51dd7c4a5c86d536cc7ef4128be0ce495fe17c859018750072dc7b43e3476d1ba435f209cc4eb6d43f

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 df7aaa2082cae0042f101ebcf91e50db
SHA1 678a1b45628af7b8209a42a74f97fc71278373ec
SHA256 36a9f0b234a4b274ad23d470224dcdab49a81a7f54bea7df9f0247a33a3ebf87
SHA512 cd9d8c227a2f046df3d1abf6a11d9c0780dcf0275dfb9451ee55b527a55d322918ae148ff1a685261ae6bab5d906b58dc2584ff77f1bb19783bb97b3160f4f0f

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x86.cab

MD5 a5bead938afdc63adfecc1daf5049d7f
SHA1 b3d5bf56f6b9bf87c33009a088ba7785b6363b4e
SHA256 a1cc7603302ee53d54f4353c223d95e223706924d99b864220b13814ef93eefb
SHA512 c9244bbcfe60f347ec8785b1a41b6e243153624ea73b16db4d624239a69fa76d2df2e54039d8f4d2c495890ac17b676e390f796118b4e16d9f03683247190362

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 1867f3d1b1ecc40fd4dfb919e6886171
SHA1 8986290180ab8b0591ded70c8d9fd7f517418281
SHA256 6086fba7481b45b503e2d892ff5dad13f5fb347374919a2764371b1efef49099
SHA512 c0fd728362abe97fca294e43988a64d51fc22ab216814c34a626946a4b69ca2f40f5f6431b3e35509cc0dd9b0e219524209eff2f01907ade98289aa19ac21ef8

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x86.cab

MD5 a5915ec0be93d7eebe8800ce761ee6dc
SHA1 e8bbc21c2b5f0e5801286f07e3da09dbc67c3961
SHA256 efa2e6de548401376a575e83a79de019aa38f191d63fdef3bd2b07d8cb33e3d7
SHA512 02259ff3c8478cba134a8f8408aa624b7165ced97c0aed8c9626034599dd5439f84d1af9eefc4191898b0a524e5ffafb9875ec00e740cebe97eac4c2dd0e31aa

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 66f8bab0d42590d51e5aed1ca6dfdca6
SHA1 47ff83321ea2c4218330a3f5a3c876c6a9a35b2a
SHA256 58fad17da80f0ab474f029b87f3b02d33876d4f098a9aa4f0923af347493c457
SHA512 e5eaeb30d1f32defbdc2e4794289be97d34b38c3b896f9c99c995a33a9d6d65fe7a300acc1ff2794ac0f315e5f7c366f023241d29264ba4b5b2c7f4bc445df1c

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x86.cab

MD5 f784b8a0fd84c8ac3f218a9842d8da56
SHA1 fb7b4b0f81cd5f1c6a900c71bfd4524af9a79ece
SHA256 949068035ce57bbb3658217ec04f8de7a122c6e7857b6f8b0ca002eb573df553
SHA512 01b818aa5188cde3504e289aedca2d31a6c5aed479b18a2c78271828ae04bebcd4082051b7f4eeca8a31e8ee5adba158420ecdcb21371c735e4781ee5f661dbf

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 37ccc8c20252722143b2e0fc1111d185
SHA1 200fb044220709686b3f86b165a5e9a8df2bd018
SHA256 95c5c1cd8a611b120d9679dee736734d5577f16b55b41de8bff677b5f9bc671a
SHA512 6c11320e6676daac19db7bf182b7e82ac0cb9340629d52772a8b4007e635c6f6a811d68f7c87ca29be6d40358ffb1e90aa0c11638bd0ef9a8d91d6b57486c378

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x86.cab

MD5 fe8feb215fae59866dcd68c1604d97aa
SHA1 cedaca678d15e78aa458b965abb467e8964a1fab
SHA256 1c1e1c6f68ba556a0af09a38c32eb421c543a4848c4b42d25867c98dab3b3a50
SHA512 9955336b561e4fd3ba3da7fc086643e811048a25a7e68344d2cc5cab091980baae1c04ce41328b59c896662e2875886b78ec869852b2d1daaa46af38c894a3f2

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 13a5aad608d219f8642cb691238a0a8e
SHA1 13de21481dfb1e5f40dde426f5eec9cc4b4a7471
SHA256 f19333bf7528ed3ba989e5275f57d2b606689aeb748efdcdca218753044415fe
SHA512 3d85dc688663ecffcf98cb4fe5c6f158a76d3eed82727ff0421bb4b715f32589f699be70cd857b311870312f888cb57a6e7149d9ebd5319fc0a5280bed58b38f

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x86.cab

MD5 19383cbada5df3662303271cc9882314
SHA1 123c97c33f7ef2ba345b220450f181d440412e6b
SHA256 8ec971c91040618338ac2369188f3e5d7c85a5b1e3b9fc8e752dd845d295cdba
SHA512 a4c6acc9ff656e05d75ae0081c65c200b584209c99fd001494c4d206f2ce8a78d2dd3644e51018574928f3b9e9373bf7ec8c5147a3590b54d1c6d50e61342853

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 470705fd47fb6cc7fccd65e4cb8382f6
SHA1 d2966f90572a01b49ab314aea0beebd2395c5765
SHA256 35b2248915becaea7f1fea2fdde13aa5d71d6e762a7eed1d275f88f8b34449b5
SHA512 76486623db3452fa6ca37f1f5e8cfb718c58e15c9a93fa21f34730d49f021fc818d08fe363a5e0e546cd55ed1e6d7cf488d91fe7d97b040fa3769a8c24ab6adb

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x86.cab

MD5 3ed592e6cdae66b1c0671d9ec417a738
SHA1 9f083ffe00a8e5eabf282130cd16044b488b6e0d
SHA256 4914d2b5c3251b00c0cc236f51afe469728d92b50c953c66d213f079ac928eac
SHA512 0144dd9a83f953eabaaff3c41f17a363100c9a2ccd932321a4afe990d8fcb5a430e842de9146c983409b6366cd974e318a535e6475b10839a6679844cb7d23b7

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 2b821c74d2e062c62994d7c95b079ddd
SHA1 63187467c9079b80cc4a052ef2d163e6884642d7
SHA256 8e781f69d16f7836dfadd36f83c68c601580bec6de797d4ee64a48737d31e5ae
SHA512 f8cc702053f37298302fe5829e55ac9186de318a873451cb80a5455c1eaa98798bb8a76b43fb2a5740addfd51957f25e87f33386b364dc5125cc36c43df01083

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x86.cab

MD5 ddc4af0d53b477e5af77942e7118b66e
SHA1 81ad8201dcf653a6e977c4506a274d0bac12643c
SHA256 9536166ee7cc1100cfe24e01532e8e4deed6baa838b4c025581f2ca046a25915
SHA512 1e082d7e7855bc0af6ec09d4a69fd4a1b0a3a31e4de8faa52fa0bdcd601c501ada6216dddb83058f37ab4a371068e0f344bdf42f2551943be19bd719d99ba93c

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 ca0f547f93a1ecf1d4649534ed5066c0
SHA1 cfe67c10e709ab816b75d9542a687744957683d8
SHA256 d3a15b921d27ceb8d84477506f951082fbbd796e0fde794aedf2211628cfa955
SHA512 061605059d113145b39cf72dc810f42de9b28dd28c4f3e904937a43b8d584e570501563973a37ed5137c9ad810c30d162de2850b15a61bbc3127854c4347e13d

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x86.cab

MD5 c5e127067ee6cacdd2f8962e6005542e
SHA1 22c571e4da75a6e5dfe02e3e3587f40c2939c745
SHA256 f52cc1304b533083b3fc5553c49433c0e4e46d66d567b9de0b558ca518db1544
SHA512 e70df11af8cb5d51c3111b8327371ea40292580f06d7d265f2449b89a4941c4740bde904367fbcb4158512939bbd7c7a3dc20d3642475789fc075a2ae8e27860

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 c94a1fbaf4aeaf2754915404b5e95132
SHA1 9f00b3f29324b4954431a80664fa62fd4b977e58
SHA256 bc44383f783cede34268bb60584f5bbe3be0d2fbb6ba578f439a698690521af8
SHA512 6c797bed4897c693efdd57fe9e716c28bd89d88ef7be1f8167051d4bcfce4cc2a86279851d977a14fdee13a8a0c609f5ad032bc2f8aa642d3c21b87473a95502

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x86.cab

MD5 3d9a0c59156d03da0f19c2440e695637
SHA1 55b050991cb17410c75adc3913066baedb482ed0
SHA256 bdf7fb01c02783a4f8c9f5e7911f5cae3e2a7cbc425b90b36f9ea6eef2c27de3
SHA512 e9a662498c43865e917f0778b772d6964517e41289cbf5a0b8a4e44d8c4b4e9a5049c76f2ecbe4acc7e9cfcc3f1d87a75c3f8703e66804ce758969814ba14fda

C:\Windows\msdownld.tmp\AS62E705.tmp\Mar2008_d3dx9_37_x86.cab

MD5 8ed75e3205c2b989ff2b5a7d2f0ba2df
SHA1 88846203588464c0ba19907c126c72f7d683b793
SHA256 91a50d9efcdfbcdf22a91d6fbb0f50d3c2aa75f926d05cc166020bf7aaf30e28
SHA512 d0cf0e3aad9c8c43a927d1bbbd253b9fe4c97b638ad9a56f671ebeda68fc9bc17cc980d93095fbb248dd61dc11b7e46c22d72cee848b150f7a13ead9e08a7891

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 cd45778ad52aa6468971e2685807968e
SHA1 54e914f6d4d88bbdb97f50abff953d775f7b7b24
SHA256 5ffc9c8ddadad4cc26dc6758b142d86b882a0cc840c53503b923e5e70c6507ab
SHA512 c588a88fb1d1ca74ce2bcda0052aaf994cdfda94d80657f176e4579be17b3dcc9d7803872fa68ffb62ec6985c7770662ad491a309816f1239f1edf5886e91eda

memory/4980-9981-0x0000000000F00000-0x00000000013C3000-memory.dmp

memory/4980-9982-0x0000000010000000-0x00000000101A6000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x86.cab

MD5 798cee5c999069e4d097160cfe3715f5
SHA1 5d539bcc8e15dfcfd8557dcd4d55fbe01ed03973
SHA256 8205c4ea4ba71c9b124c3572df6194f2426262b937e2d4f3a206605c4576d222
SHA512 bf6f95c9dc9fd6bb135a789d7f8bc2b27c3ee5c2fe86f2df70a88c4e94aa5b7d2205d862fa02bc7ac1283d09b8826b1743ca53acc3a956b237fc9a7a58c7aae9

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 4d51275c98cd0919a5dc0c6c2bf87f24
SHA1 f25979d34dd00dab6a8702e68234823de685e56f
SHA256 cb58110c6d731f63ec93d03536358ad0b4ad2d65a8cab2e9f7a62266cb5a1ddc
SHA512 0e78f62e800e62081c922f5d2c786bd02f7f0875a08a26b86e4810c116eb411909dc271ad0732b44f6acc0bd06b56b745e635a32bf1c4d1266a97133d557b4e0

memory/4980-10020-0x0000000004A00000-0x0000000004A01000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x86.cab

MD5 e2fb2e37c342983493c776bd81943978
SHA1 2a8f3c45cf979966d4d4d42a4d34f05c72c7e29e
SHA256 57e57a6348e55aaaca6bed5e27bbdd0a4bd0dde69c77f4d26c805be6384be927
SHA512 2d297f607c5a098a3d2b19e7f88aa12f720af3c23fe6ddce7d4659a9184d1cf8f8a76f35b8acb639b48cdad8998c919215a03b89207e2bb1829ea3d8a9efb95a

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 6460e2c4de84713242c3154059b4e12c
SHA1 bf58b021238b18f37dc6d18384db94534f9edf6a
SHA256 57bc21b86044daf245e01b6e546994ae1ae05a5d7f9c4bf4f82f6f3435935514
SHA512 073b7cf4c06c2d7b54cfd6f6b43d32370f58d60aed48a2fad4a611540187702c3eac88a865f8afc0cda8cf3dccee4156fc38075145fbd4ccc7997e3685a941c9

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x86.cab

MD5 b0e2b612daf28b145b197a4db0a9b721
SHA1 f69266e4af3d2de31a2a2e416f10b0f44737739a
SHA256 e8dc1063c9434eed8d633741b19cdfa1889581041e2214b87b5159e3ea087f3c
SHA512 6e31f18cb75ce69d291d0abd15edadf02c0693033351dfb2f435312a47540aa223c8176209725c14a05fa6494153a3e191b2fb7cb8c5cee11fb42371ce67392b

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x86.cab

MD5 65a727ad501c4b7eda6f4adddea8bfdf
SHA1 ff8a60b42b021725939d7923bdb77f12fb4a904e
SHA256 50e91be86501b49a031eef5acfc703514f2296149873a6b8b95063dc77572bb4
SHA512 7ae5000d6e55255836e120970c4a2215aa98b77d1dd33252c9f4e28c09facd55fb782438069b5f95c063c3029fac53db75c3e95e7470752a6dfcbcb9445a0c3d

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x86.cab

MD5 5380053ac4c344bd38604022476b1c1d
SHA1 043dc8f49bca3bf0bd85e858f5c2eedf68565c0d
SHA256 84800c55f773d5d6913e344e41baba58cf07cec2e6c7114ca3bf48e8f355419f
SHA512 f3ce2def6e2e8a1d2c07f627e3c437a1bba0b2e456020a84121346472be3d28e0fc69623bd408f35a2c639c83dd2787f998dedfe42b7625dc71500824b035fec

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x86.cab

MD5 75556d89fdd442967a23993c9111d997
SHA1 003de53653c0cc84f8c3d617d1f76fb475f1a7cb
SHA256 863ac3438f57158d4f53900c6924bfdc132ab43a5af57d4658e65842836b4fa1
SHA512 6086114500dbbf4db9d0a9c3f72732995bb9a3ab5c135ead53143749b95651b37b64be7a52ca09388de90216fd00486fdfcfbc87d42d77fac469f82b5290e06d

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x86.cab

MD5 5dfeb46e60795266da03f2d0a67e7acd
SHA1 a77758873e5544e8ad22acf469c4a0fd0c944a88
SHA256 ec52b075a3e9c7fe468b317e0ff977964b1003d560065128741f4392bf47c49a
SHA512 6ec058811ac017be3cd3a46559cd73126666f41b0fa58d92c1168cf2a2e0e2357b19f65531c786ec81a438975dbece440c5e7b6c653afa5428ce6c444179af6c

memory/4980-10252-0x0000000010000000-0x00000000101A6000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x86.cab

MD5 901567428d8c82756d7bf5a406441bd7
SHA1 6e3c22147f3da77ac8f20d615ca32b5ef2a0ed28
SHA256 32356344aeddf709c9d5302d8f3fcc1ff1be2e82d8d17833a2086400af248794
SHA512 6fd4c429e32480bdff4e58ba8bc0d28fe97c9ff5ef1fabbb856230efa669246a354f99b723e7483d548b74c121ac8ba9cba2b5bc3c18f35ee828302d392cf6ed

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x86.cab

MD5 45e83cba5710a1de7d3990a288122e85
SHA1 23c4bfbddcfb11acb7c47c409825f039af7eb908
SHA256 b7da29103cdf374de0c09713cb985035eac45fb8b394d3b8157d8a7562a89899
SHA512 8c56d376d349aa00948e1f3c6168dade76ac9a26ade1aac5a385dcf0253602f5a2973483d083425195db6ad7717494fd3cf674f5549774ac608cefa2a88bf0a7

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x86.cab

MD5 9bc8213933598d050827d20a4573486c
SHA1 e6f9ba62756a00c53746419dea221881aeb336cf
SHA256 9c96b6fc4df5c0efca9f0d653976772b2b964243214f99066e4ca4aa6df791dd
SHA512 a1920d042963cdda41df44044de5b94b4cee6efa102f633214e384918d93d2d6a31eb388bdbd00c7e9c199281e3b71caa5242e9a42e7f0be27edf90a3cf6890c

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x86.cab

MD5 f264af5a36b889b4f17eb4d4f9680b4f
SHA1 1df087ea99d321ec96d0d2f1c66bee94883d6f08
SHA256 bb46189eb8cb7769eb7be00cfbc35902072fa9408313ef53f423e5ae5c728f61
SHA512 73ae1cf3cafba148f4e5b4d8ac12a7aa41f6ecac86c139c6a7714f90f3dc61c444dc152a3ad3c2ca800c1a1f4955a2b508735f8490666b57d1420fb7a7bfc269

C:\Windows\msdownld.tmp\AS632798.tmp\Aug2009_d3dx11_42_x86.cab

MD5 dd47f1e6dc19405f467dd41924267ad0
SHA1 85636ee0c4af61c44d0b4634d8a25476cf203ae9
SHA256 39ff69ba9161d376c035d31023d2fdeecb9148a2439abe3afd8f608f7e05e09b
SHA512 f77c4cef5cb7e927948f75c23a190e73d6c75b4f55915859046533a10aa3c5abac77d8bef71a79368c499c85009213e542094b85b94b69e62aa66b60616777c3

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dcsx_42_x86.cab

MD5 73ba11ce0e936726fc9fcb882f8b91ea
SHA1 4a4babe3ac751e60ae6b5b0d69c93fa53d7fcd21
SHA256 a9a704b73531d6bf59a421ab5c046c19a16d2b0b07f09816dbe9da4550a24b17
SHA512 9a198eb93d5623651d2981a277eab4c345c08161254d0127d90c97344450ac1a7fd5c8ac840048a43a347e3296b286b646ea0fba88f0c7bce1ceed1484112d56

C:\Windows\SysWOW64\directx\websetup\Aug2009_D3DCompiler_42_x86.cab

MD5 87bdae64fd47a75f867a290ec7b8a4b7
SHA1 dd9e69e1815e8bc161e8eb89a0f2a296074bb95d
SHA256 6bd32337826f5a5141fc06391919a249e984150905c2546dc8bfc33d41a24e82
SHA512 c8f7a490722741df4e03823880c6d623ff16ab648a40c1b1c8f7bf26c92499eb34c4596bf239337cd23a57974757958ad9a30d42a4141dc0e7522f998ed3893a

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx9_43_x86.cab

MD5 bf124b64fc3774f61d30de0a405f0c6c
SHA1 2f8a8babfa4e51555fcf125e8373d9c5f7f7434a
SHA256 457c5ce48eaa0fe551b46dffc1e4dca985d261686d8d4e6bced533ee1f682fce
SHA512 935922ce74bd399e8358693562f86c9b4b6308a6e33586a5dd61924f8b6b2cfd6cb2e472fd082b9ea32c0abb9a799a0ba9103b4c316342f8072a7a3782c2116c

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx10_43_x86.cab

MD5 591a61bd06c73c70f93dac5af2d8e924
SHA1 c9d36ac5e2acac31a7413d22ed1c09c71cc96ffb
SHA256 f0bc06ceb484d97cf01526f9223df7b4357d166c4391869f2e7d514dc1fe769b
SHA512 3e2e3318a700a6ed82a21018403ca99728c8a56b7df81f99a5d705b586cee1141586dbf19a01ef1f1a72ddc8f45ddb51ba5769ae4634b02233ef1ac4e0fba5d4

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx11_43_x86.cab

MD5 061bba3836b3ffcbb01b150467bbe951
SHA1 00d8fbcd4068b3199d3d393bb4b86bf82985480d
SHA256 b80db68cd82caf8bedaee62808171b20c546a76499c3ad53014e3bd2fbd2918d
SHA512 aec8327e1ccc0b33b3e32d66a5ee25c4b70a227b708d10f61ebad2d998f3be68145fa85c50baa16a21ee766b336b1432fbec02c75d698793092015c832b6fc26

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dcsx_43_x86.cab

MD5 e34c0cf1bd5a68c80bdc709a452eb322
SHA1 4dd4553ec7e2e42d51a716b1f4cb58588bcaa164
SHA256 799b517227812252481c9c9b22cf16ff185ffc20b9273612c8a37153b53aad93
SHA512 3488a52f6fd3681b10624546b923368245f969330d4909e91c5b58f159cd24b258a8a2274d62243ca5ca9f1fb40f9f248b3bd92283f775dd24baf68ecc5fd03d

C:\Windows\msdownld.tmp\AS63462D.tmp\Jun2010_D3DCompiler_43_x86.cab

MD5 e7dfa140cb0ae502048ecdf1e42360e6
SHA1 4db08318f78f076fcc6ff29737b3d6d676f59c54
SHA256 293ced557ad732abd2737333df39b08216f31601d7ab65b743fe51b4efb8b6f0
SHA512 39b69a5cc4a50de72d031c41879ed7644b577a9e3e3b44bfecc61d5312c7c32c964dc2cd37db711f7e486f444ca77fe732c642f3e494e6da1bc1cf774d9ef75c

C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x64.cab

MD5 dca673a8f9f834f9370862d1c97fd9e7
SHA1 1a0cf0fdda2c9e8abdf5cc19fcdbeaf1bc1639e7
SHA256 be3de63f136a2b41d3229e477ce2cd7f67ded031b4b370e640c39b80368238cf
SHA512 255270bdbc1dcd6a3213d8f0da2e48c6445b0141c5148edd1dabc9ca4643667651694b68013412a4f2ec90ccd60a757f64a9a76e2576c4fcb056dde726a6f67b

memory/4980-10722-0x0000000004A00000-0x0000000004A01000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x64.cab

MD5 e961a77647e7fc2597a68ff572f730e1
SHA1 976d1cde1ec28a4992e1cbc345637447115f14c8
SHA256 a239e99d02fbfc9d30d5b705aa743fc070386faea1a66b3d67099ab446568a12
SHA512 cf72ae18e99942d959bce58678f544a10c98802d919adc30737389d6cc0d492f8d7902e0e2cd04501fe6429b96c782649658d2d35c879a202c23e88570a15b94

C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x64.cab

MD5 05103e47f259fa22d27c871e4cdee7d9
SHA1 502fa5d15fe56dcf64431bb7437e723137284899
SHA256 794e23d8b08f88bb0d339825b3628c24cd0297195657f9871ee6324786fada36
SHA512 180e0abbd97b6781c6639c6ab2a2355400b8e32784a8469c3cbedea23b121cac5ba17f6aa509610d0a1e5830735455690f574054d6224a6a5d2ae70edb601835

C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x64.cab

MD5 a9f4068650df203cee34e2ca39038618
SHA1 cd8caeceecd01dac35b198b42725cbeb5b7965a7
SHA256 3500c1a7cfb5594521338d1c29946d1e4ffa44d5b6bc6cf347c5bbbde18e94dc
SHA512 c92fb461b53051a22fb480ba5b6bf2706614ae93be055b00280be4dace19c1f2a9327106a71851b0e42f39e4172ea3a027f7ce878bcbcb252b723eea49dbcf1b

C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x64.cab

MD5 d964ed45ff274da2c8f48e2cbd00aa9f
SHA1 5c2e5607065238fb24a0b65ddfc904406615e2a9
SHA256 daf10a54089755f9a8aceff0c7695f1aa42d35e3179da5b9bb91e409036ae547
SHA512 a74e2dd4bfb037e5f5a1deaa86f9c4a354f023b62e1f2075509fb707eee1725b1136441d1059bd3929af1a44f6372dabef9cd15d386a77b2b22a532b74cf16aa

memory/4980-10875-0x0000000010000000-0x00000000101A6000-memory.dmp

C:\Windows\msdownld.tmp\AS636463.tmp\Feb2006_d3dx9_29_x64.cab

MD5 71905fb6bc82583a47ddc8419d92263c
SHA1 1fbb0ec18dbcd1d127053823522ec2a20c068dea
SHA256 4927b3b5796713577113ff45fa123bff6741509851be89bfd402006958585d35
SHA512 1f71dc4079f5fc93239806393850fdf9370f325b4c6d9a74544d8867574599f1504534952a5b7c0e1ff78d322201adc6fd78ce2cbde7d01600b8af087e8c412c

C:\Windows\SysWOW64\directx\websetup\Feb2006_xact_x86.cab

MD5 fec720c0c15c43569ea9fab7ceafea95
SHA1 c65235b40865725a00675f1bc013ba8b77307669
SHA256 6456fc26622f3a72b9449ed0e61874cf1adba23cccbfcda1324f033fe0788fda
SHA512 8edee940930e3c610e709e2c6348abab479628bfac71a0c507f46af8d80f1f0c6e31c7c44af5f884668ce472b281ff18cb44a97ab68232d455b7bc8f89a75268

C:\Windows\SysWOW64\directx\websetup\Feb2006_xact_x64.cab

MD5 582102046d298e7b439c819895f6061d
SHA1 09900f44668350118589f18c693b131d7c1f9238
SHA256 c91a6380c65853e41e2f9593b954f3b5af49bcc894476d8eb78cd9f8b6dd7da4
SHA512 8aabbcbc88489ff8828d532be5c1bc0d33d7960f41c7b38348aae73ba4777999f4358466d061ddd8291dbd434e7741ee2c3215a10f8287be36209e0842c4eb2d

C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x64.cab

MD5 5ec6f520f3afcc6494ab0d43b690ebd4
SHA1 2359e14cb6da44aa89a3815e905d6ffd81960d02
SHA256 27d99894e2a68601f46487c9999723dc83bcc9c6f903f2e2622d05668035b015
SHA512 9db4a9581edae2681491d5e13228642737d0d186e0e1672b063482b2e699274acfcb81dfa9631902e93e009adc0bbd9447061830c8ce2fead6743e2d45aaed60

C:\Windows\SysWOW64\directx\websetup\Apr2006_xact_x86.cab

MD5 a2132a62f9ab0bddc3207166dc014581
SHA1 53b19ac3e6c6752011ba641ee3c409ed10c95dd9
SHA256 52c71c89ccc22fed3d7c985a22c464451af34b63b3a26a3799bc25d881221ebc
SHA512 76fabd7f440b6f9b409b0b2635ead4ef332563a9bed738a722a7c6b9a077094154bf735caf02c67191b08ab0a19fc03e05ef3d984f6e34dcf3bd587a05d2f424

C:\Windows\SysWOW64\directx\websetup\Apr2006_xact_x64.cab

MD5 6ca70cdb3fa575506ba4035e9a50d8e4
SHA1 a2a20f5f95a1ab293a188a55bf593a82ea0dcb7f
SHA256 f82b2043b470bf0e711c3d05d758a379920340212437917b5d98af0c14e7bfe0
SHA512 a453ced526332ace37861a0a862fff3710ef74ed57965f28dd279f526a2f33c390e82fd2c49bee75476e5b4c349c40a71eee49edac720236a16780dfd700fe62

C:\Windows\SysWOW64\directx\websetup\Jun2006_xact_x86.cab

MD5 cfcca19d60ec3d822ed5ec8bbadec941
SHA1 ab0e87182877991810af48f1478906c1e671829e
SHA256 23495764aba10ff35cf9d23aeeffdf38716219d8a155ae29162f01f7fe6a30cf
SHA512 2acaea2de2d77bbe8206e8309d48a4cba432d72fb9bde2576bce7a31ee29fdcb0d44c2b996e8dc21a31bcdb03c806e11ad53b74d9c4c972436d5202825900c01

