Malware Analysis Report

2025-01-22 18:53

Sample ID 240306-x94z9sga47
Target aware2.0.exe
SHA256 e8ea10c3d64051d884a5814f499af8d7fdcff0d28baecb8d032763e301fb0e86
Tags
pyinstaller themida gozi banker isfb persistence spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e8ea10c3d64051d884a5814f499af8d7fdcff0d28baecb8d032763e301fb0e86

Threat Level: Known bad

The file aware2.0.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller themida gozi banker isfb persistence spyware stealer trojan upx

Gozi

Downloads MZ/PE file

Reads user/profile data of web browsers

UPX packed file

Themida packer

Executes dropped EXE

Checks computer location settings

Registers COM server for autorun

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Enumerates connected drives

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Drops desktop.ini file(s)

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Detects Pyinstaller

Program crash

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer settings

Creates scheduled task(s)

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

NTFS ADS

Uses Volume Shadow Copy service COM API

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Checks processor information in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-06 19:34

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-06 19:34

Reported

2024-03-06 19:36

Platform

win7-20240221-en

Max time kernel

81s

Max time network

67s

Command Line

"C:\Users\Admin\AppData\Local\Temp\aware2.0.exe"

Signatures

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Local\Temp\MAP.EXE

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1916 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE
PID 1916 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE
PID 1916 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE
PID 1916 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE
PID 1916 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 1916 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 1916 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 1916 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 2936 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE
PID 2936 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE
PID 2936 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE
PID 2936 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE
PID 2936 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\MAP.EXE
PID 2936 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\MAP.EXE
PID 2936 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\MAP.EXE
PID 2936 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\MAP.EXE
PID 2524 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 2524 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 2524 wrote to memory of 656 N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 2844 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\WerFault.exe
PID 2844 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\WerFault.exe
PID 2844 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\WerFault.exe
PID 2844 wrote to memory of 2196 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\aware2.0.exe

"C:\Users\Admin\AppData\Local\Temp\aware2.0.exe"

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE"

C:\Users\Admin\AppData\Local\Temp\MAP.EXE

"C:\Users\Admin\AppData\Local\Temp\MAP.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 592

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

MD5 277ee19cc5e402211546ae5f2b07a307
SHA1 4c3b84d84139e396ee5b92ed116cc3a2a2fad4bc
SHA256 ce19597244699ef4b65ba2da3df3e5b9920ab85101adf3757bbbab920ee9deb9
SHA512 d07fb8b9a6ba0e95422de456a983d0af6a66865ccf11d14c9aeeca4c683e9fb71ea98b6d0edb670be3005a00e9fbdf7f5132fd2c2e2d695bebe64850069bfe69

\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 80c4e23561036bc80c06aad874411b83
SHA1 3ec34cd39f2d168fda5df884e9d20d701c97a30e
SHA256 c8ce22172b33fb82ac58cac6c53d5a62623c353dd4571d443c97a52e96148fe7
SHA512 aba62afe9e4562256d30bc3b813769954a19dc9eda8a07b565fa850974868d134899af24c973dd0e51a769506f4e5708b20f728672e007cf9cfce2eae7b5628c

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 ff028dd93f02f3f1d81d456203de94ba
SHA1 0fea1ebed7a96cadcf9e6d04440b6ed866fbabda
SHA256 4994648a8cfd833a83fdc31c4f0a3fdfd09ae36903fbe5e93340498caaf6a835
SHA512 9194640afabe031e0ee3b8d1f047459e4e82c36283c3a0f46391aed311875a24e943a67a8c96207f0f64f969b3002040fd8b0d67a6483cdf0e3d97610f772a07

\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

MD5 b6425862c96d9fdc4e77552b8653af56
SHA1 aabcb60ced3751e63bc12a8bfff498c7cefa8bf4
SHA256 f21c013d3ed2a885f6686ef7a3479aa22740b1cb63c8d6ed59086c279c097bd9
SHA512 4b391a0501e4ed633ea265c4b8fe26f59147997f1cccc36574bc61c467a729c75dab25a57eadc7da289713cb00031b273a7f0df4bfffa9b31f083893a5fa45a3

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

MD5 a04b9778c2180e879d64a04d4e293084
SHA1 d86a95402cc6150b6e87298b0975ba8688fd474f
SHA256 ceafa52df50875dc3afacbbdba220c780c4bcb719b25754b36dc3d11f6ad136d
SHA512 d3e0368b229ff57860017b4638a5b7462427a0c650d5bac49e72013cf4ab6c485e30575960e056a038b7f498109fd298f360bc8d39ecf16d1a379bcba3cf2fcd

C:\Users\Admin\AppData\Local\Temp\MAP.EXE

MD5 22d149842b1fb73ae68dba7226fc0e44
SHA1 8cc1bdaa6263ae95084060515b616075c34c7543
SHA256 7c048755ac81badf221d8cdd63cbcd18c18acfe638f051f0c47d5f6ab4c29e55
SHA512 86f34869c3105e28907376d6e76377dc8af8e9ff5365632dc631b74dbe9132254b4a3fba5555d2e4fb062ddeb041c4124971ea9ff2c066bb9619fe559e0034d5