C:\Windows\SysWOW64\directx\websetup\Jun2006_xact_x64.cab

MD5 d404cced69740a65a3051766a37d0885
SHA1 288818f41da8ab694c846961294ee03d52aea90d
SHA256 5163afa067fe2f076ab428dd368ba0a2cf6470457ba528a35e97be40737a03c0
SHA512 87998e67b359c2a0d4f05dc102f6c4db4f260903385b7558a2c1a71436001d5b18f42b984e6b279a8197243593c385d41f51de630fa31c5ca5140f6970f87657

C:\Windows\SysWOW64\directx\websetup\Aug2006_xact_x86.cab

MD5 e16f0875713956a6f9cd8c5acad36e51
SHA1 984b821eaef3b549ce0b12f72a405a93e51a9dfe
SHA256 31b16f93be7f5f9bb78e9ece6da96565d50a0bc1f66b206b7a21c601a308dc53
SHA512 dd626d5552eaf0c1dbd32bc4dd84811bace74c6350eddac692d3c3e8c393f4a19c26e8f2932f54a14648448912e6b87c796c6eeb6da9b2c55ec4565983b76189

C:\Windows\SysWOW64\directx\websetup\Aug2006_xact_x64.cab

MD5 4ba26f9dccaebd7be849a076ec82d6ff
SHA1 42fb0d0089d8bc92735820f475968f59af4e4365
SHA256 13e7eb934a7596e7c3b7d8a0962e68da841d9c73d154825dc982ff6d05cff221
SHA512 4e4fd8a31ac3c2f8cc66d434103c0097ab3fbe2c2e8140aae2f95fc4ac1927aae9cdce8730dd7c4dad785d9a653d90b0f914b258bb5695c68ca93f605ac82dd4

C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x64.cab

MD5 edba7bc2a22f3186420c271b7291dca3
SHA1 65483db4269be348528fd205239b811d775421ca
SHA256 4f5cffa56fd44f7775f12fc511a1e3f030c05ac78484f6866b12b82979067c22
SHA512 90a9fdad3d7f933da8c3731e42d262034907d8088b85d7100be46c57def02b436c31eb9ff144b9d67fd931f92a1677ec0cd762d9aaf066bb026f139499ba3a66

C:\Windows\SysWOW64\directx\websetup\Oct2006_xact_x86.cab

MD5 4fd2b859952c008de0542053b15bf0d1
SHA1 0800cec84b51fc6362c871fab87a09db5c4ad6d4
SHA256 f6b6ebc9c239c5263aafaa63fd691da5aa715e9c794d5fd663e86559d5c6ae56
SHA512 d656c3bfe4593ea9084a5d09f0173c8f6b7d6229fc7e3f6757ac03089cfa94a7337bbef0456785b79d777b976f5a8259056d2ddcfe0f74d78c304a02bcee0ad8

C:\Windows\SysWOW64\directx\websetup\Oct2006_xact_x64.cab

MD5 cc568d26b5b4cda021d528cf75b21699
SHA1 dd47a33950c9e3a88defcaa7ea331fb1f1bbab97
SHA256 662d4e5d005cdba02fabb0d7a68a7b48ecafdebe21718d892833d5c482e5add7
SHA512 24b53bbd82dec594d9909352d1f2afe69b6f082db99aab3385826c4e8d22f5c075f3c5a24c8104dbeef2d894980319af141c65d768a51936c75092a846f3c8aa

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x64.cab

MD5 2290064562f2d6d197765f4edebc5bf0
SHA1 70c2e3c3eb521ba4c46c428d57166631f86512c8
SHA256 da1ce01be39f41f967282849715e8310dc1887bfeb92c4e0166d2c31f00647f7
SHA512 b25a517de79668e3abd88acde835df4a0d69e70ce0e001db31d5debcd812bce46f4ada5e07c036c7bbe88d6dfc9f6531b2198f03fc27fa46070c790b45955dec

C:\Windows\SysWOW64\directx\websetup\Dec2006_xact_x86.cab

MD5 082b7d69f96799aa2ab1a8ea1fa2ab88
SHA1 75c7032b749259977c947a5103f9a4b92c2025de
SHA256 b98e55c654b9ee6f6d040665d932bea7a1299c56cc9996eea900ac4f5649c7d3
SHA512 57c96a4c99ab9a7d33a8cc81a3b4e2ab58fe3a2fbc7f79ad688c7d0257d281c662d4ce0737f68c00d15f715bc6177d2ff9cc32a69cfb77216265fa56ff79dd8a

C:\Windows\SysWOW64\directx\websetup\Dec2006_xact_x64.cab

MD5 f34ffbdb67dcf84092c9d321e3343d3f
SHA1 52fafa930c3464e070e1e4692d4600b12678e9d7
SHA256 bdaf9c41f83e65de2b73aaca2002541d48c65f551cfa0578b3259d3bfca54ead
SHA512 a78d32ee71f5b4214e9b8b95fb8bdd4b629d34529fad7a494219175ce5cc129a3f5c500d426afe0de6a680977fb86abf0b77be353d8d19d6ed1a11c421c6e757

C:\Windows\SysWOW64\directx\websetup\Feb2007_xact_x86.cab

MD5 a09f7eab35816d682e7432dbb36b047d
SHA1 db67b9434abaa8e7f166956a1c8d01f536162c21
SHA256 0e3655490667ddf17150aec089889268bdd7f1e8367d2bed6f3eb68a5ff28288
SHA512 fb1cdbfb3cdd60783d1c8696ea6efb746331880c79aa74052808ca09092cf1a2336bf784104d16203740998129b718dc0ad4a632e4031e85ccf340c593f05e57

C:\Windows\SysWOW64\directx\websetup\Feb2007_xact_x64.cab

MD5 cc622a75240ca96fa8f28bd984bed5bc
SHA1 424f216c5c0e02ae654612eaeb04900c9dafbc61
SHA256 3454d5101716a5c17bcdee8632668d981f99e8558d8d05e20a33ed718ed8c2ac
SHA512 eab36cd6bc3ae6f67d89996785f9c7d51e140bfb839a866b4e4ffa7809846df861d30d1fce2e1a498e8403deca5ccbc50b8f37f4c1b4ad3cd3a63b150c49ecef

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x64.cab

MD5 f33c12f535dc4121e07938629bc6f5b2
SHA1 6b93fbe3d419670a71813e087d289b77e58e482b
SHA256 3ca2acf6b952d6438b91e540f39abcb93ee12e340ba1302f7406f01568e5cf91
SHA512 df1753ab43d5b7fde2a5eb65a77b37ba28599bc0683a4306f101c75f82b0f1a2c8ddf5741981073cc5df26e9ea38c9a495ed0fb1689d2e7fc7d6f693759c822a

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x64.cab

MD5 906318e8c444daaaea30550d5024f235
SHA1 3f3dccf0a8a1cbf6f603be1da02e1e2bf89d24fc
SHA256 1a37565c5b868b6a5c67f3e24b8af547506799444cb77c7086e7b0cec852f239
SHA512 0a7aed2f49ea3dcbca1607fc46f166a44bc9d08589db05051b422c8ad84adf322352f71333367c612f9579b4aacb4cd6b82489ddf168ad67fb4d42ab52999c88

C:\Windows\SysWOW64\directx\websetup\Apr2007_xact_x86.cab

MD5 8922189c0a46d26b2c52c65515d87180
SHA1 27830c01afb15158186a045b7224ef33793ad211
SHA256 39f970bf4cc42e9325ada84a603c6c691bf94921385a52325f402f7432ace697
SHA512 53d51caa2cf448681a709f2b9737ef75dea4e9a46e2b29e6588b13e941671643a64d3597649aa2ae0b1fe9e5d591ed00bad9ff3344ca62851e03a68279142cab

C:\Windows\SysWOW64\directx\websetup\Apr2007_xact_x64.cab

MD5 fbb6aa140d5d0aa28a7561ea15d69e72
SHA1 26804276edbb1ee23b96690b40a01bb9c723f7da
SHA256 7781f0494648989583d4ac7695b9c5310eea76b6a102e15ea0fc7376250e4584
SHA512 08d6f2ef3346229f71e9fd6904d99bcb69f0a03cbd2d428f0a3ba58836694b801446165814aee120b4c5eb7046184b08fb49248f5e1941579b9caeaf9fba1b1a

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x64.cab

MD5 8dbaa3047397ee4cfca2efffcc2dfbd1
SHA1 d88fad72d7eaf38b8469b2b8492311c39c42be04
SHA256 fe4b15931e048c97cbbc26f753093e7d41eccf174402542631284f8bdb9ee692
SHA512 1ce01bf0bd4c0d832d95b13e958da6cb69c0d3949b128fcf40ec59ecc0ad8989b27c91eac28cd98777d57dfeb811cc1077fdb87348a11b6370d806771d7e742d

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x64.cab

MD5 1ab35d11274d1adbd316b19c44b9ae41
SHA1 14165ec367ce179588c8a5806fc968fdb49b4aca
SHA256 02ed1b5a850edb52ec174de177e91842edc7c5f4c06ceda5b16f3427dbcd4c99
SHA512 71c8fac7c95211d323c4fb6a02916e7d43ee399bbe0f1d983b5ac210f5039b23355f40b36f023f3c36e19787e2871a60cc389e51d6327652cd84d9e3b93d5a4d

C:\Windows\SysWOW64\directx\websetup\Jun2007_xact_x86.cab

MD5 001cff513a31ee082133e7ba3b0d71a2
SHA1 4517610a25239a16c26ca9890e1f0e52dda3781a
SHA256 245b0c554cbe2677939a70e5c4c6666b1b43d10d47980223f8cdeadb2d0eb76b
SHA512 7119f6ca16fe6d968310f34828f30d8144531b89583cfd529056d2e31d5164fc65136fa9015b69849f724ec641a9291ac644c91cc3fa8ebdd4daf9cf5a665a7f

C:\Windows\SysWOW64\directx\websetup\Jun2007_xact_x64.cab

MD5 b9648d12df695290be0479c1e78894c7
SHA1 932627d40a83411f9f4006792adeeb4c3a74cf37
SHA256 3f2ca0accef2594fb014296f4111b7fbb59729c5d928b22f7283c392494fee7c
SHA512 240b622b02c5fa3d036043ecbe5bf29fee447147af36e795bfae83fafa35934fc22a3e9cc2d846bd880d7808897355e16696c555146ee69864472d4600ad25b6

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x64.cab

MD5 ddfef236e7d70471aaa1741a8abfb735
SHA1 5f7acde3116a6d4363410d984b9c8919674ec9c9
SHA256 28b6ff092de67717c47649c87e7114c34325edda199ce2943403c4f3f4c3e0b2
SHA512 00990f7e6f266c67385813b0ba399a2a2c970dcfaaeb7fab183e2ec0cc50613cb0ad57200bcdc731900d8f7e609c95e8ff9cddaa52bce2ccedbcf4e9f74008ce

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x64.cab

MD5 8f715d741b7401547a263fd4af02e7ba
SHA1 39c031174008a0e7bd603a5670f578c0cc6443dd
SHA256 c97275f60e2f25732b3b264b8bdf9cfdaa39d6e5b189c08fab5cd7a04fae9bf7
SHA512 27cdb534361c1f6205585e1baabd83b03f6715d29afb61351f660bed1ccd1ef035c6541ad7e4c551bfdd2aa8fe77a903d23eb27618ed369c37a369d373467c8c

C:\Windows\SysWOW64\directx\websetup\Aug2007_xact_x86.cab

MD5 12fb614027a3f3ca6b510bdbbc3cac81
SHA1 aeb8241e273e12d984f3551b2e9ef978153a6ff8
SHA256 c35652b18c6a2d108812f415ddd435ce0eef5489e37142300ba67d66986ef43c
SHA512 f983f518ac3573a6425ffa0ca049ecbc9d4b857bc473767ce2c67fe4118731ecf902ae739b4d817288bf6cccaf5d9e90ed035bbe23fdf7026d16b80c08c441b8

C:\Windows\SysWOW64\directx\websetup\Aug2007_xact_x64.cab

MD5 527e5861d4999e7b410f5bda36cd6d7f
SHA1 403303e3c349a283c275c673261b600b3589095e
SHA256 e8ef9c88a6b958916c1959d1c6c7f1666d22e0f70ce8a8c83183f49ed71f6287
SHA512 38b1d719a477990eb5033cf870b070103d13fedac7bd99e61d54e7afe27d3a1c73a250981524c9fe9a29722efe01a033531ddc97fd3e550d4ba5df28903c5bf9

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x64.cab

MD5 a24b26f20ffd17ff3725a6dac823749d
SHA1 e0a9f241a083a58bd62046b0fe50afe73561c901
SHA256 23ad953d03c9da720002834eddabe71bd649dc9cd31abc7a09a8e77a948414c5
SHA512 5fdc1571574ae2ba50bcaa90e2cfe2dfb30a66574b6dad682c5b1b68c0ce1c8378ca8a766485968ad20432672b42a030a6edf6275b3f78daef055c45f37d0d3b

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x64.cab

MD5 9ad15681fa177c198ed2c1780f92262d
SHA1 5391c59fc75cdb5426f71e09b67384b2b9fea98f
SHA256 bee9bec21771bc5365847be692e785ea619d625df629981a167429df6f0cc9cc
SHA512 eca7104fa4e306326a92c1967d339d32b9e9ba1e42965fca820847f9f9b085d1ed30867db10129766f9dcc9b6320d4bd43f05103317e53b79f1355d1f1d69f05

C:\Windows\SysWOW64\directx\websetup\Nov2007_x3daudio_x86.cab

MD5 bb6131295182fe609e802e39f7b3af9f
SHA1 925dc4dbd64492f4d013063ed6562427269668dd
SHA256 90f472ed8b0beeea5db1b462da44577160337c767b27ce70ed58d68d0a03e7a8
SHA512 0b61e722b2ccbcf8de5d56244d9bcadf5d97c43da0ef01363f1f0d79f686b70c74d3ea5d6482ee28d2620c647cd690f5fd807e2f5b4328044aea5bdb6372d04d

C:\Windows\SysWOW64\directx\websetup\Nov2007_x3daudio_x64.cab

MD5 523deb17de80955969d860376fc0768b
SHA1 8964d237c360208e42d1a879e541dc710f1aab05
SHA256 122e09bbf46b3c3edae6c28ad060482dac24d4331c682fe0231cc5b6fb53c5e8
SHA512 c46522b916bd840478c06256305c187f950e525f7780a1763589c3ead8cb425a245944549accd58cb626769d368b03a047cc3b1fb38cd2ec4c4bcfc5668a2b7e

C:\Windows\msdownld.tmp\AS63DD8B.tmp\Nov2007_xact_x86.cab

MD5 b3eb2dbd7a3a366ef2a2e1efe54a4e4e
SHA1 7edfde36ce6f8904b86610ead23aecffa0a21c63
SHA256 6dcb9461eab4aceb999784ecd74d985b3543899542ffd66203929f409c70c8d8
SHA512 b69cdcc7a2519a48dc13f60bde5dd0dd84af63386b1d98a507103492ad8a9ae5bbfda78761ce15db9abe5f201d509fda8013f3489aaf21db85cdd25dbcc29cb9

C:\Windows\msdownld.tmp\AS63E1B1.tmp\Nov2007_xact_x64.cab

MD5 3d098aef8ad101782fb2187d7666ec64
SHA1 e6565c1c8cc68a0013490be6b3d6819dfdad94b6
SHA256 9fa6f4116a4eb1e72f75cbdcb2e34198a243d169276d4f493ecb8a9dff3722d4
SHA512 eed7ad526c5dba959e5d5b963154ccd87c4177a286e2f59a59ccbc7226e7a738ec89ee9d859113b72eb5c15caad444929c456beafbe125853976cc9e1f4936f0

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x64.cab

MD5 600b24bef0749c2fbf406e0173478843
SHA1 d373147cc4ff0cf42d084edd75af18f1d0a347aa
SHA256 7ef2e2a5d4843f58b3eaca34f5a9c63e9abfa726a3244b762a6de70bb9a95123
SHA512 e156ee9e70a1b2be4b2d4b538b6f6ad4f4d877bb0d31297464840e3eabdb9239d73e54a9ede97c4eda688d7afa8483e271e31fdf9c658b240aa9510f161ab19a

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x64.cab

MD5 756fe364f6a8bd2e70ecbbe895e134d0
SHA1 eaf82f86086510c0522b5dca8199110874b11b37
SHA256 6aff708a5bc25b4ecee972f930293324f86bc45dc97d687dab782108606c5902
SHA512 3d1c0a3ca8da93a85a459b252ca9ecd9177a450dc1a8f73add303a601ec64285fedd2dd97ae0a2c72661dc579e03fdd63ae6df900f645975885ab7a178e47352

C:\Windows\SysWOW64\directx\websetup\Mar2008_x3daudio_x86.cab

MD5 5262e69c5834aa27a833c1e589cc2574
SHA1 757bb50815568a7aac35c1d85adce68466fa39b0
SHA256 1ababdfd6ca26f1c56f618f8c9f90dbc063d964bfa31caa787b0a8a1bee519be
SHA512 82f75f1fe7524e32514eff95ff7013ee1a095085937c1d31c7209c6403b6de9bf5ff0391fdb4bd3ef3d2cfbd941924732ea2b9d30055d90e04405abc426dde95

C:\Windows\SysWOW64\directx\websetup\Mar2008_x3daudio_x64.cab

MD5 bdc5ed445942d7384d946acaf03363c0
SHA1 b7e021195bc4574a5676ad57eeeade1835299dfd
SHA256 312c2dfd80126d25a1cfab0fadf5c99bf1f81b404e121afec908f5b5d04529a2
SHA512 e6f792d767f5f4d3fbb08ba555d6aac3a8a873c11711eaf8936c738a9205fbe6ef7e64a9b56c58fd3f858bb7c20e595afc2f3c9d9010e101c2eca737d1676895

C:\Windows\SysWOW64\directx\websetup\Mar2008_xact_x86.cab

MD5 486b18945e3f5ef496727202eb8e1473
SHA1 d1741959717a62b3981542b3a9d75f58d5aee637
SHA256 d2140d9b4420b022d6e6135a67029033b5b0ec083893eceadd1007eee41ef4cd
SHA512 e262c6b5bea9c60e07985eaa5f84fd7d8191a17739dab8985fbe60116352cffc06f05f309c6aff00a596d8a0b61982e86ebe26097554f1a46b337d155ee437d7

C:\Windows\SysWOW64\directx\websetup\Mar2008_xact_x64.cab

MD5 3fc4683385ca18bb91a64aabd6287ca5
SHA1 1dd91f7af09a1d6ed2d205bc385b526d3400336f
SHA256 b6f81e365b7fc224f66bd6560e5040dabc9370b3f21f9bd85728349200dd7632
SHA512 4c6be51c33444d62967ac4dcd3b0ae127963ec831f4c618cab2989726130fd5a50d3928e1e66111d000f14b8fd3882aca1b0725ec6025359b30017cbc5380afa

C:\Windows\SysWOW64\directx\websetup\Mar2008_xaudio_x86.cab

MD5 dc71ac34a07bad6d68fc0520a5b0fb2d
SHA1 fc74844b5bc6c504568fff83ff629e802b859f39
SHA256 bce9c695d24972eacef357da0f83ab9d9cce2ee9a46176ffffad3a0abd64f48f
SHA512 15b9e540e0b194e2b6a66a41a143184c4ec26c8124b6d7827cea43d7bd1f0bceb33c5617522fa5787ad28423a48f4e735c4e782b12abad53defd1f9ef0ef9c11

C:\Windows\SysWOW64\directx\websetup\Mar2008_xaudio_x64.cab

MD5 3b2c203ed13d8901ab7c27616da80b6e
SHA1 f4c659eccd07abd1429ccb0a403c6fa80e821631
SHA256 e9a2e00f9c96bd5c91c4ae069c1c2ef6451e0207e8c18074f14d0d0ac08301fa
SHA512 967125b6ee2e3c4ca7c80037ca0a9d4d766ebb333ed68832ba1c7e321cb6ccdaa6ccc6242b01f61c779515e34185c63d71e99a7a2cd267f289967413c3606aad

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x64.cab

MD5 93e07225a9cdcd077af0d83b232da2a3
SHA1 8ebc7e6376203c68a2e3cc82dda75b2e7b285aa9
SHA256 f33a6b6ef55bd4e75a2e67d269b917fa6113f2b1c9b745b19d3ce6a6365d1cfc
SHA512 6cc39c9eaee38a9ae8755ebe6091bd60ce780332a8cf70934f8b08bc920a148fe8ba78967f2290609f07ab992880ffd64c55b6243fe3b0d46dac56a12aff5367

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x64.cab

MD5 ae0baabeaa94d668f9f1948442fe9b79
SHA1 34dd1c1ef542cceaf8202f41761c0c76cd9611f0
SHA256 a75a8109e3b4ce2a805555577d45853bc2e67451ba287b45aa3ce4ca14ce87b7
SHA512 da4fbcad45a08d8c691324aed44c227e6b6a22b2578804806f492bb7c1644a8f9a8aa7540d6f35c0fbd243448a79e56bec2e7e2b26bda40f637242f1207c789f

C:\Windows\SysWOW64\directx\websetup\Jun2008_x3daudio_x86.cab

MD5 dbc81af3e6112058cb652136fc9e99b4
SHA1 ccdf0a69cbf4ceb933dbbbc15fd96df52931f4f6
SHA256 75f048bc8261c1877126a82d3e7983f22f830596eefeaffb799947d9a13afd51
SHA512 879f04a0c66b76aceece022397f87e52f15be73bbe479fe03f01163746e21f6b5178091f30a5118b32f116a4ed27a99c1baee5ea5da9d2e277b6f534daa4b841

C:\Windows\SysWOW64\directx\websetup\Jun2008_x3daudio_x64.cab

MD5 8f47579336d3e8bdffa6ec7efe59ba29
SHA1 4379c4f9c5425668abbbdc965f8bd9df0b7b0855
SHA256 7363590b33717a0c2e07f3b2dceb3689a526b255f29c84092022a37bf6e9b9c1
SHA512 257e5b70b727b44bacc49fe30d73d4cfe0637bde62ebae58218bcd24f4d97a3f9d30a938b9a8a6e0479b3f6b0410bf8093e7d74752bb1df73c1906dac809ccce

C:\Windows\SysWOW64\directx\websetup\Jun2008_xact_x86.cab

MD5 54640e3a5216776937ee5f026ebd22f4
SHA1 bcf0ea32672f6ddc01bc4e4e23fc67301769f42a
SHA256 fa86c9d133cc5ca499b1f57d52a6024cae3f5605ff0e5bc466f07e3f7bac121c
SHA512 6b4fb153aec1f860fa57462a70937de3a94d61164c263850ef883e72569871913df5390bbd92a6b2574ffed5e8f39e434e435f16a0ef232121eeff3e71db0049

C:\Windows\SysWOW64\directx\websetup\Jun2008_xact_x64.cab

MD5 a3ecdff8018bd0ad0d1a34860e4cda6e
SHA1 36db6dd7d33e4ead7fb2629205b8c6717a62dbce
SHA256 09e15921b2a8204235c7128b804f26e72599f05f55005bd29fdb05da8c812460
SHA512 01da2b3ee535dfb0648fe340f3fb34fe98dfa7d5e0b87d5041ee8032581bf5bc0cb03678dd19b9faed3e0b9dacc36819cedc705fa5f093f8244e422ebf30d9c4

C:\Windows\SysWOW64\directx\websetup\Jun2008_xaudio_x86.cab

MD5 50de676bbab28205c1d045c35eadc944
SHA1 ff963262b0d5d73e27a827116eed38ee1e182258
SHA256 6d128830655e6cc400c1677ad91341e7b69f3d3f5acf32bc44ed2a32b5e776eb
SHA512 5f544aa2c671a5ce3b6431059ba042b00e973920b1e77a57b42b387db493d03e2a8ef1bde824d7752646eda20e7ac3e17b5729e391a2e3e20ef953c65b7542e5

C:\Windows\SysWOW64\directx\websetup\Jun2008_xaudio_x64.cab

MD5 be0eeff1ac4f42be998940f6564e89b5
SHA1 62f054a4ecd6aa187c3d1704378c458786de5337
SHA256 7679e7b1e03399a5d0d7b802308ee1503a9c5c59935d16c330db760876bfb37c
SHA512 c3ff516aa3730e908ca626349f037311f5521849ad970c64dd44e63344b29dec6a40454cdf436732302514b976ad7d8913d7416468241ebe4d2f043056510192

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x64.cab

MD5 85ffa26e1821c06035bbb25ca9241c34
SHA1 272016aa12473f9c3ab33be1ae1ca11a2df3eeff
SHA256 03f30dd485a82b6505a881f525e432bb84447e108bf086ef341a39951a1863ed
SHA512 537e708761fdc3b5f1a3908f565e0d2c09a5a7cc4566fc65176e81cffde8702b918377d9aa701032708ef253b91f2a7153995e39fe4ac2cd311d51e791bf1473

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x64.cab

MD5 dda02cd5814439f8368259285e408845
SHA1 6c9de1bcabcdd5333c24f253f38ddd256e6c6787
SHA256 c6602fb00efe93ea7875e29974c073b4f83991bfc064470de94a95dbacd51712
SHA512 8809577e13859067d9af53c4d6d6da047e9c88d264e7facf102ff34101c530e2691f1b6442ac2694ad3342f83b1f5ed3333d6f12d2523cc1a6af1a29b0aa6c24

C:\Windows\SysWOW64\directx\websetup\Aug2008_xact_x86.cab

MD5 5e96c7336834510b8af861083d87e8d1
SHA1 1c4065905496690b59b0c7ed25399ce6593a4a29
SHA256 736b3c20aa536c1569465badec5bffda858978b2d9ec1e48ad639ccde301d6f6
SHA512 683cc10a5fb529055bec363dba6b26dfab6f764fbc256ac9c224d70fe7422d4df6e1303cfb707450d1150d79bf8239bb55653e2f0af87c4dc28969ac0db17306

C:\Windows\SysWOW64\directx\websetup\Aug2008_xact_x64.cab

MD5 1284916b97980a2dd714ee7d9f3bef97
SHA1 80216e9bee9ab8a7a94c11039126533308411034
SHA256 1b640b0022c876f74a41db17672bb0685b74d3759a7818f84c8ffc51a9aa0d51
SHA512 aa367c5eeaa123eb983a188bdf9558deea1052ef0332ae144ffe2681039c374fa80adc0daabe12e91c9505107c2bdbcd4780b58e58738183ea8ca927d14a0bae

C:\Windows\SysWOW64\directx\websetup\Aug2008_xaudio_x86.cab

MD5 60aa66cca3684683e233daac694bdf09
SHA1 a14140e7eed90414b10ba0c248ad0cba888c1516
SHA256 a1550abc06e39ca576d24efd2801d139c64c7dce643246a7ddf2de2d03a7ba23
SHA512 ca846a0e0ad82b4c96ba1ef01e6bb0b98852676598c4e3e80877018f6d4ab25a2f4eaa8f80115cc3304aa75169a584560de65f2a63bfb43f26b2e1a2f7edb5d1

C:\Windows\SysWOW64\directx\websetup\Aug2008_xaudio_x64.cab

MD5 154c82143b1b0730e7df3459cad48253
SHA1 bad95ba1b8294f8574aa93c6aa3dabc1e2ae95a4
SHA256 42807ba4736a40b7bb9b4b558c0daffd2ca75987dafe47a6571f3c45f178d29e
SHA512 db6d734003542c8891ab86d3cd2fbc96a020da852bc4098c9451035ec40f33ec0de44f770973df932abdd3c1ac35109a12c542278d0c898e54e6f8bd49c20c97

C:\Windows\SysWOW64\directx\websetup\Nov2008_x3daudio_x86.cab

MD5 7b59a5d0824ab10eb4dcf0295d2c0a09
SHA1 0c084c3e1a3da5aff22aa924a5209c57d44435d8
SHA256 8fbe56582e93b3277caf8660f689cc9e9fa6a33056d40a88d48f669a005430cb
SHA512 db4a91267afd98205e98716e0080f18d8efac9b2043962e8b909910619d04ad3f99692b1a9b0b612c8a5fa32b31150805e375b67ac6b897dc1c70bffc9f24f81

C:\Windows\SysWOW64\directx\websetup\Nov2008_x3daudio_x64.cab

MD5 c931e5b595c62925df29ee9040a0bc12
SHA1 2a06d78f47160cadcd0f9ec634818c9b79b7f61a
SHA256 4da03f7a174d276dbbbe469c12670fa85fe247428fd5033e93ccc3ae4d5f84da
SHA512 5d9ec84116df04b955e026860ff7b2750cb87261d2a91088936e7b5ee500548686f4a7a4884b1c54081701f3982c8991613c0c77c93fa32df70084e63717112b

C:\Windows\SysWOW64\directx\websetup\Nov2008_xact_x86.cab

MD5 6323491029405204cfb35e995062b79d
SHA1 b281a0781b01d2d5f55723f5674df508873e35bb
SHA256 3e804174d83cf4908cce7aac97756541a58c16372368904a253d10d64fb4d2a2
SHA512 c0b39e2c1912d04d39ee46f8e30e554fbfcb8d011c05a133774ef78ec761abb7d619aacd68a8dca48b6515ad003006a500386bcaecb9356c0cbb41684bf797f1

C:\Windows\SysWOW64\directx\websetup\Nov2008_xact_x64.cab

MD5 45eb89f9552c6536092dbb848dfca448
SHA1 40c7f5144e80614870bfe1ff1d0eb400deb8fdb6
SHA256 636f4829ebbf2e9a1ebe572a0f0b7f8289089339cc38c7075f48fe4930134cc2
SHA512 e4e771a0b6b93db895620c23a32ae4bf3a455a687480c7c1363e53e9b8d9206cad53989bf27b326e1583c4a993c59d68ce6d3f054698c405c8cf62e3cb256e6d

C:\Windows\SysWOW64\directx\websetup\Nov2008_xaudio_x86.cab

MD5 350f4eecb4407263a2417a284d355186
SHA1 ec76503b1f170010d778eefb6c3ff1d4aabd309b
SHA256 cad128dc2e64a47f65bb44f43a5a0650b045a5dae34ce13f34817642c56e4721
SHA512 c6a1c97bd08a02135062b5294e895e60e6c4361626bc15c0693b2a3aecf610b5e9604c1d71aafb1a62a9154cb2fd8067d77894698585286fe2900683982c1c29

C:\Windows\SysWOW64\directx\websetup\Nov2008_xaudio_x64.cab

MD5 97ab92ee81ab716560b9c51ba6e644a3
SHA1 681cedd9212cab09139585a69bb55898fe7c4a40
SHA256 63229aa8bd8e675b292c263fcad6b7868394ad29987d3f4db55f618359cb0681
SHA512 ca783306876f76b59e5c0ce4f6a49461bf5fa4c2206f289fc40c0f0f050687fcd798dd1b07e2229aeb0a0b736dc5123d4acffc0e737fa70f51ea7abb6d410372

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x64.cab

MD5 2d7ffccf9db1906fa49be695354e5290
SHA1 8d0a8a4b7241e31bf931cc3cbc2dd50cb48896e5
SHA256 9499871ec59f7f115f51399f21730734fa1037eb0c1ef9f1bd12c0479b216a6c
SHA512 5df399c1b62652a91fd3250fe696aaf283f028910f0e25762576bc7c74588822dfb4010ea33c05d222bc60fbfd6d3fcd757bacf4773d7d2fff734eeea078beb8

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x64.cab

MD5 9bdcd6514ca65c183866b1988ca23d43
SHA1 6678a610be410bca5fafa0761afc10eefcf1bd7b
SHA256 86f96aed9c4e381623a6476bdeb375c3f49eb0f252301ad4db2f7974362790b1
SHA512 e4a9d9087633d7e6302ed58de60ae7d35bbc1257d209b082cc67f36bf85572912a703f990254e15abd8e3d0e5510f4f9db8e2efd1d567f647a2da2608e49bd7c

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x64.cab

MD5 212bb7229cd29cacf1a5ec4e1c6e52e5
SHA1 c79ff23f737b991e8a7f38b9e674677482405f20
SHA256 53da650f9aad168fe8034da45abbabc950729780ecc4f645f1470e851fd67ac3
SHA512 6e1396e665f7b7d6cfda0591ec4c4082f8e3cf0eb2e64b7eb771cbb16f73af2a1c35ed2499062cd51d2c7c438425e235fa21bc48cda6ac3fc60d6518bf609fdb

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x64.cab

MD5 70456abbb34272f7a6c2a48223c08f23
SHA1 3d4ae2460131b32293a2f0b0c3c3b4f8b4dc484f
SHA256 25ef5135a88061ede0c4fde037be62e3a11701748ff83eda1aa9cc496687265d
SHA512 e660fa94c8d579aac1a6c8f8bbe55e2488b744a8acb59631eb82231a5c3363b3b923d43e6fa044afa5190060c8da67c0800c0255d8ee666d44f45e177a8241bf

C:\Windows\SysWOW64\directx\websetup\Mar2009_x3daudio_x86.cab

MD5 fa5256647c0eccc35c2b1c581a846f91
SHA1 0d5a854808650098afb36c25cea9f67d2c9ca7a3
SHA256 2984d216a782ca017243f4685ba592801b1ac3ccac2bf20a8a134fecaff03510
SHA512 0ee38e439e202e4a06a1e9965112a663dfd4f7bfa5a6f34694f8429786ab0eda3a6ab13469d0e750d9efc8834cb482fb8894e76673aeaaddd9fb814bd6b13204

C:\Windows\SysWOW64\directx\websetup\Mar2009_x3daudio_x64.cab

MD5 e28e921c4c92007597e71d499edc77bd
SHA1 d8c0e4ad125b21a32f14d967b7f1f9dcace4a86e
SHA256 53a41f2989a2f68e4e927c89b2e38bbfcee7a2182ec588db233f26292f9d7911
SHA512 da023cdf89845bc7c7d2541348455c17730d4890df5b8be00e807d7c453d8d1da1cf12600a600f22580f9805233f96dd3394ef95c511e267f33746701b6f1d64

C:\Windows\SysWOW64\directx\websetup\Mar2009_xact_x86.cab

MD5 c1ff75f8ceaca8bb6194efc53563a3f3
SHA1 789890284ad15df5acaa580dc47ddcae1f0d0c41
SHA256 250c430741fc09d74ef6f43559a365ee908f52d96cfdacc7b6d8bf5e1bd3e5e1
SHA512 5e51ec6d2a6c71ccc070a48539170dc9738c7b500d6bb3bdf9fa15a85e435b4418399524d278babf0b79ca91880206d7c57a7a27104093dceb1ee1f9aecba1f2

C:\Windows\SysWOW64\directx\websetup\Mar2009_xact_x64.cab

MD5 a9d30e5a134b5d7c5381e4dd018ab673
SHA1 2fa0a0050281d98c2b00e1a0ae0b99d0b6a594a2
SHA256 19890202eaec445617d364ffbde498e8eff48ebe5112a42fb4b99b4258aa0757
SHA512 5257241c6d2638439e6274c084a096fa753536c0d5f7ffb1f4242676a9a27ed4691cac7ca614df039278b87ab628a8e75fdc6e223413abd82b26b970869abe1e

C:\Windows\SysWOW64\directx\websetup\Mar2009_xaudio_x86.cab

MD5 528d1c8ba95c79a237ee6f83403b919a
SHA1 cf2270f9d664e90e6481ee37c319ebc0dba1efb6
SHA256 e7aacd3af1c4e2031e4e4365d47e8af1023272c795f823b41f1728d48d127b67
SHA512 f7fb7c5cdea9dd4a58c597019cf50c50a568bedbce2fe86c9c9aa459f16c66a23ddb89e45970de251de49d0b2f92c250a836ee1f727c43bd3b062ab716aa6bb8

C:\Windows\SysWOW64\directx\websetup\Mar2009_xaudio_x64.cab

MD5 04850620fc179a2812ca31b9ed375ffc
SHA1 cc04b25b10b16166e36499256a4693297a7023f1
SHA256 2c1610997f383e55d5e264b3cc52d9bc5262ea72bad6116a0d84e623f61b0361
SHA512 d27ae04e183771bee6ce15f611f563657c0fc4914d5857b018e7fe374122ec9ce56ebb2c5f990f46689255a84ab3d3e8d9746b41b0559b506df55aa7cd7b0d03

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x64.cab

MD5 e3a8689d2876c6d3baac0b36b5c4bf1e
SHA1 22746af0bc59f5ba90a1f48a9cebdb87f40e56c9
SHA256 54a61b655ca36f76a489b46c6174dd601a831210f16ecb9d839cdb7e19d47904
SHA512 76fdb7b7cf64751e1d59e70968a14547e889d2645468e5125c280d8d585a3dcecfbd83cc1a08d552db7ee91be78d769372dfd9e4c0e86a5b80ea32ec7a78073b

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x64.cab

MD5 55fd3e53e8b2bfb1de4143b5f2b7c829
SHA1 c3711ebcfddb1d52e9417bd02509b768e683fc40
SHA256 98ca8f4d1c6cd13fa721a35a23992d9edd14cc7465d3752e5978d89c9bc91960
SHA512 eda2cf25132359899806296aefd0af98ab406ede587a582d701a5f8584e0e0dbddd60ef0225a59b0669965afec97709c38e20e8a3470c26b4dee35205c1eb01e

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x64.cab

MD5 4196833920bc3bf77ffb56e3693e4160
SHA1 fcfa14f51cd79582c64f7956a5781622b682b1b7
SHA256 f2f4753e201d6e7f40f4011cc4b4fa95f4519da0481d98cb24dbb6679518ca93
SHA512 242b19b6f8132577e9a7c7247dc714a95c7a4b81416b79dbcaabcfe14c03405b965d0ac751193947af64356f34bbbb25acc021b0bc7e452e35340058f169989d

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dcsx_42_x64.cab

MD5 8182931eb4eae0ed69b183c49f7fbbbc
SHA1 91630f1e8e48883c4398b85451f1b0e6a8445d6e
SHA256 23d902f8b95dbd5ac925e7d1bd4952eeac762e11e209be973fd438396a1e6e50
SHA512 1bbd9da1aa2e3d956a79cff74ed8b6ce958b1f40103824328157ba87ff6c7c375c4d1c790c8c079658fb67ab01e1349ae29395480ea8e6308cfe714a742b56c6

C:\Windows\SysWOW64\directx\websetup\Aug2009_D3DCompiler_42_x64.cab

MD5 2e09221105524389268d24f0b1fd4861
SHA1 6efcdf3e9a018a3af6b1ebeeb3030552905cf44b
SHA256 ac103963d4ab1846c4a6d5bc042ed2fa543f88424e37e05af5165ee62989b503
SHA512 9b4d319c9c575b59c4000adda1d6075efe197179ea0d4442cb06b42569a4e5e3d437dda73cde7b5991ac7b76ad02fcd00dd7d048fef6eb51e93f5012dc67f21a

C:\Windows\msdownld.tmp\AS6465E5.tmp\Aug2009_xact_x86.cab

MD5 234963b689c5fd79cf71a3f555b2b418
SHA1 e9a4a8118da844571beee04a8e79675729396c15
SHA256 1520e988f112dde8ea11794e4b6dc9bc6ccb2ae7e0be7342d4696b719e5a86d0
SHA512 dd00fb9da7f14daaf3ff535e4ef31c1eb35757836242b8b1f491e4061128781b59c117aee0ad7789d90852babc459ea5614ed5fe4263a8d7219e045b0a5a80bb

C:\Windows\SysWOW64\directx\websetup\Aug2009_xact_x64.cab

MD5 503d5dcdc151739cce29b6bc144413bc
SHA1 2fe0261a0e81da501448861d710bae9627ff658d
SHA256 34d922a89d6b354572c17b890b0efc21bea237b94859010278fc1a4435ae7724
SHA512 fc7d8896ce2710a6189a812bb57b80b74489a9311610eece7db32ec0f830525e9c73e10755031ac3bbe8649344f02c44df2450e5b6e98b17c706e4755fbce0ff

C:\Windows\SysWOW64\directx\websetup\Aug2009_xaudio_x86.cab

MD5 2136cdc81fb2badbabb1ca9da463034a
SHA1 7a2d39f51d390fa28d627ab349523eda6bb9304d
SHA256 68785e0781b43c34cb184ae167363c23d5b9d18ddaf8474a5f1d6b90a939e8b7
SHA512 82a600478e77ee623552ec7be8cd63f85a0028d552cb3764b0e36400020746e2503c505aa31f9b3569c65ca56e34a900913f712a4a9f60471ca4126e3e582de6

C:\Windows\msdownld.tmp\AS646D67.tmp\Aug2009_xaudio_x64.cab

MD5 3f50dca229c21b19c6ff1da50f9b7022
SHA1 c9db30c33c27923da5303cfb6fdffc0642af7315
SHA256 348bcd596d4b3f1e10059a0ce3c4383d383c4964c00a77ae7281e3472f6b8b25
SHA512 c7d322d0f8d14a3fb65578dcf84c31f6f57d674e315d0f5bd9c4c2b9f05c006febca671d486cc6da5ffee5af46a45ca967446820860609d62ac9414f633e36b3

C:\Windows\msdownld.tmp\AS647064.tmp\Feb2010_x3daudio_x86.cab

MD5 c0f5452d6ca76e8cc63ed7e6b6fe75fb
SHA1 05a175375eae4953bc2aa5b6777fbad268d7b7fe
SHA256 3cdd51afca42c61a7fcf0e7348ee4f2095d1bb9deba31f7c09f5694a028b0d35
SHA512 bf75bd537f253c2a989416bbb0cf68e530c8e9acee0de0cabb245a4ba06d827b7eb35e940472a6c9096112be58fd96c50ad398ea14acad0739c154cfbe405aca

C:\Windows\SysWOW64\directx\websetup\Feb2010_x3daudio_x64.cab

MD5 f0ed6ef41acf1e74ff9bdfc16aa8cd02
SHA1 8f888a9ef499ef705a512352ea976eb7168d6860
SHA256 a46a4b55659921966428301c02409c32a642ff7699419f71ce8775944117ec41
SHA512 577373645ac7c617d6cd98e92fa52379d1b098232c0d563d31bb0171379d04d5f43aa8142a95943c8ae702b82e94a1f46f8516f1cddf53d8d63a2474f8643421

C:\Windows\SysWOW64\directx\websetup\Feb2010_xact_x86.cab

MD5 022f58555cb11343e2bf69562eeaaac1
SHA1 1cef7f8e152b72c3d8892702e9c6cdef6bf7d8ad
SHA256 d5a7cb9a858e3dc2fa875c8aa915b6999137b616327aa79d382379a1ce3974b5
SHA512 7308bb60c33bf063ca1e13fdae7aee032d4725e967149ad8db8bf3935b1c5cee8937dd8772702413e0d4b440110ea2af4bf58ff0bae89b9b6eecbba9702665b7

C:\Windows\SysWOW64\directx\websetup\Feb2010_xact_x64.cab

MD5 16384557c085f2268ee68a6f200060a0
SHA1 68493582ea6e17342227f326a2aebe3830b7d0db
SHA256 dc678bde00cc64b91d29c5d98be82b19de00518d1706643e8eb8ddd4ec577327
SHA512 d0ee2f2836fa5804f8c5d817f2c51dfb2b63d1f2c14516f467b757445e08f346596a9861e86873fb9c78556390a3c60862dc8bffeca0b1cba92a8df061f206a1

C:\Windows\SysWOW64\directx\websetup\Feb2010_xaudio_x86.cab

MD5 1a65ed07a006532b97beca96bfaeda85
SHA1 66bafce1212a29513f26d7bf8d1b80c96238facd
SHA256 738f0ca04f3f568eb5c1a4d8f1af30e4930e4f7950e96776a5b8adea16efc8f1
SHA512 a8082022c5a7b2cc0a3f8bacd3bc85d1788ddd3f4abdafe2b83497d4e1fcc9bf574ad86592d850ffdae85f45d445d0f11e89c219107ac7ec6e7ecfdfb69ed9c7

C:\Windows\SysWOW64\directx\websetup\Feb2010_xaudio_x64.cab

MD5 c501686b2ae5f884c3cfcf67c300fdac
SHA1 1817a5dde8fda83dcc6075836146eb17621e229b
SHA256 b99380971dccf9500604a39bcdf5db6f5d96b14519ec0bd575587638a0238099
SHA512 e41b18c0c1b69d89d5f64e1cc4dc815faa7234e13fc63f46ee0913e1eb99fa0ce585cfe94d5bf124246692e04c580716f334700f4aec3eee7aef77d8c2b53cce

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx9_43_x64.cab

MD5 4ebfa56903a486e4ff5c0ed4c57ff8bb
SHA1 ea0edf56084d4a7011953fc34ef4ae5e0004f753
SHA256 810a07865b7fcaf0d7abebc86682479a05bccba71c69aa2d4ecbec3c88c8270e
SHA512 be06091faff54db09aff6c034addbb1a143de17d05f4ee9239509a108dce5f479cec2789fd27c2ea3fb66ae47de12631dd4f4599cce80368020e620c1a6a0a35

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx10_43_x64.cab

MD5 15e92aada1119117964d28291f8adba9
SHA1 a4bcfd73e2d1adeacda9046cbf44c9fd21b3e075
SHA256 c689eea749f1ad76a162d1c6dff31dd92d0ebf85f5b539c4c953d55bbb921b57
SHA512 d0653f6aa90f9389a3ffec1bfca92b3ef22e0a2c7892dec2d156da3e2d757a26cd39a00ca47e3a4e153460599e48657f5dc96c8aa9f7c2509db0ba1ab0ae5ec5

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx11_43_x64.cab

MD5 1c119486920ae4e41cd2c328777509e3
SHA1 a89e8cb197576d78c6d1d2e45d671d7e187efc74
SHA256 37ae82574cbbfe2cae6019a168a6d1bde38f88f8e51f13335001943980a665e1
SHA512 d81c623005db87ed057aba3fa807ef3b4534ecb8473e9a3283457543590d6d73b9a9deca333e312a2616f74f1bd407de9ada7bd1c52126e04c56fdea78119bec

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dcsx_43_x64.cab

MD5 89111c646b93b8ebcb306f0f743b2d7e
SHA1 f9e83beac4d9665eaf54c6578147a6ad539d463f
SHA256 ca1b0022af12f048586761439e152d1157eddb7153c031e075ab8d946173d31e
SHA512 3e79235d4c73d26506c3d537491987c06c184f0bb2eb7f40babdc70682215393f6e9ef49deb57c83d7d29ff15740b472a59a7320b5d006a0f094614396b06be0

C:\Windows\SysWOW64\directx\websetup\Jun2010_D3DCompiler_43_x64.cab

MD5 b6c9433b3ae42a99b0ca86700b265d9d
SHA1 595ef071c6798b31be6db2c721ca8a1fc51c8210
SHA256 9b56aba20f49739cde64f07ec317b6e20b0713fb9ae697318d811a0f103a6dbb
SHA512 04dbf5a877ae71f0b96680b34946f64a5477d1a23669eb89f4b2746084784efc0bd78db548671cb2eb8d3701570478a07485874b2d293351ae2bc1c6c2845630

C:\Windows\SysWOW64\directx\websetup\Jun2010_xact_x86.cab

MD5 3188814f4f1b69543688a55af1ffe23b
SHA1 57108fe718c3fbc3ab17b849d72dcb03315a1068
SHA256 fb320286968952ae93c7cdb4078bd99e689a0946157574760b844f7bf39c7ea0
SHA512 dcad3777a739bfeddef3bf7c87db289c88b9a5dc0d9e196acd2ab0d3c685cf14d361cd539ff07b0f23ad36b2bd4163c9c8475e014e22da272de78bcba8ca7793

C:\Windows\SysWOW64\directx\websetup\Jun2010_xact_x64.cab

MD5 79ed229e336b3c13524d5769e95fa97d
SHA1 1407132b85923d199509c700806c705af3a67727
SHA256 3e8fcc374e84e1170067a057acfa3b5464220d6bf5324566a05242e8208799b2
SHA512 676472162b9d54e9cbf23c853236f10009e5646be45f97be5d08dae7e5f87a947dbcc9d63cfff5b7d739ab9131ea6e3b9a499cfd813c678c9a4c5dd6eb338907

C:\Windows\SysWOW64\directx\websetup\Jun2010_xaudio_x86.cab

MD5 11e2b64c1e1c07f5843adde7e247c8ed
SHA1 ead54df66fbf52fc503b2d364da64a7de4f19fc7
SHA256 c364833271396d78811a9a3388341cb9e1cf5e6e0fe2d7986cb4dd2f931a0dae
SHA512 e3a988dd221599678a7b691f2b0b5eae5e8fdcb5352c7e9c38868c2cfc0fe9417a5954d3e8240157c5d9753d55f540c25ee1944c9ff3f2ff14df5d7051a79991

C:\Windows\SysWOW64\directx\websetup\Jun2010_xaudio_x64.cab

MD5 461c07c13afd70954f34d55986a0515d
SHA1 d74a8f99e72d182c21a30e4cdcf9f7ca39dcea54
SHA256 7cce405577fae04e58fe31a099febba96d3ea7cb94ed2184b6bfba32d9f20acc
SHA512 aef4b8bdd17af066f5680485cc45266859f802f2a79178472f5c00b9146ab52f8e04d36a973ef8ff45eee29940fe072180d4e7e0e89366fa2e8aba8bcdb890f6

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2902.0_x86.cab

MD5 74a550d8ca43f210e526bb000af42303
SHA1 ca3dc6136846ad196939cf71ccc04be6b108bff7
SHA256 afa44ed18e3217892499062db4337b94025726df991a0bd4dcc3a9f8c27c41b9
SHA512 58757d831931daba43ceffd512d47e29bdb91cb7b1505d69079a14f911e149d718e1566323b9bb1d0292333c76603e7634da5798307b6dd6c97f885ce25c87fa

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2903.0_x86.cab

MD5 6df41acd290de624df34e57569225f7b
SHA1 b33a256ceec451e467dc2aa2339a3736915ade25
SHA256 84e240f8813bacb2fe0f20081ca20cd0fed4b9e10c96aded8516b25375c407aa
SHA512 0b2647e0f6ddd936023d70f4a6c3f69275ef65433dd45cb47293a933f2d7b2d0d0385f80c8cb8be8538c4d4420d2da17484dfa056fc7dfddf1ca974b4698954e

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2904.0_x86.cab

MD5 0ee4994d37940795f01cd2be93b7d847
SHA1 082f6aa6d9d92cc23ac1ca858244a101dd8f5dbe
SHA256 cadffad57691af14fdc0f41250e644257a3068da134a5922f343f2e69b1b5441
SHA512 ee23312d54c0d0140f80317fd0cea299a362d8cd1463cfd79a9062eff2305ea188cae4f83f3cf2c301e6d82d29820fec726844971e286ddf729df9a17afaa167

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2905.0_x86.cab

MD5 70a647ca8587b3be1d2209c998b86b50
SHA1 5850552af0aad715c2406a3f50d7c6af1595444b
SHA256 f10aee00b78b734acb3bfdd81ce0ac22648376486d0c308f9975b05181ecbe13
SHA512 470c027ed3113af38c5f3c4fd3348d3cc8affac081dfe3b7fdbd1787da3bf78489e5379d8f306d917586ef8810b31a7f303125c94739f6dba15e3ac4745d996d

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2906.0_x86.cab

MD5 d7bf6789f6c6dce7ec335f842e91c9c8
SHA1 c0297ea86238a166da27b9428dc891256b52b364
SHA256 bcfd420ecb20116a78b54678cbb04204e76368809aee1e1bb36810a4d433de2f
SHA512 b07bf7444afebd52a11f64c57d76cab8976a222d8f9fa0e78e1dcd7bd2c126dc28d7df7b778f10bb8f69dd7b7163c76e5f7edb260e31ef66c458f4fd72899b36

C:\Windows\msdownld.tmp\AS64A540.tmp\MDX_1.0.2907.0_x86.cab

MD5 d82fa9747fd442d8cca1cc35b97440b2
SHA1 a3e2ab8588a1bdf435e786c000c38144adbca457
SHA256 b185fce1d25a4411c1a2f53ec1e4232de9a3078d7db7aa469d53c5fb041f792e
SHA512 234e7a4dad6e9f83ffec2c769e775b18783b6a03e50d7e8186fb7fe01747fbb5ac46cff6f8437ca932f037da6c565f4faca694da4580f2876e31c252fafb55f7

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2908.0_x86.cab

MD5 3bb868c2953151575cb8833fcda21fc3
SHA1 403c8a2123f59d2a3abeef22630cd6f62cfc1d92
SHA256 fd1c15037800a0a689126b09f29a6329452cbaf42508242d9cc185f557f04954
SHA512 33021b90441bea79525dcbad841164d1b8568907edc5c27c0374c7cbe93bc381d93081f8f7b20f14aefec3b59153dcc9b2fa44c80b1ef7fcda0f8a6038ac24cc

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2909.0_x86.cab

MD5 3f8bf012bf573f071e98df62843ece92
SHA1 b6004908bb160643899b04b6edac9fdc7e3d86fa
SHA256 1e9c063428322da24df17c5d49c63a53e0f0751d26f741d90216b9c4ff1a9136
SHA512 dcea9b2fd7379f8a0d7eafeea4340f3ab7d71069ff843550e2c7a2ea21e1fba7a779a5352bd5758bc88eb8dbde0ec1d1f3e8164b1766e1a47f676a44c36c30ce

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2910.0_x86.cab

MD5 4ef2b868739e09e4020f2f0b0ded4a46
SHA1 39d201d0666cabadc0dbb81ee2bc691b9be10191
SHA256 1829a24a8ed3a2496ce92aa0c5142d8f512b11cdf23eda5e579edb5b11e2b589
SHA512 3a2f894854f9932840c7c7341f2e1882102e4f12dfd45f36deecff520da6d3237d9ea3867041f53037c808789e6bc57e7ba067d9c8f621350396126032c5223e

C:\Windows\SysWOW64\directx\websetup\Apr2006_MDX1_x86.cab

MD5 c0fb3fbba00268b9992fd0bf2e2d2efd
SHA1 fa6ba1c5e193353f01b816fe782ed296ae7814dc
SHA256 90e08fc3b98267756c6017f4d37b157eba3586c262474d1556b21d9c35d84da2
SHA512 00d23eb3c3312170e4a6a2992721255e307085f6f128cd3203d6e9b16eec7f0ec54b8a3fc09a5be51da2225b55fd89b13c278e25853771e414d0a5a93e3a3b0f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dxupdate.inf

MD5 e6a74342f328afa559d5b0544e113571
SHA1 a08b053dfd061391942d359c70f9dd406a968b7d
SHA256 93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca
SHA512 1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\mdx_1.0.2902.0_x86.inf

MD5 81700fd8d24ccd5ed83ce202dadcc625
SHA1 380473dc3560cc64fd0beca96674554d87085c28
SHA256 3bd14cf2a96544ece692e1911500f7196370a111017fb6b0e23db0f0d0f40dfa
SHA512 8ee1bd03fcd6125d22d1d35437537f594a84e67573ac72d440d45d419b88f5d3d1f5fcd8804e1a0b873714c1a71c63a488b8068f0c465e94940ea6e2db1c7860

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2005_d3dx9_25_x86.inf

MD5 bae5034d79a545ce120f2c336de0f68a
SHA1 7276af2015696d5041214fa92eff4375b3d8b183
SHA256 f484ef48e0c6e2be8207d8c8c7308dd966d52bea1fde221b927d3e49f1cab0b7
SHA512 be58875949d23732ff63a6f505b242a44811cb9603a9863d6a78a4c9193b6336b89ec9a82666865888590a7b81ad99d466a3847e7c22d0de399d476364280a22

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2005_d3dx9_26_x86.inf

MD5 62f8ec9c0d3bd54ace90cb15f5caa208
SHA1 e84f4a60c79f862aca0f917d1d30898af4036fad
SHA256 262ed4a65dd45e19f196cb2d9946326693ee31a86b51bf77116dec2727971cb6
SHA512 3de4ad76b207c2a0ecc10835cb787d61faa02e3531f6242a606ac0686cbfa156f59c30695effe5560d9a8481800b356873b7590beb8a739b33c0b1fcccea3fab

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2005_d3dx9_25_x64.inf

MD5 f052926f0715b88b23ad52855b34df46
SHA1 c411b1ddee73a4b317d652bc3ec159ed58efffa8
SHA256 3d97810d00ceb3e7674a2ef81427d4180f77f93f9454837c5933fbc6a1ad5c1d
SHA512 8fad81eeb503d81b96c098190b5c4155f4bfe1cf2f36fdb5834a176c7c78d11b52efb6b3ba6f3168d7a21a1fc5e53fec770d125feaecd7d1cfad9cb1106d0b94

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2005_d3dx9_26_x64.inf

MD5 134624a22aefee1fad4eb11445b8d342
SHA1 3f0f65ab8be678250660ba47f33f229643c118b1
SHA256 addafcf0cfd36587c12eb2692922f0fb134874d11005a0544cc054546a493933
SHA512 24bfc2d96b3078f82ba031045271460295f3a1e6dd3c8c30d8d50c98daa9051aeca93ed8ecae8722b70083d3b0ba41735f81068e7514e81767e1e119e45ad6f3

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2005_d3dx9_27_x86.inf

MD5 e45a175750a672cbb2553087a8c5cf8a
SHA1 70d487f99e101bf39650594c27674313181a8ff6
SHA256 d02232a6587c460c026601517178318bab2ac29c59d269c6e3d1a3a993a9a1c4
SHA512 199882ada178e41be14af82001829d009379445028d3803d2a86eef899c01600cf2aa86123311b728e888498674379a35d40ed0964c2f88da24758fe3c7093d2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2005_d3dx9_28_x86.inf

MD5 e0b6120a048295ebbc629a9f8fbe53ad
SHA1 3d9cbcbdafc1f9058af74896a5859591e164555c
SHA256 d4d03c4ab3c8486d6331548e967ee17e011fdac90f63c0a9a44a744815a7da7a
SHA512 66c0b9501bb08d41bb708d0a724fe6ac27abaf735ca224074e594cde932ad1f9eb9db5defba8a8a71a0a12904f20324ee4d129a1ac9fcf816fe74d648379908c

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2005_d3dx9_27_x64.inf

MD5 7cfa60cdb7e697b40a268eb8814446e5
SHA1 e8e77082361d5a5ebf6163cf880f9700cff5741b
SHA256 0a8ffec8d7ef3a0aa005f604a045dcf80cf5b6473b4f26e30c58eee23e253fae
SHA512 77aaea559ef94d405194351b52643512a71990833dac22a331d5b78d569263db11bf969e26224ba8a362bf538782010ca074286ea605490d40c10f7d2d53d255

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2005_d3dx9_28_x64.inf

MD5 9a3ccc90b71d554e968eca0a812bf0b3
SHA1 0ed1ca28d7f6c8b4e017cd48b8504340cb4d736e
SHA256 510b6d528be3f2997b8bd811486dc3c13eb27a9de22d1bf030e6db0e632cca4d
SHA512 0f10d2ec9f72651927599b69dc3f4e037febfb9c2a18e02eaa49962903c1cf77b63ae6335c06effdfac26b87418ef2c7a2d53dd799a28d275632d8255ffa8be4

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\feb2006_d3dx9_29_x86.inf

MD5 f4c258b663ebf54c55d7d09b05b26ff6
SHA1 85af1252cf3d9ae7afcf8d576cdc17910203ad03
SHA256 f12f4bd86d5cd748b0fcf7106e9dff333c27c0886541339ba1f40c443bdc61cd
SHA512 cbd491fd8e847a4659758bfe0f5a4b56c97e539e3b3aa7ca601c329d858c882cceefb9ee8341d794235b7c2403a090f45a0ba8f2f44de3e3b1685d027d8bd19f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\feb2006_xact_x86.inf

MD5 9dda266ba05cd917cca889659e3b98c8
SHA1 2a2ba2ccb3c9d87c03198b9ef3b9c6e21d693055
SHA256 45146fd446fc8533dc5f97d88bee9ae220161f24797114d0bf3afc7c479ed69b
SHA512 26fa18c8058397b8b5d89baf1fb9cd689827b48781dbe40ddf884c0a3ff9cf8d8451c6c084a693e4fdf107ad181fcce35a2fcfb371548df948416b5713d8ce38

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\feb2006_d3dx9_29_x64.inf

MD5 0d951a2eda3638d4c976a5ffc1a9f8db
SHA1 fca89fa6bc6d4c25758b7baaff9136c3d73140ff
SHA256 ef36ece1a6bd8af3b0b9247b081d28ed511b7e18c43eb3aff364c9ce8d3a06c3
SHA512 89e960fbf9421a208476f7f65acf8047d231f3d6fd87fb31b01185ce88f5ebb1fa7513224124889082f41f1dcd579cc8bbb638f1af73081b4630fb07934dbb80

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\feb2006_xact_x64.inf

MD5 7d46669082d530935e79c74c4fd83bf2
SHA1 194a05e3b019beb07da96c3bef780e6154a78b9d
SHA256 b7ca1a4942057592c5b83b4425350da41c61779dcae608112141d727091842d4
SHA512 590a9628fb90d4140d6f96238caac46f8ab23a59e3a9d94a28d1638006085efdbfad259b9633e4a56585f6cc10119d67abf3fa873a426a1946af589c17f84fa1

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2006_d3dx9_30_x86.inf

MD5 a49046c25439fa900b1d1bf826506ce3
SHA1 deb71dad1d55dc5af2f80a1c3010c0d899bec187
SHA256 373cca07c0ceffa72901441219a4457de9ff110aededae5e4818588da39cd344
SHA512 d3e04f2e7b358faaefdd683e7ede8a41c2f65b7c8072754b03b2a5de416651f92712fa7d9bc6027d7326dc5bd8a497161685c04cbb7bb36a384aeee8dd77b086

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2006_d3dx9_30_x64.inf

MD5 5d684b07779ae5b421e23167e2b9b44a
SHA1 1e3570908b810cc799f047221351cac7a3583787
SHA256 b70b8f62a2459580d22999301f1823bcb8a9bef54bd33b38e0af274a3a12e010
SHA512 6688f5a9952b36a0a83e806c9be99d9ffe9ba4982b76a9c7e8cef5f824c17ffe9e5ad9ef4e4974c6e2a9cb37e8c05584d8d83033182d1c5d00a786bd2b693e23

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2006_mdx1_x86.inf

MD5 2ca62bfeb43facdd1fc06f20fb20397b
SHA1 ffbb8f6a8a11f949ca180a7e73279c4b775bbbb4
SHA256 2546a1875bf868edc621a1cd0ee262151faa08762bcced0117e1304eace0c04d
SHA512 3d16b07bbfd172dfa979dfcf4384baff35538de371dfd0b266e5110772f0751f9e5274fa92b06d1f289f8aaa585ca1fe382f8469561e74e343f37e8a05f85dbb

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2006_xact_x86.inf

MD5 f67df97463d42bedc122fbedc37096c4
SHA1 42cde962b355cb3c6a7a7a88c8dc315f811a7494
SHA256 037db252501fd0e30303c11706d804d9eabbf319d0b4e88181ef8f297b4fef8e
SHA512 93815abbd6b6666438adb146bff476aa2728aa7475178259fea623dbfdae819bcf1accddddb7695ef23bb2913d234264ad2ec826bda6eae5d99459798b032144

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2006_xinput_x86.inf

MD5 53294b978995caafcb6a9ac8f67b8580
SHA1 c165d2c615261f135f60442ad0a6e589d681a850
SHA256 b604779115d32d439f77b33257c96f928ec4ce564189f7d0d357099c1da140c4
SHA512 a3da7e02ecfadb181ed13855b093908fca0aae2ee75e6bc4f873fe69a34cdc08f3bf504aac2ea98f9573437d2ff000e43ae8450c87036ead48e6c2b80ec523ed

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2006_xact_x64.inf

MD5 09c9b7346b65f5ba209934f16e711c8a
SHA1 9d6cf0fe295475c438fce214d9d24d5579f2f29e
SHA256 d9c3216ada5dd7791ca852a8ea97765f94a7b56fed27b20916b5067eb82b14d0
SHA512 26b84a457b5bd17a5deba56926af156a2144213a2b75fb015641a7817fd2307cfb439ca22ec0bb584dd21f8f9e4c7b3cc749a350b26cfcd0257f5fbda23fd9c6

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2006_xact_x86.inf

MD5 fa59f92f7d32613a12189e75eaa700dd
SHA1 f2c3947427e7eca9fd1ad53427d1dec28a5f0f55
SHA256 6bdce6f6779712e38c6d9e6e5961217e417254089f096c719f25566e952cb257
SHA512 e8dcbd918cdd7d98a94d53413088e2f75e4d1a15d4f69b6927f3cf19760d9f2fc577659fd533b2e4e2997aa29f285b0fbb35830331997549e429dbdcc7ae9853

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2006_xinput_x64.inf

MD5 019f21ca754cc2e21d97c3a2a97d5ef6
SHA1 54d97b4018e0cd04c63f1221cd8da7a0990a2cb0
SHA256 f9d01e93e547045e1d232242c900530dfdfa54698586c7049281965e3bd01ca2
SHA512 0c0ef6a8bbc05eb81cdba8aa2c3f4a0d39f4859b6de495c79f813894253ad1ddca4851841064cadfb1901ea1f056c68560aae1e68bd12c590a143a6b7f0b16f6

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2006_xact_x64.inf

MD5 a983924d66305104b4e21a551dc66448
SHA1 23deca69eea790ae7afc30cffa55e87ac8520cdf
SHA256 fe9caa55be17684622fd7339b1b96e1f0d107dc33c065706d24a435d523c6e12
SHA512 83c2117df0fc37979ccca7d861598a8a127d135456f72597366ac65276906435ab99fa353f246f9f61634fe96f8376d38253300f177d5cedac194cc92407f3d9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2006_xinput_x86.inf

MD5 f87111f61ac57d80199cead8e63ec45a
SHA1 4a525a78a90fa87290f60f0598fe285f9f46c90a
SHA256 cc66d67daa1f4c31ff5e59c2606c3930f72204a5057c29b9d58dde37a47b1cb7
SHA512 ddb1b7259aeec662fa271f6a6d271e9d48c4b8ce4d47d452dc2ab15611421baa13cec0024e668309b7444b31fa5b24f41b032796c81a36e94d7e577d9c516712

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2006_xinput_x64.inf

MD5 90d7a7386af9b951f939d869567894d1
SHA1 ef70a6efb5f7b32193bdec6c5ff13a4abeb4f00c
SHA256 35f25b9538e55172cf36729519581444e26b38a9dae5cccc4ad75dfa34ea08e7
SHA512 10920d0116aab01eb1130eb91b26bd91d4b3ff8e09a77db5b79f88c94c463389548c2b3ce494162d4b2c3fda903eae6c2d87492475c56fc901c37fc8306555ce

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2006_xact_x64.inf

MD5 d40e6c659cb7a757d8e751b050495927
SHA1 a9c515d786bc8f5c739fcf5ac1b6e15365f9e14e
SHA256 6fe310a67227203bbca3389dfe3403fa268cb424f4b525cca2d5407ed26670a5
SHA512 fb58acb95f1914da3c650168ed50fb6f75df68773daa8e8389db9c7c7c4d0e8bf93e46458fb76de676acc65132d781a7624f67289860a19e03520ecdbdb66896

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2006_xact_x86.inf

MD5 ddb0d03b1d4a6ce09da5cbc61f5525c0
SHA1 ba5e1361e394301d5b9d9a4aec68ae21f19c70a5
SHA256 34e7227e03812fce5415b0a4c3d15a9e9b259350ac9873db2a98b2ea76ae2284
SHA512 2160652a7f8adfc346e0af6f822875c34d2d13f168b9895b063925979d4fcf33a7da777ce7d43c9ef2b23186ac00378e8c2d4ee115bb2ff794e863e8b6feec5e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\oct2006_d3dx9_31_x86.inf

MD5 8f7aa1f0f2389f3cac574652f5d6672d
SHA1 921f2161cf46c6314a330ff52c83f8a3f1058f0d
SHA256 a1c61096019a6ae1a9f31e3fe67aa2bb7e9e451967959d7088344f3f20ab572e
SHA512 a85c03ccaa27adf3c75287529f18e84f526cf91785e0f4281db0eb86feba78522603e21def19bd2a33e03ceaedd9109b8af1dbda4a3fe93fe6eb95366b6df747

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\oct2006_xact_x86.inf

MD5 6181c4b93bad5332b34180ac0bae5077
SHA1 259c8de2dff2a5dd8d4971fa1ab3fb0d193ae90b
SHA256 66998b21cbe6f05b12cdb4bb45549dcb1b4a92f8a1b910334150a8d767fa39e9
SHA512 8508ebc77b667907c5c2f587131f24cb25c5a67ab2f7d8b94216931457f486b37b9701397ed6ef527c9c6786f82a938a52d2b6cb0afddeff4101cb100e3ceca8

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\oct2006_d3dx9_31_x64.inf

MD5 e2a0e651573cffbf81578b864b50cfe7
SHA1 1c739f17f63ce7c5ba00638259628f7fc919cf74
SHA256 c031987e68e476365cd885e41a072f85fdfc9e480c93871d024a5ccf26d17118
SHA512 abfc6452d055bf6a3fadafb9562352bda90ee0edae5a0fec798951ef9d39701835212533a60eaab67c5c0fcf01ccb9115fcea3779b024ee1e11f217cb676e7f0

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2006_d3dx9_32_x86.inf

MD5 c28f4fd1644e2a20b1c897438e197e1a
SHA1 5178534444ed7dec8c63f02defe7bdb864c47123
SHA256 ef09d783bf5cff2cfba99946e5e71fda577b196a49c88bed1c51b5fd29cecf94
SHA512 7cf93260efb1d794a17ba25b1fa02ba03b0ceeed8131d274b805155072a9a2b92a899471a8b23add8bf46c6a5a3cda63499043eaa754001bb43cafd882c8e708

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\oct2006_xact_x64.inf

MD5 535ca39d61f752c3f1ba4956871fa27e
SHA1 4941efb676adedb9a46d7cc7415d8af03957b3fc
SHA256 4c388e9eaf3c39e75d003a58020e491b675b3a6054c702062a9c90e86f691d96
SHA512 f203958ca9c7d37daccd342a4deb125b60ef839b5b674a2a0220d7f0d770d5cfcd5c1f691470200bb4d8711f2f6a77d8b968e17020dbcec8c40b127a09f5f9de

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2006_d3dx9_32_x64.inf

MD5 39929631df326b944470256c4f9cbbf3
SHA1 932de27abf59c889c02ed747f0ac04f5e494492a
SHA256 ff00313af4a90f426492d72969f5efc6c56a17f2dd91f20cb5c0a38d9f1f2b6b
SHA512 8dd2755a2b2fb90c6880cbbde65d127f55d12df2bab4560ddf86d6793b2cd4733929d97efef5fd8eeb417731a571888c893188df0361ee57eb4437fab331cb13

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2006_xact_x86.inf

MD5 211700aaa53bda6894be85df3dbdc792
SHA1 4874325e984b4f0d884cc732da474b3bb59d3848
SHA256 4c0a40094228a51f567bec65c2cdf289d268812c1af579e3c6b76cd3adb77e12
SHA512 8f51d965cd1ee20cac11256afc5e422d94d43435729d653b25c5347e108fa50e59c3bba18fbd7fe4e2a1a6bd54da1622b80e029a5914e973f3faf5884a262baa

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2006_d3dx10_00_x64.inf

MD5 eec826f7141bedeeef38c5a3528b5034
SHA1 529081aedecb7b9fbc7d9707eeb6415f98bc128e
SHA256 2a43ac72ab9a6f4771c02b6e10884921b733b86dbd7ebdfc5502d011cd5c8d05
SHA512 62cbe09326cd04c891faa124c65554fd631382a2e078c70ef72a1a07d57239b3ce599b57be3fccc755075174df1d63ac3597dfb3aef9b4ea34ba4597d804d2c4

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2006_d3dx10_00_x86.inf

MD5 1b702c5bdf738a8abf4a3108097a6b7c
SHA1 c1d9c9d5e07117f273064bec36ac92b5ed624d38
SHA256 33291a47388edecc059f1825c1979142d7a9cd4a850716f9dce687deba1fa750
SHA512 498483dc823e76316e977dcaf7fbc557c3e60c67129a678701d5168105edc97f97479107330d5eb3989dc179273cc9b74d055827f036f2f3551a0a3d398f04f4

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\dec2006_xact_x64.inf

MD5 ca414f7196d9b2a7a9d4057ca0714fac
SHA1 7eae4a5bfcd42915adeff5377036ecb4bd656999
SHA256 f2f2040b8d13705f00d8e20a53f22093aa0f8c8d6aa6224992ba727ace7b75f6
SHA512 1efb725a49a8ea7125074436bfe988af360b1ac22629d34a754cabaf3c151855d08e826a0e244cdf9b624b531de14d23f32c1c16c82f6832c8604cbf52882e11

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\feb2007_xact_x86.inf

MD5 5f1df74b0110f56ae0b6556dd2dbc14c
SHA1 c8c7d383f5e37c06015e1304b599568999bd4e09
SHA256 64b6020f43bbab7f7c2368fcfe7224165fef555b2bef813aa13b2d9f6295d46c
SHA512 06572fbaa625c85b05f5f4eaf880083607b6d010a8d4bfdb28cfbb1021b08e533f3491080faecb24055acb897b337d83caf9306fadebc1f1353763e8908850a5

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\feb2007_xact_x64.inf

MD5 42161a1071084cb4f32b0d7d748d9b62
SHA1 e7e29605c21b7a2c370dcf979a40c50b93ceb298
SHA256 184c1684c57de07983edaaa1ae2751b263497673ee8418af023a63fa03553f53
SHA512 2aa8e864dc28ee5d0583d044e3d8a9399d8d49b9fb1c522c1c640eb7b079515ffb0bac5280a220c23e15ea4c7ad45c7f1722e05e9f9baa069f4a2670e4976358

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_d3dx9_33_x86.inf

MD5 044cae9c30c88bda73727243f5e5206d
SHA1 de744e349cf4ea458b10657d510966d21ad08d67
SHA256 349a09a2791d697bffffc61410a536cdcf258f0d7c86dda44a297e8aec4bdf00
SHA512 18e501142004afbcd28b41bdd3a9b19e2eebc047d7858ee11a9135f19759cfd8c643ff074a51e937bbcab7162888fd95effc146be21fe63dfc300ef03ed44056

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_d3dx9_33_x64.inf

MD5 e40a6f3215c3f1397eb18b3388f95032
SHA1 4845590abf12bb5725d94d7aeb953a5686918537
SHA256 2d87efca75d8b9aeab3262841d52a7c56bad34ac6b9691f4df2d89b14c950f8d
SHA512 942f54a3984a29e1973ec096709de890fe870a9dfc84a8c5597244251cbd69f84543cc5cffe620a076d0a16dea6e393c6790553d6d9e2fea1af1c0f00a12140d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_d3dx10_33_x86.inf

MD5 fda5776cc944ebf6d84fb45c8a1a35f5
SHA1 f3b603dcdcfd6a310c2b0945f1a3b97276041ecf
SHA256 3286ba521fda888b1808f12955a58d7da4df7d2fdb472c7837a1e0e1a6317a06
SHA512 b051b04ce06ad21d08ace3a28d490214556f4b5be060ee05f8a4ff872d1cc72df05624021a9a0cc1efa4e63772f55cc61f11edf03537831a44ddd6ab409e83b1

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_xact_x64.inf

MD5 dcfa000ba60f73c2c02ab590faa1ae10
SHA1 154b9ff40cd92bfaa572b289662d0305fa2fa017
SHA256 bf6ca1165632efccb0292ae8b739ce68d78ebb95dd39b8e4c1717d78a026db10
SHA512 34f6cf1f3fbbdd79d04dd55315b0074abc21b9c26df6e2fc9d66c6d15f36ad35edea741000a84a25ea9a68a94d46f500398a27c8865a30746574741dffaadabf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_xact_x86.inf

MD5 99f23af200574f24c4c5d9ee12fd2cb8
SHA1 f0e50816ed808748f9379733921c9302551cd937
SHA256 008db10780aa8fb6f20b7aa5f5d513ca77efb36c8dddfb9ad89173ecaf700af5
SHA512 5e97d157ed8ad10f9cbb9490a16141fa52b2f32e09edc7e7f5e4b2d9c9bf38bbb85706d76543ca4ffe9b54d5fbc4b763b7df0893f1e7e56ae4c8ac1a720dbaf2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_d3dx10_33_x64.inf

MD5 00ad98b94609033c2819745587b0eed5
SHA1 2a07dda60a97dc2b4a7cf3cfc6245e72cea0efb0
SHA256 3e61c4d723d282c36c5493d82644ea96715b7b548e50494d22b4a83d4e2b8237
SHA512 e7fea5f9186c324423c0b129dc3e8594df49dc84c61400f4635ccf688075b256d7923ca8f4483bf7b2fe43862e71aa134cf2c9545a23c622d0cc04dc7d6dac1b

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_xinput_x64.inf

MD5 94563a3b9affb41d2bfd41a94b81e08d
SHA1 17cad981ef428e132aa1d571e0c77091e750e0dd
SHA256 0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8
SHA512 53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\apr2007_xinput_x86.inf

MD5 e188f534500688cec2e894d3533997b4
SHA1 f073f8515b94cb23b703ab5cdb3a5cfcc10b3333
SHA256 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5
SHA512 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2007_d3dx9_34_x86.inf

MD5 b1d65a13b527d75ecdc30cabf407d103
SHA1 db6df8ce6c28cb4a0275aa134c2d42a0ed957fa2
SHA256 a568b7b8a0360ad94b1ed6388eca6ca9d8770937360a426a0fdadef9a4019bba
SHA512 7d80f772b36c408c258f7db1180bc09996620634e6304761f5c10659d0885bb8d0b19bcad50a13a5d99ee92dc8e15587534d966bd32c5a8910308eab623a7f86

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2007_d3dx9_34_x64.inf

MD5 d203c1993f21a870871ebb0c99de313d
SHA1 e69a5bc70fe66f89fddd81330dc148a1e788a56c
SHA256 77f3fa1756181a90d2ee63c26cddfdaba0d720c9a49121db28746cd02b3e071d
SHA512 e03c341f2d8df6e8174447d32bccb56b096073a35a3d8193860bd4628d812d1fa381bd35a55e17b4f27c5c5fffddb25223d932e995736fc608030501954d45ba

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2007_d3dx10_34_x86.inf

MD5 55e30750af2bf57321ad1097a512d725
SHA1 0af3c73afaae0e8a1fdabe25beeb96b32eafb9ad
SHA256 808983dfd3db7c3452589ea4e14ab4af8ef47dbad3b639f9a3c55685c9b73867
SHA512 0ad8b51a550243d3f24ec5934f2b5e53f1d8e0b87997a7cda38840b3160121f1e221e6cb09d3f5b384df74be2ed10d4dd92fb02aff98bd0ededab751ddaa7149

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2007_d3dx10_34_x64.inf

MD5 bf312732fe77f600a36f2a7b98a346dd
SHA1 5e9c70959111dbe60ad86258cb5bb20d0e9caa0b
SHA256 0f75b7ef71e183476ec938705024eb8a10a77d7602a336be876c7f5d17429725
SHA512 10f3d128da5180ecccda522164269e4940b69a7f55af9501de648e572ab5275f02c113be5342969c73e118fb7ec49209883c4a8d6c4648fb898289f77ce7a3d0

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2007_xact_x86.inf

MD5 757a5f0cceaf39b5c7c9bd61650fd12e
SHA1 a7b3dda77f0f2334466d324eefeb3e5f6809d880
SHA256 33b980fb973394d9d8cb4645914d4cf6793bf92bd311e0431ce9cacc59fdcbc5
SHA512 f4f969b017c9233bc4a2267118fe921689b3237d28fc2b251ea3b6227e0b17dee84dfb8df6491928791891dfcd265688069b92d8a88cb9dfdbfff07b24a4dfcf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\jun2007_xact_x64.inf

MD5 c8ca749e73883789faf6561a375d9b51
SHA1 fabee2ac65f1d4267da8df07cd3e4cf4eb19148f
SHA256 405d8cbe3c87b16afac2a9254497412a42de4ae2d8fb470a1234dc3260e0b90f
SHA512 56a0fd5b8f065b82f5f9b73dbcbf912045847180a6614dc48ed7b27fea3909839615aab0c8d0a122d9fca952e9591da5152b4c618e84a2d7aa409dea4fa4237f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2007_d3dx10_35_x86.inf

MD5 741a5ce76295b86694cd7540870eeec2
SHA1 2c165af0047c98d2864379ea5fec33bb1507bbf9
SHA256 7987e2c475705bf8f049a15af946ec0cb5ccddf27c0b5c8126694421df601770
SHA512 b7d0a0bdcd060ee263860024abe5b054aeb2c8c8c7ccdff9cfa9886188d7177b1bb8799909b3c95aba181292b5bb9f9426ecab0a6a2689970afca5a1739fc4d3

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2007_d3dx9_35_x64.inf

MD5 0b3f4e715a43024fd00f769e62cd8b9d
SHA1 ef6de20d95a920e3b69307737976bb243783160a
SHA256 e34ad9e49f31cb9211e0f350405c344d93fc65075e470c8fe09dd78af68f2c80
SHA512 336df101ab341c5f22d516089fd31fd9f0541a01d3ac4ab4e171b73452ba3bab3cad84af50f1e9da17c46bcfbe7a1b52284e2ef2af49c67c6d6cce2969e14ec9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2007_d3dx9_35_x86.inf

MD5 815d75e4264b1f9c0bbcc529ee7a290a
SHA1 cc956156066c87ce1bd2b7628453f1824a426412
SHA256 c0d87c1b079b54b75b86939199ca5ee1f796ae3de9c4ed0ae074a4fa01823c73
SHA512 bdaaca529cd52df20cf1e35b45e1824fe48d09442666b18faa3e948937026b09d880a27f1d915816bc6e1d98b0b486d590f867aeaa046317b7f48d6a0f949391

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2007_d3dx10_35_x64.inf

MD5 703b4ea6a182ee3b48026d01319579c0
SHA1 3184959599dcee4e74b251ff14dd2aac81e2ad68
SHA256 af4bdfeb4283f04e24475279931e042f17052224cf708f0c444fba2f2e221289
SHA512 a6e67befdb1d757bc08f6a726e6d79c4f51324edbd1f48730616e27079bfa60262b88b4c49cca046e3da3832e375dfc29b2ff48b7007443606da94793ef7ed84

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2007_xact_x64.inf

MD5 a78f12b4514614db269bf55faf383875
SHA1 0425c3e3ccb15f691d6f5d30b71856138063002b
SHA256 2fcc4bdc6516418d3b4935c301e14f30e3bbd0adfd264bc34067b27b0b266b8e
SHA512 9d1cc2704541b71b246c2cc8e6e1d667cd7e691e42865aa5b0a800cf26386cf00781ae7727b7f90711e987148e98f4253e05b6d3872d3f69b0584bcf97b3fbea

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\aug2007_xact_x86.inf

MD5 8898bbb8acc1b54b3b9b6a2f6b0e2cfb
SHA1 e5ace499d26e573544be76c8e45cc5278d15022e
SHA256 c246c38e41ed71bde4b3cce4fe337826173896a04c26f8b2a00b06bb0cec024d
SHA512 b0633c44541cdaa2d2c3174027d849ecdf5ccf2149da4a2932f59db600cafd8b959aa0382973e23fec7a76ed7555e96065a4d8aa077f50c2a14e5080673aef30

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_d3dx9_36_x86.inf

MD5 08ffe480ee5e54fc19a2feea46adced6
SHA1 c939391c489bb321f70707183b0d3f4b5f13911b
SHA256 843764f70f56d430c0695e263c895a135a631f793213d1005fafcf9c210d1ac9
SHA512 c05aa34b860b5620c982731af15889da5571395fb35faa24d43ccbb1b42dcc756769a0b9153c28112d7347f28d4ba933d8b15fb36a3e511ac99eb148f848ed99

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_d3dx9_36_x64.inf

MD5 345ecd585eec22fb33a62e59c2758b6d
SHA1 2d6ed63996903c32b3e7ae24d86c924b11d53e7c
SHA256 d1b544b3912e73e5984cd759096120febe6f17e41a3cf920ef82431b9b569c1d
SHA512 6d88cd48bc32a008989ec4bb71afba0afeeaa12f17833fb4072c38b237bd006f192f4e4e7a65d8aebe5d6dac1d13098eea370b03ced343a5541e0ef23e813364

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_d3dx10_36_x86.inf

MD5 582814cd47564fe8e3424cb2eb090501
SHA1 87a2114434564bb0a5cb4ea337577dd405f5e42d
SHA256 96f48bb810055699d37e9e27a65947483a0b4df304870e3b5448d3051b3e4926
SHA512 203d522271aacc0200bdd684934a8478b54a258f55ecca49a178ccabf418a328cd02ebd2a9656bd9dcd40c33de21d33664c5b16c1e7877de424d37b4f9b3e7a8

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_d3dx10_36_x64.inf

MD5 60e353607750ae5e63cb8e56f443321a
SHA1 8f1b07f8cfbd66e9a7e3c15118bddd99b04d6871
SHA256 7a49ae818e199cf9f9bd831f94cb6d03a1e72a141d76546261979b30642757b7
SHA512 038aecc1264f608c6028ec2288f0d8de6c9202bb3d1e96fd247e889afa06f1ce592bc9e224f37e83f29c0984cca6c4e85ab11eb28570aafa20b076f2b2e5b6e8

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_x3daudio_x64.inf

MD5 55402001ac41f0bcd1f457a36d298848
SHA1 a18fbdc9631610f2550f05cc3aed5a665afee7a4
SHA256 1cc72ca78433fbb72ee6b654c908748ea846c87c80424816745f285ed3bc910b
SHA512 96cb7ff1d43a7c1642d8ce9cb3c23ba460f6c083a7927fe0ad7a3ebb85649c384ef0542ee3e7dff6b99413b95a2a333327cd28349665901f466782fe96ee491a

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_x3daudio_x86.inf

MD5 4287ed3f6647fcd80ec6b0f7f2606964
SHA1 27b2e4212295478645a017a4df820af6bdb4dd0b
SHA256 f882bdbc8230d24b24e20f9d0db447586e9493801900a8ba381eb493bd41f5d5
SHA512 c816d7127fb7fadb971b757ba76d4b918fe18bb16e5d2249b4bd80b0b6c47208e7ba5e11b521d9cd0a23d464c392f98a3c617b91c0ae799f3aa10401b4e2bcd7

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_xact_x86.inf

MD5 7e2a5eadf9f1eaf90d5eac15b7a9f558
SHA1 907cf74056bf7ad91e47c98aaad9a092ab42fd02
SHA256 24714f229e479338ed89bdd6143140505fd63f517b7e71170ea6c072a1748b06
SHA512 63c2f438e6feaec2b9fce15617940c97862a54527d549fb6ea149e4d18199c1752e255c6cb167ff20b9cc1f74b87ffc97110b65652bc5c3883cd14894d21f8fc

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\nov2007_xact_x64.inf

MD5 bebd51d24aa338f6192e291d03684b6d
SHA1 cf2c0efb60f44748b0ef3f95276b0512719f130d
SHA256 841d579573afd51499c7cd8ee986a41db63cedb722e8fac351d3632ff470c161
SHA512 28fdc41091d761faad79c1af33da0372086689113df2f1cb40513d50727e5aefd652a977ad5c92bd62f1c5ef9cfc24c23bc6758ddd6a4d1ac5db0b5e401432ca

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_d3dx9_37_x86.inf

MD5 020d1260794d5780937f0f7a919cd62d
SHA1 511ecd1186deaf129a5532b79fc776a9ab8fa9be
SHA256 d55858e166a2fe00d4acc30da756f0ab2c4dd5a79a9874eab3100722c74a1b75
SHA512 201e24e51dd859c35fa9d0a403993cb0b2eba67effbc598ca4491f05bff4f0805731b1e7cf6026b7dff9fbc3167c16b43887f080fa40ac11c6ffe09297401f9f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_d3dx9_37_x64.inf

MD5 ec75fe979fd2c2372ea75c72a905c832
SHA1 954642c9087489285c8f0786b63aee108ec08d04
SHA256 a4fda3373241c2748a969ddeeb6ef41b3cc1bca6608362ba87db75f69023fe9c
SHA512 dcaa772d21d1be7fe59f1ad32d10e7cb454ed2a4d98b3add201f8bef03718c29f9915fb4cb779111a954a9d93d898393ac2ba593c2d4d378b88bd492b7b5381b

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_d3dx10_37_x86.inf

MD5 1242da12c637d5976af936f60f387c26
SHA1 a6890fa9d41f6785d54a7d3e1b229b64010089ab
SHA256 bae3bc2b7071d2d1c657a87a8c8af6c0fb5373f11c9aa5f61b406924717d0792
SHA512 7fcaf6ac1a8166e8c68d650dfea40bf329565d4ef92316ed0188a252736c9e288cc8f7d017b0de4af05245d1bf94a85b2dc72a93c618a1f2caeda45fd84a6a09

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_d3dx10_37_x64.inf

MD5 b21f653f707315be4c85ff4630af305b
SHA1 32b0d69a786a2cd37d2fdf541931d90ae8656944
SHA256 f37681f4d49f71d48b1960c3efac74f28af9fa764b29ed3a40b5f424fc8f60c9
SHA512 e68348c9413f77749218fa34e55e416c7bac95f234522bb6eccbed1185a3f3af2a393511d3b83dbfc64580e1725f9f53e7e586570d696a3fee76761e8b0902f4

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_X3DAudio_x86.inf

MD5 9ab8a749708995453ee8a995a877af2b
SHA1 eb8a0ad7f7b38aa190e2fb8a4a2d11cc9fa9b493
SHA256 0b6e28f00364a9ff436c3d99f0d4e80bf615f1450f420122324853cc0b88b16c
SHA512 9b0ed586fed0ffe25d4076b202afcc7ad580dbb05593e392a12d64b639098f8b7687463f213e53dfbb85616c5a3781adaef8f1ffd293c082a84291472266480b

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_X3DAudio_x64.inf

MD5 2f7b3369825c6b74f4b645ebf52c8e98
SHA1 105972c77223b943df6533d517c698241ddee9b1
SHA256 b7dba312a71ed109c9c54cc5cc096096eb8cf0962396e8dc996f8fa28307547c
SHA512 88a47bc3520f9fbc082f1ddca7e083cff9bdbe5c4a0a851925ea14d8e0f327f2a9982e5b4ac457e4950acdcf6788299c4e13a15ff38bb76c8d212f1466cfcec2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_XACT_x86.inf

MD5 e3ad8befca2528572d6c51a15e072c94
SHA1 9718337261b8b93b546a5c20bee8b44d26707053
SHA256 6b0cc0dc993e172855864fa078c4e5c8f2f46bfc3200bf2ccdf3292931ee3cb2
SHA512 de4915424d8a53ede76394fac14c4de46838f21afc8bf30f560d2d00df4f366dc9ab48bb343be3580087a7d5862a14c08f83b5d9cc8e78aa4cce4e6b71b70c59

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_XACT_x64.inf

MD5 d5debb90aee2d6a73bb448aaa99f985d
SHA1 950ff1a768bdabf14ca2cc6809431c3be8b19d9a
SHA256 1038a41e63ee8abbc8be85a86fafb2ac1d03defa6b88deb270f96a6ed1a97122
SHA512 dca65e91d4eb619fb34615a3c8683e04af84e843346b88bf4d52cae0c27e52b5a7a417c531eaf50cf45932e3fd6f5fff1bcfeeea4fe65efffbe791c8ac1a8101

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_XAudio_x86.inf

MD5 35c6f6f109257f242cfb2ad2062d50c4
SHA1 222406bf52449ff0d5a7ca8ace6cbd3dd5f41708
SHA256 472bcfb54b5d63377da128596dfb30c8f200f79edaaf6d29de1afcdb71a3413d
SHA512 71180d47d8c177d84e68bcd6b9f948dc8c946f7a6c4091e20e04f1c8098b9ba92bde976194b06595834ba4b159a702c091d04ec823ac377b7ba7713f057f99ee

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2008_XAudio_x64.inf

MD5 8eab978252843c5c47a913e4eee460b5
SHA1 b5ac7e6a36157c41d56e1113d7768e67530640c0
SHA256 10a2db49dd3bea59133bbd82b3fc0f8a959b65b0c250c11a9a6f3123b961e6e9
SHA512 d1b7be4eaba7126f3f64d625cb9c9d16dd40dd1dec96b4d647f9a5e24d6b945faebb65f25348d9ffbe092b03b1a54414cea9a2e4d1eb1deb102ab5abdb34d810

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_d3dx9_38_x86.inf

MD5 c7fc0a82355bafed08a5597930b80263
SHA1 037419fc93581e053b4cd31c57222c8b8761e242
SHA256 06faf7f7ea5503dcece13d6537e57cd2581d5188a5d839fe7f118298a721b51a
SHA512 51829843dd7e2e501d6054f500fa523bf63f19382890880cac0e3f207a00dbc544195489de67c7dcf876d9061f2af12bd346513e1c98047b0c185669be5d8cc9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_d3dx9_38_x64.inf

MD5 df5538bc9e0494845a8e2d607e06e561
SHA1 a056a64230f03835dcf9bbc5d84edc2eb0c09484
SHA256 ddad68974990a21a8d4a91c47ef1034ddf0475551586f04e86b8cd2f0c990d6f
SHA512 4f19379034eb47e01de81a611facc2c8300c7b10306ebbabd232a249debb4acdcd3de42b71d851011be5b3abcae1ca232ae6891be79adfd754369dc0f16b249f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_d3dx10_38_x86.inf

MD5 d12a6b9889eeb330b4a4e86e9bd175ae
SHA1 62a4a7cb8fcc0edc240caea13b2b487cd012fb00
SHA256 f5f54664ec67f6333a9f0607d891bd0dc2acfee8cce09ac4ee0372b5d0aa12fd
SHA512 86274606e76b98b71dc4eec5180b3a52cb6627ac5ecc8b008512b7bad404e03b834b7129ce326a3c9c1cfa8b19bd5e97467a9390bc8a0e749771ca06d9f73491

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_d3dx10_38_x64.inf

MD5 e2b760696e2300b1c9b6c2531b39d029
SHA1 1c576840cf04b73de362b28b943bd69b09b3883e
SHA256 0de0ada970774620c0905227666fc30910e64f3cfa4b99e4c5481685d12e3ded
SHA512 94e4bd9834c21acc7709fd28dc557455929f940be0a4a794105188dceed7e023f87a489a1de44a9f93f3780f6f9088ab3d4e829a0089bec74a25ba4297a0dd73

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_X3DAudio_x86.inf

MD5 7949a4d37b517c39295f0d656cbde501
SHA1 27313949fe172d687e9faaaf91044ef56b7c973e
SHA256 0064b7db5bfe52b6f40f61d962901c7baa116abbc72328f50586b6fa65f894bd
SHA512 93d947c95b7ae357bd47a5a050437cb05192eb6c84e9222a46d70ecc7c54bc2a5cb1d3f65cb2a4db5fe18106ed9be5a7aefef08f9634b28cd5cf128bd00352fe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_X3DAudio_x64.inf

MD5 0225e16dbd17754f202f34cc1fdaa60e
SHA1 d8d7e02849d9594b346023e9e69a5b2a4fffc45a
SHA256 f4526ad18f081b84a139e6d98923569fc8ffc7644e20499e2f68abfb3e87753e
SHA512 2b308f4c4592a80d4215781ba7ace57f93a7449b2ce36a7c78203e1f16f1b7321dff6c32272180c9cbaee5d31afbdcd11f3d474004fe13c63752d3c0201d2033

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_XACT_x64.inf

MD5 9b2753cd7967a014a6391b44900ce258
SHA1 d6d227999ad32de75e05ae7d7fc43640e8893ec4
SHA256 90577c4c3d5d0de80c805caf0cc713582698ef7224fecf4ff911ba6309c5c920
SHA512 31136e55f01d382cb20f7109d0369a3ab7c8997dde1b65e9214e410ab686add4ef6950241c0aa9fc93ea0cfe3134d98ae1f3f48b44e92a620715bf159d6f5914

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_XACT_x86.inf

MD5 59c4f83a7fa2a8dee4970d37a96c2b55
SHA1 75b42f58c61d8c8ae185cd8560dbfedb7c4d6d9c
SHA256 79cb10222e466d54908d30ee433830e9673d5a538fabc5f4568521c2aff66eb1
SHA512 9a9b7ea3b354cbb29d88797533332abd4d1ad195b28ee6af05a0c6f83343b1e2ae0ce172e9941eb5f0d7ed3fb0382c1319fe4808ea2bf8988a1dc63b78c8c095

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_XAudio_x64.inf

MD5 c564c4dd81be3fe65783bca776be371e
SHA1 b60e1e1e34b8c56fac53dd7af79e1e05e04866bb
SHA256 9ce21064f2feed9bc9426a6e92e9c850aae31abeb80c7906ff917fbf4cc03913
SHA512 5b790aa1a6215ce8687cf3503267e31d1d7b41b5e4675bc634be957fbe14c53556989278017f2c97336df13d16eeaf975e0602a4cf9c8356598c392977df4dcc

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Jun2008_XAudio_x86.inf

MD5 e82ee7f4d71ae8bf90378bb6dc107d57
SHA1 6fc8e3437dc9d87213064e69bf0769d20fa7a739
SHA256 e5e435c4536f987e1087218b025e6dc66c24c3e300e839391891f1b3bfd360dd
SHA512 baea9f4d6c744f26b55426c9666f135c07f3e8af15fee04cdf34c0af83567815dadd5a4ac8a6547a49d58e0c837a28fb18c4fe1f50fbed8da9991bd2aed8ab7e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_d3dx9_39_x86.inf

MD5 b28ef6e3eebceb622d1431fedd9f545a
SHA1 c6ae73cbbdff4632911dc1759a9ccdd73056ac8b
SHA256 8a23d386626328f9519076f33d5c3b71c639f2347741442c3374974e6f61bd53
SHA512 4f2bfced9eedabd6ca807a1b88cc063d15a31ab0bd8e2b60c65d6daddac9a111c434a0fa7d7641813d9880612464351ea30368bf6f0ed9ffc69bfb4d51882d12

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_d3dx9_39_x64.inf

MD5 9411bf36f2075b7e42468277e8020e40
SHA1 c38bb84e7381baf0d2720e5f1822781a639c04bc
SHA256 4cbb1c6804b9c76bba4e41f0d2a45f1daba7350af9da4ae6966651f7f4da041a
SHA512 c860da71a89c41e81c1c89b3e1f4e93e747d7dca1152a4ba063f53f899fc701fe24f14abecfe883571af518df4c2d766432ddbae2ccb2c52bd87d85f6ad015b3

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_d3dx10_39_x86.inf

MD5 baa493c7a361f1ac0c5efc94f1568f97
SHA1 16dd101673b96b54bc5a38c20ec3ed785c6bf7bb
SHA256 e83f8d48323887af89648c5bd7af713b42d20ccb757be34675f1fa527e6cc33f
SHA512 2e8db3d1ce2830caa9a0f698bc31e2b907e39a233fb056fae44062b3ff732b3b62f12fcb2eb948c1728df9b64c4d8ee873c0f95e56c2ad1727140236ecc71095

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_XACT_x64.inf

MD5 f616331f6e6916d1d27fbcf357cf1478
SHA1 e5530aa845bca9b1c89abbbc189f65584008cedb
SHA256 cf09d632a4b2cc670d435f356f309dc58359735834baed10343fdfbf37eddaa1
SHA512 c39fd664f43c4cfad8e65d5d6b3ca845abc0b341cb663acc7e274a00c3218394d3d04cca850312074a294bcee4e5a0796a3c90d6263de63f8f83078d9c44c8ec

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_XACT_x86.inf

MD5 d2aedfbc8bd56092d658bd60b464dfa5
SHA1 54f8e1cd59f43cbe02767face39fa42f50ddd229
SHA256 f1daaa8d96108a4a338f62a4a1339143ddc566e194ca00dde5427136bfccb0af
SHA512 41d74bf9899e8d904bb0bfeed5e053ac3c453e0d591526aaf5305ba33128abfe29cea09bdc23e2131f91626a66f0ff58f6cc02fda9692e58fb2c476795e2b6d4

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_d3dx10_39_x64.inf

MD5 b01ca47b1cffd13ec5d8a6a592ae8449
SHA1 e1b615488ba42c44922522dd47b2e99f1b5394e7
SHA256 a5eab981c313538afcd7abc7742854d251c736835ffc1f549a4768fdf49c3e71
SHA512 2609474f1ce19473ff8f5f4550f9eca077bcf063bff8ea7fe890493e1119e80e6b233141a8e9dbe7d9f1e167c4941fead6cafe506f98053e623728b7edcf4ea2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_XAudio_x86.inf

MD5 e0947065f559b93eb93a7ceeaa8bfd44
SHA1 39bb647363b00924c7c0b3792f8017d7c7d9e3b4
SHA256 f211a7d99b3ffa0180bd91f68b2c285564227e075d499e950e76fde04e7707e3
SHA512 620810dcd56857b2d3d5f1271c5d4979cc90977acebfea81edb472d02da8e6104e89984816a91ab57a2469253a391bcc378093f1adaeea7c0d35f7f1b794969d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Aug2008_XAudio_x64.inf

MD5 fe4812a5425f1b6d9562b9609db16ba8
SHA1 01a206feff15ead479848ddf056a560701960fc2
SHA256 311bd58ed7437a1cc79692ae360a02efbc8ec51194abcb80bad78b2208a94d58
SHA512 2a98b997af381504ec8e2c5b182c73717ab81a455ae77c57036aa904f87dc8fdfd16a7835cc1e631e9435257da8bc631946b32d8f3bb72d260d1114c4c3c4390

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_X3DAudio_x64.inf

MD5 fe8f918218c40fcc007bf16e9cf0b76f
SHA1 2b66a5a714bc7a0ebdccb0029e179bb3f32009e5
SHA256 d04d052fa3065cdf00e96bcdd7dabf3583ef10b6d80fd67cb03c32f09f2e602d
SHA512 9845d8d2c0c0c618594e692abb382e4244d95f5a06c48d7ae694dd09ada670ff23bab07fbfd09310f60f6684267ed0709a1d146da6fbbecef4790b9373840b2b

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_X3DAudio_x86.inf

MD5 e8adbd1e68258d5657a34ea722f3bd32
SHA1 ae4e88d17663889e841992436b524a35506ee534
SHA256 d0361ffe046b7a7a374a4938d419e4121365892e4f2138899f670619ab34ac6a
SHA512 62b132cbde7afebaf20a437b810ea42b7c782eff4fa1f83e2e586b2fd9303829ac90c54704e28f53010a8487e04bf92b791c85fff4c949a12cdff2132c2b09de

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_XACT_x86.inf

MD5 87c8d16c6db20854f9610bd5be6e5ae5
SHA1 c17d78456637cc2a67b35d48f9cb3c730526425a
SHA256 31680e7a90d24eda04c910e1f3e6c02774cfc5c36ae08e7ac043665264702f83
SHA512 061d80816e2e5a7a2df68cd91a95e5f17aae8610a18b254abb7d5929826b14da5755eb01912eb369d1fb5725f2a4c144ce92e0d08b61799903d83fc91f35413e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_XAudio_x64.inf

MD5 318d70544da7620126540b0712200e7b
SHA1 707c4a04f02e10b08a16528b0da8b284cfa315c9
SHA256 ed20b160dd26a5ed3c220a1fd9b5fc880b3280ebf56c2f73e76b6d4da5ef82bd
SHA512 4acbf6b35043ffe9c740e3e48fd9320e10f5dbe317dd89dcb97b68495b60cc2cb2cd98e57fad030ed053636b710d344b96667b69bec4b7727ba2508f35f23aeb

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_XAudio_x86.inf

MD5 052b3294a9345385406ac2056e724804
SHA1 79372406f5cf40deefd8ada18ba238e80360ac70
SHA256 950b5aef596fc5048732f6cf263dfca5bcc25df7dc17df91efcbc3551751a3b3
SHA512 9b0cff2968acd2552609169a138d40fcc25ff2c35b70ba61cabf769f4e5b54774f32392508867b6ed9198b3da5a858b3a7079d7c4a4ddb31f63e4d4985efd2bd

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_XACT_x64.inf

MD5 d28248a55a7747733c0e4356c1a15d70
SHA1 befab66a5faf1889c6eb2208698874b00024b78c
SHA256 2d8a68e726728e4f4be05e35fca812b855046ce4bf697f0dea14094dbd7e1d79
SHA512 f7b89d96e287ddf8200462c4eb0415f2fec81b7a69e5fd4bd5bd33cfc805287d287dc403060b01639cdb67b14ebe65e42f75c3a1fabbcaf8692d315cd5bf45a7

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_d3dx9_40_x86.inf

MD5 d9f6cb1edf9f92a045f4b2b8ec17cdb9
SHA1 fb362c8de21847523211fa512cdbf73e5b49aa60
SHA256 955637638635025f01f82febab4a4977252a765439d90ce940fba752723b9db6
SHA512 e22fa0520dd3f905b5170e3ede4d9b9e40b0522c9b39308d150c01e5bc381949d70ce04818efa9eb2a08bcc3b26f2179db9a5aa1a5d14d757ee2dd2c5c3cfae5

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_d3dx9_40_x64.inf

MD5 4f4a9d3074a4ce8fa141a17b0c2e97c5
SHA1 e77b4e76ef70fb08befd69a03b9f5dcf02c81428
SHA256 d071b30f56763506da0c939b8d35b0540bef3ef0d51a5cfbc45816ca91f891a3
SHA512 7b961d3b9ed247e75047a5bac6d65ed741fb3c210fadfb23d4b77653af7001fd557fecbc2bfacac00188894374ec7ef3b0a5c1b1f6ddb0c9ad3ee3dcd1f32027

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_d3dx10_40_x86.inf

MD5 7a3a4c3b7c9c979261ab1fe477809731
SHA1 545004e59315dea0bcee6bde61bde3c45f79d107
SHA256 a4eed39cf36adccac4317e5822b30aa37ac5b001bcf4a24f7b5ccac6b8b71e9d
SHA512 556cf8ff26de695e39aa42fbbfe0bb986fca9ecdc08209c28404aa1b285cba8bc4ba62659fd0d929d138c781446fdcf2a30c0e1aa1487f6f1d75c9f15145c7bd

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Nov2008_d3dx10_40_x64.inf

MD5 f0769f57bd08036d669104f9bc942228
SHA1 18fd51cbdb46f1ffd47103dc026f1cabf4e4868c
SHA256 7f902d9ce6f6d71be1d16997ffc9661be2540522c73cc185516415a52dced2a5
SHA512 427acfacf52759a1ebd749022c375767fc283a625b6773e06f8965926e0b96a969a27a440bd661015b56eeffa6decce7322e43974172966520c9ea5f6164914e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_X3DAudio_x64.inf

MD5 5e65d9cfe5f15381afe2016508800dca
SHA1 93a44fa2bd9559929c4ed459a336e1cc27738f90
SHA256 4da1a6bbcb7e84073dcd1898f854702ec32f5324478b2fa39c4a9868abeecd3b
SHA512 9ab50d72212f79f949679b7e7c19f698f2b1c6f1d695555d925b7cdcff800a14fc98535476150a15c563eab74d8a98316f44027b0e3ad2834735a6f94aa07646

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_X3DAudio_x86.inf

MD5 c1501e224e63e7c7fbdbfb7734a8e4f0
SHA1 c6aff4de1b44499d304649b782346b0a6decdbd8
SHA256 aabd029d75f25244bae4ca17dbf9c4feebec0d5f121fcd388c175c3360be1bac
SHA512 e29f985810029a43a987ba45c905aae84d0615330e6fcedf81806a403f59c8861fdbb31935b0c610378d8131d38ac6798c778f5c6fada9f51838cd8a8cfcaa99

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_XACT_x64.inf

MD5 eb9c537b01096960889de48d1a13725a
SHA1 205f797be95c576f2b15760a25440f532011332c
SHA256 9369fb0a9d3353627c097fc19780e5e7126af47766ef6a4a95ff3ddcca56691e
SHA512 c82ecd2c952b1df01e6c7f7858341c62b36330945dfd0c6bdc404d14bee5682ca06a19448961e03a2093ea00040fd38ce60c126b9f155607b7435b28f74055f6

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_XACT_x86.inf

MD5 25b4458970583bd63b3e21ca5eda19b4
SHA1 a41a7c318342365d64f94da5c2b9d0490895d684
SHA256 764c3caeb1725a11701ca7119fdc49b3219553b79f9a5c1a02b20991391e5a21
SHA512 4239e25d6701e28a58424361d2bbcd27abcd91308ee2b5abde611304b0c2caf3cd807c8aaf3665569a565664b12c53e17aca73703ece809b9f26487d9f9a3778

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_XAudio_x64.inf

MD5 8d2a8bbe89cd936282ff828c10ae57ad
SHA1 acdedc9919abeead28ef07da56ea33f88c45c3a7
SHA256 4a554d09934581a87a4cc98749b525b6794947b64b8414d380edfd502713f9b6
SHA512 69ee567df6d9edf90a6a2a882b745597fe0720af3eaa0f23ae7241e7519aee5af435566bb1e0cd8b2f6bf6956b21f73d7af9d8e9511afe48a54f68f440aea2c1

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_XAudio_x86.inf

MD5 ce1394e17492dac92e0257482272617c
SHA1 f1babf395b608a9966cb5d89d85d131ce8263576
SHA256 1b66e4d80f9843fc73b0a6097fb8ed5f3d2cfd5cfb5c328904d2c370bd87bb3e
SHA512 c5b800c6d519d147e37b459b3c667d2e05b6e344ac38be69aee40dc1e20b232c9a123f0f6ec8fb5909ba8d76fbb24a626ffb2f76b08bb3d3984d6ad6541d6a9c

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_d3dx9_41_x86.inf

MD5 b37a5ff044eb65521a290c79ba1a3e00
SHA1 ed505464894bd3e52654834487f3821ae117edfe
SHA256 bd29711cc2ecd924990167ffa95f48842e24aeed3acef1023717040240b4bbb6
SHA512 eae4408cfa7f9c39b101489688cc570a184b8a57f3d20d3b0452a581fb80c4f485dc2f512a39669a92a5bde81fbf474e1585f566ff482e87610780c23126c21e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_d3dx10_41_x86.inf

MD5 6f64b88a71edf6070f48277cc7e22125
SHA1 1c77aace8a83ecb9a388bdee2aaf38e78af08ac5
SHA256 0170a4b551b58d92a753e86793bf3af762fe3f8d781512f710a4d661aec8d626
SHA512 4349bed85d5c42f921005ad6915571b680cbf178dc1c9fc8f218dbda7cc34b76647edfa324d3c529dfba18da800bc010623a6ee8b34a5ede0a447d1e7dc93827

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_d3dx9_41_x64.inf

MD5 d4a1295d35748a262f28c2d3ed7a116f
SHA1 f6794d7a852b3f56e93fcded600077220ebfef74
SHA256 12fe918aeb224a9bd4d2a8142f97c95d58a9a69e591e7e4f95014c155bb03519
SHA512 79a2c575482ebeb4157971c07df42c76b42fca1b00e213f3f311935977bc27c86ecee6b387d93e9dadee06bdbcd6d4edbd72ca0a66925eaee547f1bd195e7f02

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\Mar2009_d3dx10_41_x64.inf

MD5 d9bc0224ff859db21a9f684ff138cbae
SHA1 dd4f2ecdc2a7801588166d92d6e6aaf769bb3627
SHA256 53dc284b87f5787804823977d2fbb528e393829367db5d2ac5dd79c581a27616
SHA512 29d5c1e3b54e79e322a966d954935a31aa7108aa31f04e711e36efbdabdbbd3282ff56df9d640fe48f8707d55a7af435c83b7f281177d4d5bf01364786596ff2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dx9_42_x86.inf

MD5 dff48361a5cb0dea034dc6f16de99477
SHA1 afa417acf7e9da37923255a623ef34c7f6446c80
SHA256 5989dc367a8f84815bcfa1c46ff756527c6250c62973220d1af354b70027eaf2
SHA512 750b69eee07e7d6e7fbdba722e2e1ce377729dca5fe52b4d57d23dd2b80b28b3af8403aa43c469a5042ad35eb09ba4dbefc40a014a137e1b5d87e0f2de203856

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dx9_42_x64.inf

MD5 ecbefd1db4cb52d5089b1d4b20a08656
SHA1 85134f773bccff3e874d27d7e79dcd1e9485c903
SHA256 4887cbec8545b02152eb16f6296987a43a256b69b408330eaee362184f298d98
SHA512 a50afd834f0d892af5eb33b9c6ffbb330ddebcebd123fc7f706f05efac9491b49dfdcfe6196f3b6a3c9f7ffedf4fa723e0499f03417552404c0fb4f4fa3c046c

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dx10_42_x64.inf

MD5 8d272f58bf5ce42962d7d9835e9b489e
SHA1 7e0969289f839b5dfe606f6ce6ed106460f97682
SHA256 2bfdd3d3bf485439013045b3a08942f457385bb89ab76d9479fbdd85f09e9d96
SHA512 0554257a41df07860233f26330020a45e2dab2613a6028f79914aec7552d5c54525b137e450202db1283b602c3d95908acbf9f1eed20dd79c21fda5963fc2b5e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dx10_42_x86.inf

MD5 b3a2e761e5da007cc6036c5703e12eed
SHA1 447e852f9bdc357b00864d4dccc7486f1313918b
SHA256 a80a00464775da82c02f628c5bc13cab0d0643ec2a44b28d2acf7c77d467becf
SHA512 28a106886578fb38f144602d2b29c72a906bb24a50b16ea7d3f71f8bd7f194fc0d7c8451dd1c3e9ecc59be3a866c07a23dd394a17d39eb7b55cde7b347bed3a1

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dx11_42_x64.inf

MD5 520790b3b1eb8bb9ff00e4730d17e256
SHA1 51872475e3c31bb749f0bffaa42ab4ae362b2dea
SHA256 f9c13939779d4526107cf7d3554c122efb564cff02228d02b0b6ff211904f5dd
SHA512 da76b41ba262ac7adcb2b48b8e3845b7c57b1c45a664a1f0bc90d420cfeae1ee454c2089ca37ca5df264759f016c781ab1bf17c026d9733df7271e8ee3320dec

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dx11_42_x86.inf

MD5 9deabc0af1186bc22a6feacaddc5839a
SHA1 2a1fbc0737777513390210fe7fa48fa8805b15b0
SHA256 edf6764083b47c04fda52b149f565587c6a07d4455357fe3c27c9e56cc57a94d
SHA512 8a3dc2b4d25a2a4ed94cb70e88b051d9df9985f3c6a8af0725bb521e029015755b415c23a44ae8318aea4a04ec9b9c1ffc895df41d28c384d78a465dbb29ed3f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dcsx_42_x86.inf

MD5 a156f288883f2c1e867896c114509aaa
SHA1 02d7a136da0bc6c8cec933a880c62b90ea8d329c
SHA256 ff9da1b0328fd918cf9558ee57387a4865afe98db1410cc16b1e921c5a744c48
SHA512 632fd6b2940a851bc82c2d57a962dfced3b2cc61010e037ef9065b4a8da5a0f112bc2c66984cf76334556bcde35d49dece1841ffca9c149526a56d3824178b02

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_d3dcsx_42_x64.inf

MD5 32b0f585bed3e042371e125ebc7e0f80
SHA1 dc0f6d3a501cceb50a92848f045725f93182f150
SHA256 f7a5a84bb654837193e0f40b579777f5c6cc2c7341cf90503d6a6709d319797f
SHA512 ff7ebc445ead8c5109585ecdc58c7bb20f9cf9debebe587ace38c64f70277ee6a9c9359af0ff55a1d4bdd2d01b958efdce743f30cf5b20bc8656fe4124ec5670

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_D3DCompiler_42_x64.inf

MD5 bf489f4a6f1c8772091caf9d3f96628e
SHA1 c0da8b93f1e17acd81e5664ff7f014cf470d12f8
SHA256 8977772e5392b8e79364b3b8d97300e97ad891f38d5a2dd306549401e46b05ff
SHA512 2e21de522c0be4b797262528399d7ec8604fbf466e8de49cc12b9c2e2daa3a8f0977e952bd36135ed4887516d31ff8c782273325d2afad48f8b3202f35b4ffbd

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_D3DCompiler_42_x86.inf

MD5 e7f9ca8ca804cc404f855be173f6ac61
SHA1 5cbe6a3e7cd65a66bb6ed17930ccfacb8c756fcd
SHA256 bb8834d2366f6899c507bae176a13dadbd44488451a263eac830be95f4bad43f
SHA512 cca663b914f6f6d1b86db83e4f2976b103af041ca171257b9815a689788018434228182bac943fcdc7770d43180d53f887ec987e9639edc26ecabc7d20dbc4e1

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_XACT_x86.inf

MD5 5b6e899df58c5dd0201934027490278c
SHA1 8379d615b05654bdbdb6512b98abdb93a9179796
SHA256 1eb88b5460824fd32eec9b90e7ef5cb529f51215046e539d39fa27a409709766
SHA512 2326b2b5f046ea663bc8723155098ab58341ace400fed48933575dc55b1cd14ee8f8d67194303783a1d1f412e395eddd8952127eb35d8ec745208a6889dc63cf

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_XACT_x64.inf

MD5 e8623d8be34f89b38932adebb2ab2df8
SHA1 f7d844b8c77bbf1bdbaf4c615be7591299185bb1
SHA256 5d57466af1801ff3a92b1540907f0e4b91d90189177d68c6b4c8833e5d57dec3
SHA512 a398b5057707743dc3077f04e3796fc231da56b54d58c826b13ec610bbdadb0513c56183156be2e45b47ae96971a9287097ffdcd709f496e96f8f7233375f1a0

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_XAudio_x86.inf

MD5 6d9bf03bfc9465df08d17b18c431926b
SHA1 184ff4a21ae4756179fd179d1c3d007842a7ec2c
SHA256 842cc52100b5774bcda19e40837bd552b308e74829d5b35a505822c7436892e1
SHA512 35efd74761fce6b8c7371cbfc5c8c50a0142a3fa3492dda3e566b031bb1dfd58633960230985d899348073de38295e25f76d716b153640a9e0e8ce6d59954f5d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\AUG2009_XAudio_x64.inf

MD5 af52205973fa73d4227dd5e105f6a37a
SHA1 2e16e2914fcb65e55a117b24b992d6e8cbec8c55
SHA256 4348663aa7cfe22916fb13d93307e7384376fad9d6fa34c6196f80df42c61a33
SHA512 92b8ce27f01fec9c17c2677eb4e9e3f1dd592a94a3ea12e9580c8e206a8895c99b0498b2fac30323814c8da16a48555bf5a76eb72afcf5b99ee2e05c67cb4ef0

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\FEB2010_X3DAudio_x86.inf

MD5 e84adf38d499ae39090ad60fd76d76e3
SHA1 6af4d58bc04aac2723e8b97649f1b35fb1aca84c
SHA256 d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a
SHA512 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\FEB2010_XACT_x64.inf

MD5 45f4f5d8439b3a33df8f1d9f39a162c6
SHA1 e09440edc243b072aa589ed139ab9fdeff3193d2
SHA256 c7efd1ec4e4d31644a5054d32cc1e6795464472c05439573ae93e1727a5eea4a
SHA512 f8b7ab66b7fd182efddc2a851c6468a311705267afd5fb81554713b338f24642c5e7b5d5000b85e417154c4285457f9fdcdcf9f42c155c801f7a295e6ae3ea34

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\FEB2010_XACT_x86.inf

MD5 82c10b720e33be099f69e4010d44ecd2
SHA1 e95a2eb23db3fd610d71089500aad523f93c9469
SHA256 e850fdb84bcac0f667927e53fee943efd3f43be6c6a0ae1e17f3fff83ddb2635
SHA512 853261c439b26cdc8991ac289b9f9925976452ed613481b0cf09e75444882805ffa15633eba441d8e1a04641f5f6378b68e2270a6a48d3911d7f9c2c0b1235bd

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\FEB2010_X3DAudio_x64.inf

MD5 49460e9297b0faab5a5d73e7aa2caa67
SHA1 a7e211f3d4ae808f67a798924c4d3314183df873
SHA256 68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf
SHA512 92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\FEB2010_XAudio_x86.inf

MD5 e6e942a2cfbb587bfcc4203b5bb34fd4
SHA1 2e0172ea1936911a98e11a6e98990703e24172c0
SHA256 74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca
SHA512 3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\FEB2010_XAudio_x64.inf

MD5 1c4dc3c97e96135a784867d68d193bef
SHA1 5019f79ea9b624999fe58420daac619c5695994c
SHA256 da63330fd2a1538b714ee6cf2e09256446a04a55f866b3f70237d8a7165cb3e3
SHA512 d529d68ccdacd41a7bb688bf226a23f4d08639213d96e3e428c16176681c5f7d45ca8527291322b2a6d4dd14fea1cab3cf183006bca3b5a45fbf2e05c2ee1437

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dx9_43_x86.inf

MD5 a11deb327119b65bacce49735edc4605
SHA1 0be2d7fa6254b138aa53d9146cda8fedbba93764
SHA256 6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b
SHA512 b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dx9_43_x64.inf

MD5 ce097963fc345e9baa1c3b42f4bfa449
SHA1 e7624afc3a7718b02533b44edfe4f90d1afda62a
SHA256 272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f
SHA512 f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dx10_43_x86.inf

MD5 53a24faee760e18821ef0960c767ab04
SHA1 4548db4234dbacbfb726784b907d08d953496ff9
SHA256 4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862
SHA512 8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dx10_43_x64.inf

MD5 13c1907a2cd55e31b7d8fb03f48027ec
SHA1 ca37872b9372543f1dbe09b8aa4e0e211a8e2303
SHA256 a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377
SHA512 545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dx11_43_x64.inf

MD5 590fe1ea1837b4bfb80dc8cb09e7815f
SHA1 792b5b0521c34c6b723a379dd6b3acf82f8afb1f
SHA256 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b
SHA512 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dx11_43_x86.inf

MD5 fb5d27c88b52dcbdbc226f66f0537573
SHA1 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a
SHA256 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0
SHA512 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dcsx_43_x64.inf

MD5 e1f150f570b3fc5208f3020c815474c8
SHA1 7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c
SHA256 5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a
SHA512 a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_d3dcsx_43_x86.inf

MD5 cf70b3dd13a8c636db00bd4332996d1a
SHA1 48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7
SHA256 d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1
SHA512 ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_D3DCompiler_43_x86.inf

MD5 1a86443fc4e07e0945904da7efe2149d
SHA1 37a6627dbf3b43aca104eb55f9f37e14947838ce
SHA256 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf
SHA512 c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_D3DCompiler_43_x64.inf

MD5 6494a3b568760c8248b42d2b6e4df657
SHA1 700f27ee4c74e9b9914f80b067079e09ec7c6a7f
SHA256 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216
SHA512 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_XACT_x86.inf

MD5 dbef26a0b937dc1859e9582aa88bf928
SHA1 25f85650c6f62e59c11f7234be22d34e890793b3
SHA256 ca604ce9d2ee43a09b39b23a6a2a048b1a79d85c7d78679cc73aacc75cf7a62e
SHA512 4259193cd51168020b3b02ffaae89d7b4a972273b227cc3116c8cac3874b7c329e66c989ad200f93b05d1e4f90657b5391f37d6d128108db66ad7d6a758aa34c

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_XACT_x64.inf

MD5 dc506eaa8bdc02b0918e8ce956b505ce
SHA1 9bfa75f2b2d7ba26a778623c8505e10428a1f6cc
SHA256 f3c288d84db29f7bc4d2c771341f765b5e1940a4827fcb55a65b48eec83c71d3
SHA512 9938b821370919a25e801cc19841e951ef4523fa62eeccade6825e74c43319e9bad2f76e5971ce5d26ec2fe55258f7c9390626bc3b934c84b70f7a2870976b89

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_XAudio_x64.inf

MD5 dd987135dcbe7f21c973077787b1f4f8
SHA1 ed8c2426c46c4516e37b5f9aac30549916360f7e
SHA256 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8
SHA512 f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\JUN2010_XAudio_x86.inf

MD5 31d8732ac2f0a5c053b279adc025619f
SHA1 c8d6d2e88b13581b6638002e6f7f0c3a165fff3c
SHA256 d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da
SHA512 abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 3fd603add664c8b60223449662676851
SHA1 563d9fb255f9c02f7ff290d1b9da14a31163ed05
SHA256 0eff6ceca92a8c1d7b7416da329677884b07344f101e7947f73b00719acaf400
SHA512 6c963b6e53884548aae109cb75e83b3e19d0e775f6f9b633a19b23317c03b911cb2f869c0f4cd86668c02210dda7e48dd2027b5680e612521ad23ad0c22aa440

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 a73e7421449cca62b0561bad4c8ef23d
SHA1 cf51ca7d28fcdc79c215450fb759ffe9101b6cfe
SHA256 7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059
SHA512 63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

memory/4984-17923-0x0000000005120000-0x0000000005130000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\microsoft.directx.direct3dx.xml

MD5 d2ecbcc04f7e087d738df9329d47c30f
SHA1 0f2d7c485020928227b668a148b0a60d99bd6695
SHA256 7b38e6dd8c567d17d94f595c33fb234284abe884a1148025f59c8e426ec30c03
SHA512 5662bbb30d7a601efac49f0e090cf05112565ac40dd998787e40d4ee6988f985ad8513b0d5f80e17f8ec9e7784af1c50a70137c0ec22b0c72107b601503bcbeb

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 05f7606382ff1a2e9c123c3b13fda3f6
SHA1 0de69075d2c3fcef86f1d6c5d53e2ed9daf093df
SHA256 88ac8ff5a73714160c5e4be1154c374860b13549670dcfa56b47b5e3d47182be
SHA512 fa3313c1bdf02a20ca5b05a96d45c9fa59f231df3c2fd81e593714cdf1dfbfcea524da211631680dd21264df639c4e20727c152bc12624754e68201a69a1d8af

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 5e2b8b8a5ed016468716b9ff82a1806f
SHA1 f1772121149d87745738cd471d0e504301a9ad0d
SHA256 5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799
SHA512 4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 d3f1922325be8e7e1c72bfd8179454ce
SHA1 89134f43ce2af4adfbc4087392aee6fe56be7ff4
SHA256 8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12
SHA512 d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 3f92477e4788f1e8dfd317cffde25906
SHA1 f7ffd08b78bf0c63cf696dd9438da53d6b8de5d7
SHA256 bbef04d986be84ba2ef913a7871f4ee4fb3e58ead0064dc17783130ba91f9032
SHA512 b8dde5fa3f397a15c58eed8dca08b39eb275fe1de0dd305bfbe90ceedf6aec29e3beacb8e7dbfab1e4b23be3d23b379b2ea899d7d63142431292d12f948a19c5

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\microsoft.directx.direct3dx.xml

MD5 1c124cc5c3be4a5e8d6619125b1b33eb
SHA1 455365d2ff521d135b75522a4ce6382aa73b7c30
SHA256 c3cc575c93690ddf44fd71fdeaff3d61552e9d4eafbef77840e4208522d81fb7
SHA512 1e9fde35b9c4d4a123a92545f5b15b12657d4652328e8d249ca31338f80b10a9b70811a16c40e82f286ce1b192bc545d29605c2ded4b937cf69088d9aa9943dd

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 fb3bc0754921873a65f5fbdca845e6ee
SHA1 67cde5bc8577cd3040e275d290ac021874da9fe8
SHA256 f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8
SHA512 292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 afcf5f50c632f3a5598abc28f196d77c
SHA1 294385693592f9d6320f8b0b18f45bc194d01a4d
SHA256 5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013
SHA512 29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 82aa2797f1ed4d96b4f6e4f8746ea36e
SHA1 986fab84ca141f01e336bd74bdd346a6a5d19c67
SHA256 6dad4925411ed61bda6bf37dada2270c1bf6c4d8e0fd126b4714a4080c65aede
SHA512 e1b2e96503ac212b4ace472d99115a1c860f843343ed00139fe5d3cab653609afc96c833ec0d542ff36ea44a6d357be1925f0ce3b2a812300e8cffe0950ca56b

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 db12be0930f0389d0be87a410b12f1b6
SHA1 3b4581cfa56a41a3236bf5d3f3dd1e116704088d
SHA256 1d454d739cab96ec4caf95c99f8a81ec260f619089a626359f7dad95c9f9f448
SHA512 1c85de83f10f3e6f656cfd9c56823f61433d0abb35cc593898404e8221b7ee0400ec722ea4874de39f3307518cf5c6cec1b143c90e1d6e312ceb57a335aa7dc6

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 c7565358c9cd6c9f4929eeed81595655
SHA1 2fbda7d76a9c3b338599d9efd44b4cfa6117d94c
SHA256 a6c43caf6378b4f13f3adcd1b2362554261e550ac448fd577229ae5cc9f484ec
SHA512 ea79a81d03ef834304e86a08a35abe66fab4dfd9b612dea3a1372f72cd6620a99201460852d5f11f576f7e7e194e5319bccc71334144fe322502c6b64d7a5104

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 43c280c3b15ceb2472ab560d09629664
SHA1 e3a897d7608d03c93b5c2b8aef52703452cf6696
SHA256 bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c
SHA512 5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 cae2fe9676373041a14487504c6e8a3e
SHA1 6c36d073a6c9089d330cf3cc1d5e9218fa6e4c71
SHA256 a5cd899768b96c2aa8b179f20e2f63f7ad8cbac39ba3b4c7054574eb550ceb4e
SHA512 72c6853328f658c89b80be470346336656f22ccfaea518113cf7cb3102a02833dffd1a7d650253670a50791cb9c18c2d5b5b364640407aa3d8d6ad0c58c44ae7

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 e4cbf9d4bbac72bf0b5aa19523003a4c
SHA1 5ca474daca09dd7c9fe6c5ab073a6df00653ec4d
SHA256 808f516f3dcac4125075453f2ffbc3206ab49583f798a0770c20c93ab228e980
SHA512 e2e6efa3bab856da5c19f5094e913e689d2361e3beaef04e731831e5881256d5847fb99ae9c6e560d11f88e1b8abbd5b1a11045f36fa86371874ab59fc6c49a1

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 490807c150b7d8be44bde871f4df8c56
SHA1 69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e
SHA256 36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77
SHA512 9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 ec6f8dafd315179f507f7e2d3bce1fb1
SHA1 1a0482ae241246a8f883666933b1a3f1d95e0209
SHA256 e216a7594d5c866d8ae2cee2d833376096d7f766dabb1de9a7e038d133d74939
SHA512 cc09ebed288e0162891fcf4230f232b30581f5d75a3c501b0f488937e8c4f7cfbe2f2eb0a8d95f9f7e1406dd098fe9d7f32215d9a6584a4696243a4b270baa17

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 933085360527de1b4947289ca468184e
SHA1 d5ee5e1e3c992c7518b5ce510c627c1564131b12
SHA256 78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d
SHA512 2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_24.dll

MD5 bc831661963763ac4d504c5cabb1fdd9
SHA1 51b323ea377f9dcd52946f5fe77ceb5673d1592c
SHA256 94ec67763f67932dd4273ef5cc12889a5cef090ffea3ee78a80c7b530272b1b5
SHA512 fe97241d5d9ce298f62ae3295eb9f4091430c8c2c53e967b76e0aed76c3579f8bb07338a0de48e4547c63ab381b3b3d0989a183447b8e47496f35493541295e3

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_25.dll

MD5 5b48fe9d6686f0d54b26a005ace24d1d
SHA1 1c395f6d2aa729a607e69dca73f8205cefd26aa4
SHA256 4c54df27ce84d21b2924e64ff79b13e7876ce85d8e0c9c1d0abd8da73888187a
SHA512 6a4fa549578097ba36495ec210365c27d165065820f0fdad20864a3139949e72da00f9b7c614d07d8950307e596b693ed7a291a5c69cc0f9ba30c5f74d6332f1

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_26.dll

MD5 523ab607eef81cc4d909e7febd8a788e
SHA1 2fbf1444daab3312da6b34509763656a28252134
SHA256 8ea96fe01c3c86a36fcb3795ae03eb12034003e335ef475571efaeda17c5bc78
SHA512 791f520533f58cbccded4e7c1f64fc14d20942efe57f32a5ee75eca4107543718eb35ecaf52e6eb3d9112867141271b8c097766fcc3562f016bb612bf840528a

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_27.dll

MD5 852edc778a7a50077694f84d8e601234
SHA1 14705b638e1af81ddda5dc52f68c61ebfce5e9e3
SHA256 a70d571cd675c97c9eeb4a234dba1d667ffb54ec3bb14defb36b3e2f605ae257
SHA512 51c4031d98bfe3251a81ea9f4434ce38f077645a40d0ca413e31b6951c384a1635cb040c24ccf1baeef3d5a47d0d18d8b47fef3bcb28570d6e936fcea6f912c2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_28.dll

MD5 be19b603dfbaa829ee5b7749b3ba97db
SHA1 3d42825b3e7fe5744f67ef145ed47bb524496305
SHA256 f3e391b5f1c1f9637cabf2b812b6f5d65e4776c89d779f506f6b643cc563176d
SHA512 095e8357911c1a06000f5df291bc3cbd80aa3a9672f485fd1f2b9bdb1172d1c7235449485948bee26fcec630d6b80fc927454f9b32cb31c823494c780e0e3df6

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_29.dll

MD5 39057f03e2fec8ee7153f9c7879afad9
SHA1 5857e040cd200241a7885b911837f69067fcb382
SHA256 3fd4b665253b1df0226b400de99711a65c5d708b088fae3fbb97f59d7a13db02
SHA512 0eacd506d5a7cbdd8f4ae5947b865eed0266e40c39e9b74e804fef070804848bb6a617f20bfed981fb4b29a07c3d9860c91260ce4bd60a5c01295db47b2a0901

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_0.dll

MD5 2112fe0c46662d429347a7d7b49e3ece
SHA1 8cf607547e9c5a10f129a3a8f8f32bd295c0d5b4
SHA256 cfd1c2d34feb7d94f282e97bf762a99bfa7309dc7353d96dfe4aadc187d26c67
SHA512 77f77add8411d418798d643d783752896d3fcac002f15696caeaf45b5396d2d42fe53bfb409d66ad505cdaac0ef0a20a62aa45b50aebe65237d2c44af36bbc34

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\x3daudio1_0.dll

MD5 4e961525cc7ff0e5d7da19e170b7c14c
SHA1 7e3654ef7f7c9524ff415582f1b066f29b4234c4
SHA256 228dfece2b4555a243a73e7bf461036f1e53951977625651ff5a59deaeaf4b88
SHA512 8785d0b2188f36d53c1a2b99a669d6edff1c0c27905d5bda1615a503f115d5b0762f008481145cb0cb6a2589926543b9c8ed0ecc2e328593682e39b90fca2087

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_30.dll

MD5 e415862612e65f10d7d888443ecd7594
SHA1 aa8440ec3b5bac6594fd58d97c10c2ab7d419b2d
SHA256 5edeed79f2359527a55b8189cfa8b9b121cd608d44eead905a0f3436938ad532
SHA512 f5de2f9e045c3d579d98b25fbbb7b90aa9ddcada0c6bc4e103e5257394f3cbb7c968d89db61e15b10605561cefdd63456912aa428af5a62cb769ac8c4e5eecba

C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 779536fadc86bf80479536044230b643
SHA1 9413ce9ba2095501b4d5aa84cc19e10457061f92
SHA256 6a2ac8b0e325ca67f9d6992613cd17d1ca80ec77626d0ba71528d388b16142b5
SHA512 b86b05583d9b81074c7665c1074f1dab47dd6fa37b81f8c691e19d29fc486518c4481e86e64f1b021f77f52884fb0b1ba22eb8986b788b886edb46e329b3aee0

C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

MD5 0c453970e89db1c1eb9de087e6eab5ba
SHA1 c4c7e034773a240909332814f499730575a1cd71
SHA256 942e98f142373547493f13b14e1603b2420851aff013d3085bada7b6b2214d9c
SHA512 ef3b2cc2598b4ea58f00f93155319674450c8c35b706108ce3bbb5c2502efa179046d9d50e12725e6dc7a555f4880404ed03de15a0753606f20a1654799886fb

C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

MD5 75933586afd94ea24c5acd3dbc89a272
SHA1 970fd4b49d1368330c10279798991b901a233c2a
SHA256 406f473429573e9f0084aae125ef8f19f59291aa4c33cf7d40e7d996995a3238
SHA512 c096f0f11fb306c6a84886826306fe9c2862c3c79b14a8991a174224b41c2a68b76e5be506494d23d354384c715c5d82a1cacffff9644de9d6b93e9478087a1d

C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 8bb4c349113bd86909a5303c5015866a
SHA1 9b579fc7e18549d3860c54667299b3dfcda8b878
SHA256 9a7a9791b1cc8761d237d56a4eba08afbfa543994a885f427457e823b1c8477a
SHA512 a57cad25f755ea3565e38b18ce978d851ab9a13944064f0412076bbbb0cb8829c5fdc7388019748b31485b89cf36c1ac6af991ab26bc3947093c1f24e2de808c

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\microsoft.directx.diagnostics.dll

MD5 c0843f0f45edeef233b1e581ae75e3bb
SHA1 04569c78868eaa8927ba64f93312720117152843
SHA256 8c9685959706750091b0094522cec8644de1d1c6309e7a2fe02cef130d3a2b9c
SHA512 8fc293f5c5de65893d92c54f921c84f8a3f44fc733445dda7907ee09d062371ef05c11d014ba2017fd15908b911d0185a14b89d0a311a870fa33650c3176e442

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 51df3744fe1c44674c95a65391abbaa9
SHA1 78bad8a3a5c79f5441cbe7506632b48adf0d43b8
SHA256 3e902ce4ebe9ad97e446dd7b2f19808e13cd534a0a7280736300aefb73dd22c5
SHA512 13ccaf35c427b33e22821003af51af456eee446606ae23397c0e8a76a6c31a817f96307a5c3ba2d2dd39352f06fef4ec39de7e80f47e3d965b27d710598832d2

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

MD5 7ad4d9fabd109432eed91b359ceae430
SHA1 c1dcddd86f9fc630cc0231acd7b732fd55dc5f63
SHA256 f3359d5e41b1d4fec7230579a593e40fe44f6afdfacd1e2bbe52ee06d84686fb
SHA512 bfeaba581a7aeff86bac0c184da823e4a26516a3c4f39af6b6b1bfced73117f3816c567b182f4da0df1935a6e97b6d0520cf02f518736b52fd27d37750e863fb

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 f1306e1b92bc68432f9258e259f7ef73
SHA1 5a097660d56c9dce73760b78495bee9945ff107f
SHA256 5df7a06ae74db26b6b9a77d3466c00547c859ac1e3bcae1e3ac29416e45e8653
SHA512 21efb61c156c497811a1369a6ccee98a47a045dd7a128fb4cad874214a4c9b84d4ff534f92ab98c4f96e965a69301282a79eb7f097732df5daac6676110637e7

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 25c76c1e29d3e8e7398f0901f558a629
SHA1 2e907c9688a025538f1b2d0cf1860a2ae49fd2e9
SHA256 2ee41d4d591a39d648e90db4d47d0fa0557fd68197756ee2ee94fcde4d820cfa
SHA512 7308fd91859d00debf446bd6b594f3ea196dbe46a3583858c76d2cbb008a8698207f1ce7746afe3de4efb9a27980f5f813c77cc88e273fa82b2695d8f3d15039

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 f5949f3bff3299c7963893ac1666d35e
SHA1 5bf8af4e772b23ec22d865fc6e7d339626f0fa20
SHA256 cc651d9cd7eac593dd2165557c41fb0628d2836ddabe54f84826798b86c9be22
SHA512 c62cc36109dd203a3890f4d4ac09831755676a26f144954f08b03c97e62bbafa19dbe941c066a058235463fb1dc99dc870d3b713b64fd3a08d6ca549b1458bf8

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

MD5 d9824a9dd107e598575112b4ff897292
SHA1 adcc54d159f1eeead01dbd2fbc73c808ce519920
SHA256 ff4c03bbeb292317a77c86c1c81ae9564acb984b352fbef36d66e2d8bcbd79a8
SHA512 caa1f0411e0470a315ee8c7a62defa972ff17557bcfcf74016c64ad11b0f6fa46a126131a18e275e59e025814545e1d7ffe145377f6a0bcdb8cc93471e4c9bd4

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 9d34961031d0b252c60b7d5efee0820e
SHA1 539f359c6f39ef14a8f590a440c785756aa86a9b
SHA256 69699ed084441296d944278e34d26f192a87e0f913e4dfbc8a9ba9391a9d9849
SHA512 d6834d181f9b95068e63cf77d5c75e427a0cceb8fc6691a65ad20bbfa21df311323ebaf0064f525d5e37a3c5ecf01ff63592ba79cbaaf5443a6c2b2125bde595

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

MD5 cebd995ddeab2c525a5c4e95789bc961
SHA1 1c98da39d7eea36d73b361ddb24054038c2b8331
SHA256 0ee2a2c371a918cabc85143202864d0c3a4abf1b93a5029081a622e0acf17ab7
SHA512 158b3fe6e6605eb56a99b2135df529226f9af4b001ed0c2e1fd201a60054e2201dc22245ee5a02c6e7778337f1974ee21fa088e94b13a7402e61f64658de49a1

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 c73b2e21f0ab5b696430be477cd3ad07
SHA1 b08c9ce15f345e930b489d24ed8b8f213e12b0f1
SHA256 42eaade503e5471976214e4b80bf125e3170493b9ee2ec26cdcc06aac5ab96d1
SHA512 52517a29a384450621aa019509e751dfe007215aaaf3942753867dadfeba138dc666cad10c74b256c12fe3d136988a5b11de1e21a6fc7da066a222fe70e14321

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

MD5 46f26e2bafd44960e7f13b2ef80aa0bc
SHA1 2277bc8980e0f6c3672c2348b0494f0cc0ad611a
SHA256 489f65e1e00534835486e9255eec92b83edae4dade6dff867a380859ae53006a
SHA512 5b5147940803bccd0184b46e60560f967831541e707b5ef19781103e31235f1ba05d00e44a6f2ed061ebf5dd7013d9c696131a3edaa77d3aabb85b3255ba5489

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\microsoft.directx.directsound.dll

MD5 d035348ec8968861af585b7132fe4c7b
SHA1 877ffdf77b9cdc1be14135cff0b756a231401617
SHA256 2e28c8fb8b87b5ffd1e0ea27710a2e785ef4741a89e4b3c3af726ec63d15a1fa
SHA512 94358b581510c68049ac92990674a6cb495cb8ff005f7fc03696c57ba8b4cb384c5035d9332d0ea39093ba5fa5c8082143896cd2fc7ac24a192520789c707458

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_1.dll

MD5 7c9952111f4c743b9f0d8b68b6ed93c9
SHA1 75dc863ed10e4e4a18fa06dc32789cf16c738c38
SHA256 666cef7d27a38f709063c9c581fd95e6b3fa27167bff4beff484dba2dc922a2b
SHA512 aaa3396fa9081f25b2eff6682ea26afbd297c8a61cee4540f9a947c1a96ad51f114a9985bbc69ea7d0251f6e4b1e835c92daf0f8c5fd66e477e3243ced3c9bef

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\x3daudio1_0.dll

MD5 f77d5ab654881e683cff6650916c424e
SHA1 56d8f090755f1ec60b13e748b040069ea8759b5b
SHA256 77cc09cea6de69f12106e6dd9df1c0446a525a54c3953d69d64711b9394cc38f
SHA512 dcd1273673f4088e854057e47484bb363e1e7ce094bc2c98ad7cc9112877892c1d6fd591dd9cfb325d6c451f2d03a4cdcc238af1ffb5382b7153f079cbe13abd

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xinput1_1.dll

MD5 f1726346e583442541fe73429f8e9c10
SHA1 a1b7a4edd7d1164197f734218fb485165c075d0a
SHA256 69cd725c53e0302e75db20e9a3e4b33f58dceaa2e6ea4938b2733df8bc289a71
SHA512 ba17740271ea92c917db85c64d4ef63a8f2036fb1398abdcbedf9d49c09a53e34ea04e8b3f5a2ee41c2b2ecea6196ed7f9866ee48a9f3528c3b4c1f19dc167d8

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 fd1b55b856bcad2230f4338f72f9cf9f
SHA1 3d1bcaae1f2f2a759486bbf4dd543eadc7efbe91
SHA256 300ed1a4ef37c8d5f13d67a5daabd46bcdd9ad9da4fe6283f20d7d38f72caaf5
SHA512 dc73dab5f5384a01bf66197ebc9b74a24c146e8f17571c98edf1d7d1dbc33b0f4075d46150b782891397d8a4875a8cf375a111855eb689f2a8e6ed0aa3ee0091

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_2.dll

MD5 5c4d3843b491c047b7a619901fbd2ec1
SHA1 e02dd40f54e7dde0bcbd648e4fc6f723ac438bee
SHA256 4f996edb65022e33ae9c9f7acf7232c8d444f75c50c72894f6d3173b55404ebe
SHA512 474105b213bc067e0822ee22c769f0caa7a02f2d74a0422b676675fc45482db3a8a3dcb2744339a4c7fa029a2f58a2aef5db500c65cf646106d8ed096b17d062

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xinput1_2.dll

MD5 33b62be226934e1b01f5043870c70427
SHA1 ad96f837accd277da2933d07aa86ffe3ef803b5c
SHA256 9714d146a785d458f0de8fef387d82c9f8e101c02407a0cbeb06f02a69518eec
SHA512 41f859fa59145ef6cdd6cfc4a14f90bb932d2c6aa339bda1763d8e315e6a78bde561010152460e6f996c9ac9ffe6650ccdf6ded34656081a0ed9ab1270773710

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_3.dll

MD5 69d841744b2bae38fbb2d40a230a549c
SHA1 2a6429b1b1758bffe3366ab72212fb9b02152d77
SHA256 ca20cf8e4034719a46bf67c6009486c2c1cfc2da10ffed3a67dcae677b4f6793
SHA512 d5e26da74fc84da90b0f60451479524f1d03946076d009328aa7f9939456762633006d11970dc4c849101728ca32350c125005eb4e3f75114d4528cb17a35b44

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_31.dll

MD5 797e24743937d67d69f28f2cf5052ee8
SHA1 7d39afbf94675487a9ff7e41d2dbb8daedf7ad00
SHA256 e2065619fe6eb0034833b1dc0369deb4a6edc3110e38a1132eeafcf430c578a5
SHA512 8804d0d95688a932c7bf7e1a023179de8df3a5436e356b36d803cb9781f3a378adb9fe69d03b28362755b808cbeb2cc718ab920672270de0b954996996328f5e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_4.dll

MD5 6550e1a0a7be611592c31222fcb981fb
SHA1 2197a951ecac85f7144fb925f6daff9ae7811e5e
SHA256 1e0e09fc077bdeee3de065c663b83f6717d39d56778833f030955077d490d000
SHA512 4013fba5e4211e66ebd9f733ff35635cca82875d6af71dcfeb481a436efeab608fe41310bae63d55c7fdd64a5c5f64068ec1eeb997160c8ae27f21f28e2bade9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\x3daudio1_1.dll

MD5 121b131eaa369d8f58dacc5c39a77d80
SHA1 d8fe20cb6f28bc5334ae64a8df3563d1985beb9b
SHA256 ff15f14174a5543f028fa49cca745582fe4cacf3bbe490749cf43444690ab359
SHA512 ffe19ffea137603e5401f133d461b30af6fc25b3affb8a8ce20b98e3270de398b9ecc83a6cd904ff42c5885d3806c7e175957bf4a5827dc2f067756a51bc40db

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_32.dll

MD5 26af232140c88b42d92a88f2198edf6a
SHA1 b62aed3f71d8963227e5021c2222192873ce753b
SHA256 e96693794daa05a75a83c11df2e7b42f2de61567c6ad0b69e353b50f6c88119f
SHA512 54a6a235af4dc3f3c693fba5ac2d487d96c9d7a2bb7deeab35d5a252e723e597226ec84e953625c8808546f91fbcfc42add85076846a63925fd9eabc09dbf935

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10.dll

MD5 6f34f7405807dcbf0b9bf6811c94c6d9
SHA1 2de04a49825acf76a6a7aa02108337142d30b6ff
SHA256 fd2caa28493ea76021b93641958238b7a933f4f6db1a2070be03cc81d87d8307
SHA512 df623daace6702d25365697b62a4ab7d03d944306521022c6e65e94cf1970b5057da811f10e675c952d93a37abd1b862b8ce8648429780aeb99a4d55fda6aaad

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_5.dll

MD5 86c93789e9006f1ac47ed9dd47d4c8a1
SHA1 e9de46eb68271018aa31c71ef89d1ddef19edf7b
SHA256 ec68b5163cbb5f15e2fbe37fdf5fcb0d01dffbe53a460cb2cf668f31f0127ad5
SHA512 5a86661171f039946fa0568c6a9c655026c0a74c04a7789fadcb4acfd6a4faa5179d14149321920ceca9a1214910abec3e67e356898d5bdd044ffeefaeb57df3

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\x3daudio1_1.dll

MD5 489e5b8bb1bd1028ff1c798eaaec65e4
SHA1 da9c385c48a6f590347581c5c3dea67502b99837
SHA256 fac23787e7c199c1969806850b5a9652f66f6dcac86f48f6f834abc253848a55
SHA512 33e3c28d60c7063d76c6959ef18dbb0227466766c4be9ce920911e192b75c18d11943a2eb0bef2caa920a6efa29162acf9f6c9c07ed5ddf5858420b240e0c0cc

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 bce73adcf5fcfac42ce15c6691275ea8
SHA1 484355fcbc55357c2f576fbdd64d33c8ec8ffa5b
SHA256 76eed293cdcdf17942acc313366b22b55ad78ee0389989438e63ab7ae145167d
SHA512 5e53f89142918eca969e005d006f0a106862877ee6e5d317ffa1b7c017730fd1d3d98e5e75f603183d0371da39c11022cf62232a2b614a9bc5e055f52d6da65e

C:\Windows\DirectX.log

MD5 bca11d887251da545b7419315694ba53
SHA1 bc2e87fa67b60bd1501afc9d7b98bbe5e9e41090
SHA256 a8e6f8b31d0b21a665887709c20c0fa154e07532b49aaeacedace6f73410bfa0
SHA512 86b0fea4079f83c0936ede2691460494fe63083fedd3841b7300e9d6ff7adcbfe953fd8d31152e0412707770d920ec3adfd704b4ffccd413a1a2f1ab384b1930

memory/4568-20253-0x0000000002010000-0x0000000002074000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_6.dll

MD5 39000e033d39d19ccce21aeafcce2476
SHA1 6e7823e689a9b720a049a260380805a235ddbf75
SHA256 be45aef0889b03e2243282a912f41580e8566db666a782c26a1d4d7988799d03
SHA512 65047afe28308ce69e3b410b3b52b5fa4f615c95802019cb9b78ac69694e9987076af4bddb2ed7e47b0fbe73729c91b94c525e5b7644a42658663ed044b384e6

memory/816-20390-0x0000000000970000-0x00000000009D4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_33.dll

MD5 cdb1cd22baff21f48606b3c1a18b000b
SHA1 9315b5db975a34dbebdb4dcae652ba1db01c482c
SHA256 c6b7b2ad7742dde5dd8d1a35fdc1c185e586e551ad9c74d3fb21759cd8ca4da8
SHA512 c5fb24de8f1ee6fc1ed6e74580b5d22599ea4eb6c3589645fff0b15dc8dca051c4917e60fbc00ca86542dd63a8f5e40da92ea77e24826c0c6bdba9b58c36d4db

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_33.dll

MD5 37a8171accf46a9c196054066c28827f
SHA1 886264510372602c2ee0193c5a185d719a61316a
SHA256 b04e2b089656eae01a0071359f9d7fb040dea804c1b9d2379431864174259c2d
SHA512 713b843a35dcfc32caa67c52ce0a32af6f54dfc4c11615d32613017aeeb257fb3f9168443a4288c71209e5d40f2e1b281febcbae6da076d2b57cf01aa3cd78b2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dcompiler_33.dll

MD5 fae7e1d578c42a7c3d9d61a99d178bd5
SHA1 8ac88ff2bc5f616ed284a04ddcbaeb72fb1f304a
SHA256 12e238af4b4edc1f774213709a87a91b77b2c9d2d18fe475b027872923b6fa17
SHA512 75107c64acfb6d84e1b05ba78377dc4699ba83b694b7ace474665c85f3e5843db6d06348fefed539c6c2b233775c7ef81d7bfd81937207e04e637043633cd0b9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_7.dll

MD5 7febb8ce2233cbae738b16d42ed29674
SHA1 fdc5682d6aa0ec57b8f3c742fe736d74b3c649cb
SHA256 a43c92af3fbe91dfe2a1d415342631fe64e18c7dd3e16e93b6c78947b68e7bd6
SHA512 73a3c07b13b31d2df1cece720a0268cfdb7ae2a066b9e613f7c4ff0fc37b94bd4f32207149d56e1bcaa5656fd4501b1d136d94e18e97c07a8e793906dbc7927e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 45d4dac07aa361bcd77aa815d1724a16
SHA1 3bbdf7da5d51211ae269572961b5ebf508ada28d
SHA256 34ab99536ea59ad60ba6efda3ea6d18291ef096a0bab3664248d6045805da0ec
SHA512 d940002a8e0112a3b56a909008403b447e9cbb80e38b9bbd508f40aa68224f7e5d9681e1039e747ae939e0829a25be2319b9f9d0862cebb042e4c525ccbc20be

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_34.dll

MD5 1ca939918ed1b930059b3a882de6f648
SHA1 0c388397620ce0edbb362bb3ab2d4a9f31a56b6d
SHA256 b6f77f06518d35345fb61172b6a13159125ed60c469d28b1a2e07970e9ddf81d
SHA512 d1e09da8551e588b8d5d5837a79da9ae4ddd6a372457d3c341e68e3da07c0c1e84decadea9534cc87ef9ef38c094171004f836e6f74831fd6531ce72aaefeb5e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_34.dll

MD5 5aa9987f2e62b56d7661b6901901f927
SHA1 2cd4e3e70c3b37da134ecfeeedd377d1726d9759
SHA256 330e120d745e1132252df81800362a7ae0b61a9060afc800165ba8a1d55d3fb3
SHA512 af9e39f368b47b1500e5d68a6f234361fdfc29ea31c32f614c5887f124d6097be0b2d8f37287d0cd0b094d3a12e3f5881ea822542a1c85f10566604fd6228988

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dcompiler_34.dll

MD5 75f206c195bbaca6ef28565b1c0cd75c
SHA1 4687454c58f64f2154f0e99bf5a323f73ca1790c
SHA256 5044a5810fd931339933a8d0c56115a5a5c27d8c0d8e348977e2724a032accf0
SHA512 84c0a8fd3e4293d85e919940f6f24d88fc6fd68f39cffefc34014656fee54256ce581ba408eebf5bf9dac3da9de19f2bf8403521c55881d3877dd64a8e50120f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_8.dll

MD5 499210c45afeaadee8cf4dcf7d5e570b
SHA1 de5ca60de47c8f54d531b88ea80d9a24a8e87a98
SHA256 15d82e89bea30bf82de6ba0cfbe97eeaf05d1e06bc0133f0d1ee8d0cc41f51f6
SHA512 f76f69bc3b6cb4f92e675eeedbd10a80f0b970d75ea04392484d477a4d02dec670cdadcb90be9eb215c4ad48a90d28347c9104f0835e93b5a9803fd62670536e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\x3daudio1_2.dll

MD5 9e4efe7cc29ece294f3506fe0d8090bd
SHA1 b5d0e9cf45ac3b05fe21aed3ba41dd94b1ad1fa7
SHA256 7c06bb70d12cf78de9c6a12a53c95f9dba41c140a48bccd500483e5b87795a8c
SHA512 998d3034cf21bb9aafe0821a96c64ab0c38f770cf9c6a6820a2292b569510dbcd0e71ce56dae813614d9a148c146e095245e963905e71679c3cfca1ad98f5e16

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 98b1369d38333fe9143259687edfb25d
SHA1 3536573ce844dc1441b91e1124b6689b93add430
SHA256 d4e57566914f1d36f4ebfb6e164ce2170f1d5e6392189d0ad6de3ef3b0a9aad3
SHA512 3544088b8436ae6e48d22a7638d59f3c14fb914caeba17a87d1af469b82f818a1a71c5faacd52f69b5bff190b44fd91f893d07b7e05c2e9a9dd363bd75722057

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_35.dll

MD5 3ef18b78d17c962f2b71ac1cb7757684
SHA1 2380329c17c7a530075c7572d17592bb3a00c4c2
SHA256 2198022938156b790e9cfb0f7997494b66a11a1ad49b395be58251d635b66b26
SHA512 93e9bff79630ee5897bfb3bc496f778aba160312edcff9f0b8cdb8e8af3d5c7b73a8d95d54ab26cc638a2ff7cfa27153629f9fa8a4a687ae3c83e1178471e720

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_35.dll

MD5 f3764552e45880dc49b82f38699aa87c
SHA1 25e347799bb3f36bdee30aa78cd9e59c7faa5add
SHA256 db775655fd923e29509402556f86002dd9aea062cdcdba7073e1057a67b5ce50
SHA512 7e52bbfb4f309b9f5a9632efd3dc28a0509b7d5edf471267f7e794ce8479dd8cefcb29535327a7384bcc25b5331ff87c223fb70fbb5da22fea3c919ba4c5444a

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dcompiler_35.dll

MD5 5b441670a4f5f8bcce76741902b8af56
SHA1 b98df0c54483664ecdc92eccdcdee09d082972d8
SHA256 5a866cdf74f981e783624dafb0e72f133ad9f9b293856d7a18c7558fa357beb1
SHA512 0243deac1124425b65cfbc7d6465bfb09a4849e6c5be3645b808cd3fa487c3044c5b45e9943ee31542a7a47803c02f0b92c05c1e4bee18cf6076641e1c0794f6

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_9.dll

MD5 46ee68f04a75a1ccf40235ea6f1cba05
SHA1 43a30e195b8d894c69bd857ee377ce7fa6170fa0
SHA256 93a0d8fc38e4e9a301d9e721afbeedc5af40becc0b11a6e7e8e38f08f366ff6e
SHA512 16e4c624e4e74d8c1fd7652ae745a87de3698567faf0cf03651ad87f1f730405fc0d2eca68e4b0ff3c5c526c254aac232f9bd359ddb6563313a8f02db3603fa9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\x3daudio1_2.dll

MD5 ac49e8536bf510251611a77e2a6cb8dc
SHA1 8b1f64007fa777fa2aca1e456735ab872cbabeb9
SHA256 1ae37d90d39c36c142a51ab9fef7230788ff95080f2bc47734737bf82d3c2c9b
SHA512 2c33ba362315ab102e4898ae92f7bc71e7c0c7fda8cd79f896cfe76e5a2a4129bf6a1e48d75b82ed7d915c0ced819e81c0f89640677b6bfa388962ce19bde2a7

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 ffc75edfaca60d28b6e6c1da8488f0bd
SHA1 358ae6e2680666b994e721db5fac0105a86a9c6f
SHA256 fbe2e9cf7e400537a4871218113df178f70501ffeea59a8f0f721927124d6d46
SHA512 dadf216d9e92b349179b27cf436483dd5a52bfdc1db659f3d99b6d1bcc5f1fdf3b0fa4bc8bd08f89439ca1f07f5dc66625043f8065c0cc75e8b3627e59eb8d0d

C:\Windows\Temp\OLDAAA.tmp

MD5 87d52a3ce4936f6c93ac092c3cc2780a
SHA1 3be34b222d022cd4dbe28f0668c14af716f1025e
SHA256 9566e346fbf72928e9b48b3408c8336a9e77b331bbc729e8ced9f0670c51c699
SHA512 d7809bf29599e86a5c164d6cdf83e9b8a29ae08972c998bed5bb8a93a11742a5905867d2bc7118498985c4f1f4e6223cb0659e8d9784a2ec05b12bebf339983e

C:\Windows\System32\x3daudio1_2.dll

MD5 9355a1169ac104a3670c2a77d060ff60
SHA1 6935990e213c432e4fe3cd667148d95c0a33bd02
SHA256 b822d7de1253c52676f4e20f9c715e92759b43b69978dfef2527b6101e420ee6
SHA512 9897bf3ab16e869b47840b72e0d8166e0f6cfebe0b3254e278d7cb046a5d50fdd2d8624da788b9afbcf58fc95024ccd2e5b9b010de074e8d9500669f349061af

memory/4604-21421-0x0000000001E10000-0x0000000001E79000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_36.dll

MD5 44bfec5c9c82a2ee9871d88fd3b9a0e2
SHA1 e2aeb78330d0815cffedfe88438a71024577d4b6
SHA256 c12f0ab0338eb5031d3d04beaf7208ac848f7e037d21ff963d2af90221cbe935
SHA512 35c42ce3afeeb3710d3d96d2cf9ffa2828fe17f8d749fd149e3797e87e154508c77f637de0e424d38bb3fa56bca959cf9da7787323950ec8261b144c09ae306d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_36.dll

MD5 d9158e78a368b08d9133043eb3058c12
SHA1 d71d6f103bf7433f442f55c355dc74fd4b8a736c
SHA256 aee0248f18dfef8194451a22c69adda1cca38c03ae9aa776114da9d8851d4c38
SHA512 8bcf2da86f708ae84141089f80131244d957e64c6fed0fc39dc688201659cffa7005bfd4cbbb315ee0a60c61e38ead3b4e4fcb3d2f0ecd0386a6fbe486d82bd9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dcompiler_36.dll

MD5 fb4299688a0d3a37687c015ac2b9922d
SHA1 a4898d246afbb0ed399e77fa5ff29c99caf912a0
SHA256 f15efcab1780fe7d784a3cd3798f147fa249e81b7ef9a494b85dc7fdab084734
SHA512 664b139754d587dc32820354c1333fe6a5528b07b8bbfaf27374a5da7e86a4c3e7904250976ef3cf8620fd0568c34fa75704a8b1585c382b99d4ee46518617ae

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\x3daudio1_2.dll

MD5 f6a9fc2ad2f9111372b5ab3bba3707ec
SHA1 bc7afb780d42a332497139b5236b809433d86009
SHA256 4c448c7f77e3b4385d2cd35d0c470589cdf0524e532f9cf7ae084a8f88aa949a
SHA512 6cb44bb174ef28cee3e3a6ac51897b5cceb3f2d06d08c556cf6476a285de3e3b03a624ca92fc11b95f29694629457fa39747e3041736f9b76e84f19a052ecba6

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 c92c92060d535cc9800b6ce231276852
SHA1 79281861482c717e61fe9bae300e0fba310485fb
SHA256 e0838d8d562ed4683bc06ecdbc46fe19dcddf711a0c7909dabf62da572035dcf
SHA512 7c8893c92c005c7c21f829912da4b9e5a843e842826d5e362a9828710486240aa109f26e38a84cfc03617f4abaeda25f0ce215b8f6a1f9a65c58ef5606814d13

C:\Windows\System32\SETDB7.tmp

MD5 bc78d5328541410510dde06b9fa92024
SHA1 f6123294896cc3c3d3cf5a9e0e03319f58da7cf3
SHA256 7a34a7a8af47c6b2cf890ecb56bad2454ba5eb1ef2df6fad9ee53c4770e941cc
SHA512 5284d695216aa4f70abafdea130326d8ee3c6d9a9858dfa3f5b184c6b8b185adebcbc92adb8a7530f9127ae1de30561986bf9c85bfb8b474a9812151a7843c59

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine2_10.dll

MD5 73e055af78a64f9b2779d44407ca2ab6
SHA1 d771ef11d22a79dba7deccb9b3efedcbe74532d9
SHA256 113640ae8cf78caa7cface2f906f9e6b60809906f5c26e08b2e90fc48430f3b7
SHA512 a8d979297ecce24a29459e7ff814e53c649a6c969869279dbf0f29edea4d73883441519a27e5e46bb1e4b5b942cb26907cea9a488de0067e589632687b25b5be

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_37.dll

MD5 ac3c517fb0fbbe45fe44007bcd3625a7
SHA1 eabe1601d0132882c7226a4ed04fbbdd5e8f0db0
SHA256 c2ccb84c672a9d8966e82a28005a4269886ee304972ac3590c0b8a9c1622a3d8
SHA512 89b44142355c494f2a21276d0629f3536adc0dd7cec101a1f2816031afcc8a96f94663ad46744c772d6b63d172ea62e9b957d6292e4a6184f958576f62b05836

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_37.dll

MD5 4a43e9a2b17e4cafa9cb5fec0b5b686b
SHA1 9e28d3d197958e65ab8dcaac91fa55cd1991c3f5
SHA256 61aaf973712f848b24c3e769e3252248ece96db63f206de0ca7ff43d9ed87a51
SHA512 8411bbd130427b690332d222233465bf79426670f565ac3b01a71929dadcfdd18002c54d60981dc1f202e6625f99ab73451805d64518fad9b5a9793407df2d71

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\D3DCompiler_37.dll

MD5 ea752dbce35045d3c830dc16578cc8ab
SHA1 0a9bdf391ccdd113fde4d10f0afc80d54df01259
SHA256 715876d15b590936e4d32602a764d810650eec134922b32eea742e2fa71791c1
SHA512 3cf5e79062203d39fdb74e789e22405b93de126deda3d698963682d51f264cafe9a91d433312bb7976fa9b50a4798060fcb97b6de7f0dd422eecac2a922e31dd

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\X3DAudio1_3.dll

MD5 c593fd0a96ee4b6390b653c4c641313f
SHA1 60d71ca2eed9ff8afa5561cf1dccca03607134b0
SHA256 74ec3e6b253af1b68252e62a5c08479453b3341d49c606adcf36913fe9ed9717
SHA512 1bb328d1a68dd7b7657d033bc2bcb8e2c096bc591e435b5691a4ad4f0f49cfad70d4e48af48d10eaf4ad13d479a3f4fef66b09a0852f8c61ff33937c7ea22190

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 edbb7730845fe5ed4717b06f84c1cb2b
SHA1 d9bc196e34d69ca0ec91a5a835b444ac3e8aea42
SHA256 de817d92db706f329d50567221c42110ae781d679ef853cc684aec779ab51ccf
SHA512 cb7c5db143087a470d7ca7f5d4200ae62513ffc27b864528d851c310d0f6f68d55b6fa45b7d3e0b81043ada5f7f6468447e9a877b6c6e06099c38690a6c07d10

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_0.dll

MD5 8a83673f0ab001870583fde2b004fa59
SHA1 be8d312b359a9b8f9f184d78c93c762cbc46e321
SHA256 887329745c479ce8d3023c969adf66780dd7e51ab536f0a08550ba4c77066c20
SHA512 583c73590d4b90576955783e24149125615b135f5bf5a815674e2546b93a8f89f6c3a286df09257e547bcfa8c0bc399abba59fb64158b411a83f28a4a4feabca

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_0.dll

MD5 418cdc57e55ee79c3f86c13a19b3d5e3
SHA1 cac2b8396b1c82a6f7ee2a3e3ec3d2e4c2f869fe
SHA256 e435b73193bdf651f7ae564eba05266595ac672db45e0e22dce92d0bcb3c6513
SHA512 1ba5a49d9102911d13d86ac4f0e4ecb44069c93a58e2e3225d9464755c14f8d57f230eb32049c2747385f7cbaa9c0da0f6001f27b685eebfcd94f3f5b8fa3250

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_38.dll

MD5 8f3eb548ac4ed90252394f60c77e3196
SHA1 e40bb2e3c99c55f2df9def2765bb014e01389622
SHA256 743e77a228e7d75442263ad70051e44534f7972c6326fd34b505a9c2c245894b
SHA512 bad441c93d37269a9d49edc39ded933e43baf2a563c425ea2db222a9859ecd1f076c2255c077a5afd07922b50adfda2bbb731ff6f292623b353a3dfbde4ce4e5

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_38.dll

MD5 a2650b27472c21cdd817eeede65648e1
SHA1 c0e5f70386bb229e289a476f2a95965699ba53fd
SHA256 bf463b7ee2235f351309b5fd790f514acf2b55a4a1f90222f7479024cc28fc34
SHA512 85320f262c10d80e889258a8584648dc20283d1af0467924e8745555c94a8fc056ac609b31d36a898829ad418c9df06047ecfcc644693bd136ccb50ecbd6fe91

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\D3DCompiler_38.dll

MD5 103cbfc5591008ad33046e20e8e1eebe
SHA1 4a8bd29d7cbe5652ba58cd6754318a03497d841a
SHA256 ddcaadbdd47bcba02c8d1880d456acc20732d21554977338ae507987ed04046e
SHA512 ddab1a2ab33b224ac3f9ed396415bbbdf96bd59bc6794fe26796ee87691154d5e1ca2abf8bb85e7a9fb6793446bf17f6f6f53b74e69443270f50ce0b85e06b6f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\X3DAudio1_4.dll

MD5 e3832514bd21236067b7227f6165ef95
SHA1 bdde126bfa7e3133f33e3d3e7b4618422c61acac
SHA256 799b38139523a3b30d26e21798ee705375c61eed8ae2434fddb52fde51f4bb78
SHA512 e60bb2b8cea5864f3311dbc0ad8f7813764bd55153bc0554e2842b6973fe24a1ce9e4381fc6fb05792d97799fb247d591e15b7dc41eec2bf563bd4f7ca797d85

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 6f05a242d0253e19d67978780bc06528
SHA1 ed8c623b0e462e92185d498552a11be01723861f
SHA256 ea31341129f7558d34fc2fcae9e715343aaadfc57f06a33a6da18448bd71b77d
SHA512 2bafde8afa6918956f745b34397a4f6ac479d3696a363184ea75cb9e05c5d83796527ea6cf343004544173e5370bca0258d5636e3cc5cec16701d68d82cd97f3

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_1.dll

MD5 2e0e25252e1d41752876e9fe12ade175
SHA1 d9de3a83235166a4bbc4bc356419c07aaf3e3f8c
SHA256 088999560171c60129c95f9b541852392602561dce43e4c61a453d48065f52ca
SHA512 a4555cbbde372893c564e1fcd707525c92fbcfb6915354b0062474cc47fe36ef66a3af212c08da117f2f2121698e556633f8c399199344354ce0d4cea4d0a2ca

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_1.dll

MD5 e34ff0115b1ee3b4e03d22ae9840ee03
SHA1 746e6e84ff7f630643ff9381b9dff1f40a49ca16
SHA256 32a7c6a4edef46f025a4a5c64b892e29baaae948e86d9ed49e82014eec1441de
SHA512 7448bb3ebb8815e13e14514c8580dfb7f6de1a96c90f6611f6766dfb48ae7bc4a06efdc493060c054f222e7d9b308e062e1cabb19a60f50ff9e20f06905df58d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAPOFX1_0.dll

MD5 dd165760f1b95200a3da2d9dfdb84234
SHA1 0724300a1cbaa32e03a234cf6080a67967c335d3
SHA256 8b396d275de2550af8ada6a1ff71f0f4870b51c8407e44044c2dde7ad6b754cc
SHA512 eb130afda1481dd0e27a19330a8be8045b3172e46edcc5a0cb089e191fe415c41cfbdf3af8f084a6ff58f89cf8d7d4d0879a3bae8f93a52ffc84da2d4fec5ccc

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_39.dll

MD5 8cb3defb8887c4f0846db1fc1304d6d2
SHA1 5fbe058848db16117ce7cfdabea1f178ba229a6b
SHA256 5d29988cad858f754ecc62c3d30de555f82cc21b5b26c448b890295e9b7bee82
SHA512 4cb675b179d05ead18d2e42329e0d10cd1d520cf9c8c0681b89aca79ac9c814e82941b0086135bd57721b66b55b6feae00bd29af804f59a486e935fda413fc43

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_39.dll

MD5 e6c2f1d8b667ddc04cb55b9f0159ef97
SHA1 9dc5c2d54397aeb56deafb63ee34b641f7030ee7
SHA256 613afdb8b44bb3bed945279229d9604a3cd553f8c2b9b091235cbab8cd00de61
SHA512 5cc39f19b6de99bad0be00fcbde9d498e23f29303c6ed4ba79c2b2bc63f259f9b617ecf6ac67beee8a71c03a0e80c29412e0159a5014a43a6168c37835bb0e00

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\D3DCompiler_39.dll

MD5 c4f1972497fe2ceb7d900938c97fcf91
SHA1 27c1886e7823813ac61c35ea0cd5b72ea0ea7dbc
SHA256 b99b655abc4ec45851cc2acdb7a348e739687200a4fe3be9c35d6738dd61112f
SHA512 8d35dd4000e1d632d0924b594d6ef13454159f8c3b85636f180486ff794b76f8a84d7977e340ef08217f0f68747b593eae0b44824a20c12494007f4a40cc3d00

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_2.dll

MD5 f3c6be26949caadb11dbf0086082fac9
SHA1 6b7a2475aacaf63f30964e9958713bec331c82ba
SHA256 e6a34c1f068f89d6515cb460eed3b4dbb53522c5579e6c75741482f0d40d9f99
SHA512 167afd32d847088d4973437f8b89badce194211f8fb1a14cf30df11848e4d4dd8d5243765edb1ed09df0f9b674cd7de764f1dae9fcac91f0ec98ecd259181d3b

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_2.dll

MD5 50f4a0d5e6a0bafefa78f353533b8e06
SHA1 d370434eea3a557ed77b2363dfac720a5ed98666
SHA256 9c7897b4ee1bcd190b1c0b7b77e64ee731d234764683a1e2286af70d86b62753
SHA512 7686b893996b76a25ca7da971ca3a10400dcc682a05e8317a9d159a9317537de0bc20dfdef643e85e6ee548d7893138497fc156f77534124a8eb3e3ce47f0cb0

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAPOFX1_1.dll

MD5 d95eaabf5d277ef91d9ca70151209e56
SHA1 3d47ebbd6236045309d2222a696b7141c0957379
SHA256 5ab63c0f040fdf65e681eba4daa55ed83e89ea10c426dc2fc763da0fc94f3ace
SHA512 6d2e73468485fee2b4007f1fdf16381cdd6c77edbe5530f63cbf8696646b14d06100fdf54a48547f29ea5775f29226b16808a5a1bd4c0778413855f80e5b8259

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\X3DAudio1_5.dll

MD5 350fefe18b86bd4d9ab2a96d00215a49
SHA1 be4ddfa0edc3a463471fc170e9706abac0a672fc
SHA256 315944bb2a1959c8a4bd2677ed415363e1611c7351ce55319dc98fd2aac83f87
SHA512 490bdd66920e36aaba2a4d12bfe4aacbead7403b1a623bead0d9ab5f68d80f46fa530c5f7de9e747eb8acbfbec8c635aea32655dddcb6a9d8e006339e1e8857f

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_3.dll

MD5 8ba296419af3417d1e9806b83166e472
SHA1 a2a8a64aedcbda68149a2726b094f1710cba71d1
SHA256 ef052bc9b7fde596fff3ea2d9c8fc994f3282953dead1b7f5477e7154af67245
SHA512 877e89553cbfb6afc6dfb22a590a468f035dccffecf842cb26010d5e62e33fe10e477d5cb157d321de3ecc59112ba616b80e767028eedeb4e70a591f1b81b902

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_3.dll

MD5 47ed15dc87ae334c13c4dacd1be2cced
SHA1 54f94839c4e4d798a1f4f1fb6ee240957a738cb0
SHA256 04dec9d7c68962e01efec0aac0ef7a3499bc4c16e8a41bd61fe6641da48d7dcc
SHA512 da0707a153172c48036d885404035829ea251b7df5a9246fc05dd164ceae9604cb0cc931b85d77151bc613cd5e7e4d0430a4fd92697c8bbc8faf5fcfd1c140c4

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAPOFX1_2.dll

MD5 295e47a75f278580f9441041eaaea3d2
SHA1 0716ca729ca3d84e9dfb4bd97c1e12466cc68625
SHA256 d1a55061bcb42f69b7cf35e2985d48e30c7a90f0bc668e90390f465b36bd0161
SHA512 a3cee1d45759fe3323fe8c3c49600856a86b61b3174c4d9c71e58a95db4848683c71605f5bd8c04bec591da02d96b79c68c1135410930ca63d17f7a929f2dc4c

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 44442b56a318475a3e7acb055ca79d29
SHA1 9ffe16ecdacd79269344643ca160d940e88e7292
SHA256 4c8befaece0c58eb75c38e2347db04557c1bd2a4a269282c3769d6bcccf50395
SHA512 d64ab17f7e1baaeb5aafa4e7eb100257d7a29b1f5caed394b2d3b656c4c9ae56a0f9b952f60573e3ebffa090740f95b0f173eaf2642d6245eb8c2bc6c619b096

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_40.dll

MD5 eea5e428ce63804f9b12d21c97b5968f
SHA1 77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d
SHA256 16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b
SHA512 545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_40.dll

MD5 91b4aad4412bb223b466f3dfb43e86da
SHA1 850aeb2b3ca15158be00faa5c161312cf4a876f0
SHA256 c05787cbf3aa4527baae96a425ceac910090ef48809990a450c33f3cda0e4767
SHA512 413f68d1ad36aa51389da62eb2fe89969e4460ab166ce44943e382fd2d1cad0953979eebb20af58dd51def3fefa1100ea9fe95c05714c36d5322e281cea1a1a2

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\D3DCompiler_40.dll

MD5 3384134eeb8f223178c2eb8323003ec0
SHA1 c8eaef8cbc91f4386e42904dee70abb6ab7304f2
SHA256 f0a6f156d13150de6ebb094233e5ff78581fbdb77bd0ff8d083698c42bc8e13b
SHA512 dafcf4c116d994c17d47d36b1dbc2ba8ca61cadeefa5d770adc391713d2c13ed2b6eb8d2464f4811cb472c8e1eef384ba21d7ad8203ba4e9ef07f33781feaaf9

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\X3DAudio1_6.dll

MD5 e763798cad2a90b6ab61854f50cd47dd
SHA1 419f2c98d2a3f419db1b1e9b5f4f7c3b9b636c1d
SHA256 574d14ab9a641c6cbadd78f2cd6c088b64b59c3646057952e63cad7d2778e1c3
SHA512 b455b0078786b7ff8362f7404095037a5332603383707a6dd493f381eae3e28135696fb4863e1915ea01c0f12ce10d021a18ab91cbab06b4d20142e0b38833fd

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_4.dll

MD5 686f8d1b4926d48227a06acd4d41cd1e
SHA1 324fd1d21a42f0c30bb071beb2cd5db9abbf3138
SHA256 d3bad7995b998f2c95dbb33020a198ef5a248825321032f051619f353d46182b
SHA512 6ed69ab933492870b7fbf4e178999b835846075fe103e65f9a0f9b1ad8d47c9277f31a7a0fb53f3620b591b103b02bfa8efec530d7372680f585b82e128edcc4

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_4.dll

MD5 e684c5fa18adf9ea14737757413bf727
SHA1 1dd454144e8c0f3aaf24db0b77f03737914d9a72
SHA256 bcde4317debd0052b1436a6fda60e1dcb1e308979498117fa0cb50061f38101c
SHA512 9686f92745a30fd9e442ff6a24dd89410aa483ccd46edbefce0fe378645292255a323e1aae146180e8a4ecd15765a996df959a302d5cdbc6dfa4c5fcb8252e4d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAPOFX1_3.dll

MD5 c4479a4547390e3c5ef28d453abde4f5
SHA1 9b3af3d2ffcf52cc6628cb486372be2870771637
SHA256 c6956ac2ee59f71e86784138b5443de6970a1274ac161945b8a44dc1d535db84
SHA512 94a55bbff8a285d6b91ae72b70664b2c1a067890db175e20265be2d57a4b29deec52f08f0aba8ae07ed30dfcf96889ab835b971d2bf567758d3f7b881a7e5324

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 d001b26aaa9bec255c0b697732e571da
SHA1 adce71afb93cf04a86c1b9d2f80144ca35742d2a
SHA256 1707a6644d66406a9ac149b8fc959d964dce5c028ca3e1d0d5052e70f80515e2
SHA512 af39d48e90cd2cd575a8d039642985e25ead1fa51528a082d91c9bcaf9d1ec97afd0f66c0bebb53043221ef13dda69000ebbdaea87605efbe873f471e16a6f90

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_41.dll

MD5 3fa06cf5079b84155d18b05c08f7131b
SHA1 fafe52876151a08f39dbb6b4aa137dd85558ba5f
SHA256 6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6
SHA512 24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_41.dll

MD5 1aa571774936717ee776dbed51e9edf4
SHA1 98eac7257ab3350504c0a70342b6b24658411f55
SHA256 9f4c15e1f68795727eded4737acc5a1aa85f896cd9e6924fddc9128b48f1bbd6
SHA512 bb47d95d594b249608e323c8ff383c0655a56e9192e1a2f3157e9c18dc7b9baabcf8e6b09d30fef570e0718edf673c56a23df5b5d5c6ec3242ad3d887669127d

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\D3DCompiler_41.dll

MD5 781e8b5b6fdb3c9b4e4a4a9fb019960d
SHA1 292b9f02bc2377c6f89b505554394ace161c68c0
SHA256 69ddadf8f5be24f10382706480b55e2492008d102001779f976608e880c65aab
SHA512 718955c983708f3ce5b6796de28658603bb61270ca6f1b3ee01d73ca9a789db326a7998df38cbd6330e69bfe3d9504b0fd351fb7bb18566be6af03fa36b7573a

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_42.dll

MD5 c6a44fc3cf2f5801561804272217b14d
SHA1 a173e7007e0f522d47eb97068df0ca43563b22bc
SHA256 f8b9cfab7fffbc8f98e41aa439d72921dc180634a1febca2a9d41a0df35d3472
SHA512 2371844bc86cdce2d1933625b921b982c4d1b84a39698b51180b09a2d45732407d721fa01d294ca92a88777607a1bb00283f6bcdd4231137a388216d0b09dd5a

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_42.dll

MD5 501ac862517c5445742bee8a2b88414e
SHA1 49f3f2df66d357aa84a5e7a0eb368ea595b7d95a
SHA256 46429c4affe041b08a7acfda0e9162ba42de966acb2cbcaf09ef976232073b51
SHA512 08dc13d5ad0a0d2aaca9d3dbfb53304216111da73bf48810df2982650d580757c10c8b9bf80ae5191e06ebaa44b2bf9c244ae141308748c3e7fb9ef6088900ad

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx11_42.dll

MD5 d09ac80a4b5312239852836c84df3392
SHA1 ba838d90a1e74d6b9a57abfc9729dd3b2e7fb192
SHA256 8c8fa8dce19e2f43e82cecd73a268e831a5ce0a16023845f7fa7fcb597772e85
SHA512 69232a47c80f01433716f3a9202af25e1b9a298a2b7b7d23b959e59d9c4ebf329cbe9a9a5bde41c06e978fda062225447114f9ae736920e7bbce8587a9390613

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 7d8f5afb77c3ada97a83f3fc253d6392
SHA1 e5424d020c6de84ccf72253834c545024161f682
SHA256 3a07c2436d3fd2473e15518a53262d4f0fb7f2a05589437cc5668f929063e782
SHA512 52f4bd961febfe6f691d7dd1e826f689319656393756e0c5c9e3d9729ad47e072071b204f63a3b37b67204fcdffd4539db08cbf190605dd9652ace51627e8845

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dcsx_42.dll

MD5 b337306dfb508a1bcef1974bfbb8d924
SHA1 203c32d73f99e1097bc306c9225307a18c617f4d
SHA256 e462eb3d41db54988ce3be46ced60b0073f8d939a9946cda67fb1df3c8afe0a1
SHA512 5c7a101e403aa2eab57e2972427a67ae6cd1598a35f983af784ca3a7446f7c60ad3cff7e52510f14647645a49c387020a06242663433db89e6454188b93813e0

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\D3DCompiler_42.dll

MD5 b33b21db610116262d906305ce65c354
SHA1 38eef8d8917351ee9bdff2cc4fbfaefaa16b8231
SHA256 6c976311406c23aa71018d274da0ecdef43b6e3a3b0b01e941a5e8e4e974386c
SHA512 7049726ccbba90d06b3a56e1dbde8196935d4681b5548248cd3e6a8e38183c268152ba2b07eb90823bbe327c02ec946c59abe3562b59e29d9bcff8fe90e0adcc

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_5.dll

MD5 db3c93e87452b8dab4f58ed1fd2b1998
SHA1 fbcc3c80c74e98e8554260b8a08e14dd1670075a
SHA256 1d37ab9b90372eaaafb5055401449dc3184428fed559baaf36fbcccd2479611a
SHA512 af693d7d326dd7874e0eba5b4163c21aad86270f8e54058c637f1cd200e45eafb75f79a2d579c477c06082ace44f3318bcef71698089808690ff88443ddf348b

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_5.dll

MD5 8b01fb723f3b30ab3debddbf97cfe577
SHA1 e379c3b7d0a66da06b6a381deea19bc541ee0689
SHA256 c596de2ab8394fb62538fef0b4657317f4ead50a6d798c5d066e25e334576c27
SHA512 ba8c5bf7eb657bce6e2c937e082b97bd6169d1cf3daa5800e5112d62596bdea47e5c1f23146f3f696cd68e8def4df92e3fb24a9aa8b9a08320738b66fa6dfe2e

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAPOFX1_3.dll

MD5 30686ece80545e06d78d156eb9f7d463
SHA1 b257ba4ffad8003fb7d12e9babd3cf4e88bd52f9
SHA256 b05ad9417028b9777f69422caa01ae9fd22c7bfe542bc6e7de2649e28a4ea643
SHA512 ca03bb01d8e2608517462597076bfa96f4b2595c33b2635d80e4348ac3926e17c93e5db30d7e43c30277cf8ac07f982a0c729f83a00df8965993d4f0758eca13

C:\Windows\Temp\OLD2A67.tmp

MD5 db6c0400a5e2e4f68c7eb75912443296
SHA1 f8c937c62774502960df9321ad1f1d7d0999cddd
SHA256 5f03017d3b51c1dc413952d21bf35ac660693c6f7539e8f8930ddd41d197a495
SHA512 2f950f06ac7806eb1e5e2d0de9b91efe938b0e7cdb85c5838de1bb98ca693be2046c94f7824b084b4bd31e956bd9ba90f891145fcb26cbf47911c925fd07f3db

C:\Windows\System32\XAPOFX1_3.dll

MD5 37b348a79c4c9b8ab925b18ffd241e96
SHA1 a0b030e5652eafca2cc5d741dbbaac203781ed1d
SHA256 787e10d48d90db50dc155fca53fe8c5c1a383ca24d468733d4b8fe3acf2d0a34
SHA512 20ad359ed0a1fbfacbbba2749eaac9be4e9f416e24cb7ac9dda55c6d2d372fd290781607e5f806b4da3a9d01abef58b979153bc144a8cc8c6d7115166178fe85

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_6.dll

MD5 f81c4678a55ffee585ac75825faf5582
SHA1 8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc
SHA256 8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f
SHA512 8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_6.dll

MD5 4976243bd70fae3d1d24e49739ab2710
SHA1 6ef27b10bcf4e697fe77c3e964b326be11e4444f
SHA256 61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7
SHA512 af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAPOFX1_4.dll

MD5 e4ce2af32f501a7f7dddd908704a0ee6
SHA1 9dc2976efb15b6fba08bebdeb98929b6961063a5
SHA256 0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06
SHA512 ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 730e5493910e5693499485e352381c6a
SHA1 2871488c24d069e677868e0a590e7e74f1f19b12
SHA256 d808bb408a4bd695a9793e70b1c61637e008ac11174dbe1373481e2bdb0c9299
SHA512 62fb2a2ddfd62d48ca8a709426c07e1cda0e66df5b977c3bfdc3b191d15c3a139a5c6180ed7a66b2418a5436273d713f2af1cb21f7dc77df78e0743d6a18e176

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx9_43.dll

MD5 86e39e9161c3d930d93822f1563c280d
SHA1 f5944df4142983714a6d9955e6e393d9876c1e11
SHA256 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
SHA512 0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx10_43.dll

MD5 20c835843fcec4dedfcd7bffa3b91641
SHA1 5dd1d5b42a0b58d708d112694394a9a23691c283
SHA256 56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf
SHA512 561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dx11_43.dll

MD5 8e0bb968ff41d80e5f2c747c04db79ae
SHA1 69b332d78020177a9b3f60cb672ec47578003c0d
SHA256 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d
SHA512 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\infinst.exe

MD5 a7ba8b723b327985ded1152113970819
SHA1 50be557a29f3d2d7300b71ab0ed4831669edd848
SHA256 8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff
SHA512 60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\d3dcsx_43.dll

MD5 83eba442f07aab8d6375d2eec945c46c
SHA1 c29c20da6bb30be7d9dda40241ca48f069123bd9
SHA256 b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca
SHA512 288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\D3DCompiler_43.dll

MD5 1c9b45e87528b8bb8cfa884ea0099a85
SHA1 98be17e1d324790a5b206e1ea1cc4e64fbe21240
SHA256 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
SHA512 b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\xactengine3_7.dll

MD5 4fd7bcb9d8af6a165e9ba0c2eb702e7c
SHA1 a90863632c2d54dd06e01537744a7b65bb3d0db2
SHA256 d7b1cf58898046c430d49cf8f778e4898280f4709340c3938d3139894166fe8d
SHA512 7fcc435d07c434ec392bb9bfa98aee20b0b1cd2ad6a31f073af80f6f37639336349728c9b0fcd967c4c395fc40c0efad1e36142fe7632512b0f26aca1b1c4bea

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAudio2_7.dll

MD5 81dfddfb401d663ba7e6ad1c80364216
SHA1 c32d682767df128cd8e819cb5571ed89ab734961
SHA256 d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69
SHA512 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

C:\Users\Admin\AppData\Local\Temp\DXCCC7.tmp\XAPOFX1_5.dll

MD5 8a4cebf34370d689e198e6673c1f2c40
SHA1 b7e3d60f62d8655a68e2faf26c0c04394c214f20
SHA256 becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197
SHA512 d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

memory/4984-26336-0x0000000005120000-0x0000000005130000-memory.dmp