\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

MD5 26d210e6716e56ea8b85e511ec39a4a8
SHA1 9695a78028e982233552f17467f0791c957a5db0
SHA256 0cc3b538ebabf9052669bfd0179565915cbdc24e218f9d3e8e1bb030a41f9d85
SHA512 7e4236fcb538cddb0af9cdd25abb78b121090467cae977192e45aab74062fc07067b9c12b311a01af4019a960fc5a541ddb0a0f8688e6323a8e9902ddd0fe997

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

MD5 d34c5b0916aaf3cdf98e0bac8fe0e546
SHA1 91ac4e64db62f63423608c3cb1acf328c7c58ba4
SHA256 10484ebed2529c739a8a8283ca442ff40703da76b02f906b2e82d359083f1945
SHA512 8b262216520d08026e6c499794c81de917f5ab22caddf50d037781bedf24cf2cbd43c0d55b722c8ceb6a1630b5b120766724f23614569d7b27d0c3bb956182ba

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

MD5 c2d08aaa6690a327c27077a68f3372ba
SHA1 9bb49c28525818a52fadd4fe3219d95f27bce57b
SHA256 464c7e45a45182089f7246c6cf4376eea799d746cc91f2f539d0dad97366376d
SHA512 f573246d67b703a7d05bef7e71ab1f2971b3dcbe0f1a787f57062920addade5a10d8bd16f1d2982a0136ac8f99531bd760ae30de51da072811b75fe9b7356693

\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

MD5 13ac2390339b8facb6bd1d5cf3262d31
SHA1 cc20a27cb627e96e2a553f2904e3406279485d9f
SHA256 aaf69eb05c14641ec182946ecfc1906825694c77a58b083befa8a63219342fc5
SHA512 a99e26029bc708faccbe51a4f93699661bb47e5561c0b1da6a90207a783004221046f7a9a5d84a83cd6c67f0edfc602f19521c4f6dc451d2628d641a94719787

\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 036456c63d096433a7fe0ac3e2346022
SHA1 c2bd9a39aecca6d8c86621b8c58a6b98256e9409
SHA256 4a3162c1ef9c198b7ca9129a3e1f99c4128cef5046ec4dab86d87a1879f36514
SHA512 b4eb64b5fc335747ae9e14f0e900bf3d504bce6586203b818618a0a5ddf8b3e08a64a4eb29eabb09c656f206a7ff28740e941c816018ae8b98de0951d25afa9e

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 f2bb3db0f38b2d5190f10a01ca1b45af
SHA1 1bdbbf85b09fe6c3e8883ba81fbd8cd12f3ddb79
SHA256 21b4731a53c01819d503508e39fa6b79571f799412c9be68ad977fbbd38ea4bc
SHA512 0ab9a004f470412ac32eb68d9eae6c2e855f5016ef84c1cc6e9f7fd8c7238f7906b33500ab56f87c866ad9c0f8b6f91eabf7deec2999b1e6a1ef4248cb2d318f

C:\Users\Admin\AppData\Local\Temp\_MEI25242\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

\Users\Admin\AppData\Local\Temp\_MEI25242\api-ms-win-core-file-l1-2-0.dll

MD5 bcb8b9f6606d4094270b6d9b2ed92139
SHA1 bd55e985db649eadcb444857beed397362a2ba7b
SHA256 fa18d63a117153e2ace5400ed89b0806e96f0627d9db935906be9294a3038118
SHA512 869b2b38fd528b033b3ec17a4144d818e42242b83d7be48e2e6da6992111758b302f48f52e0dd76becb526a90a2b040ce143c6d4f0e009a513017f06b9a8f2b9

C:\Users\Admin\AppData\Local\Temp\_MEI25242\api-ms-win-core-timezone-l1-1-0.dll

MD5 2554060f26e548a089cab427990aacdf
SHA1 8cc7a44a16d6b0a6b7ed444e68990ff296d712fe
SHA256 5ab003e899270b04abc7f67be953eaccf980d5bbe80904c47f9aaf5d401bb044
SHA512 fd4d5a7fe4da77b0222b040dc38e53f48f7a3379f69e2199639b9f330b2e55939d89ce8361d2135182b607ad75e58ee8e34b90225143927b15dcc116b994c506

C:\Users\Admin\AppData\Local\Temp\_MEI25242\python39.dll

MD5 5cd203d356a77646856341a0c9135fc6
SHA1 a1f4ac5cc2f5ecb075b3d0129e620784814a48f7
SHA256 a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a
SHA512 390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

\Users\Admin\AppData\Local\Temp\_MEI25242\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

\Users\Admin\AppData\Local\Temp\_MEI25242\api-ms-win-core-processthreads-l1-1-1.dll

MD5 4380d56a3b83ca19ea269747c9b8302b
SHA1 0c4427f6f0f367d180d37fc10ecbe6534ef6469c
SHA256 a79c7f86462d8ab8a7b73a3f9e469514f57f9fe456326be3727352b092b6b14a
SHA512 1c29c335c55f5f896526c8ee0f7160211fd457c1f1b98915bcc141112f8a730e1a92391ab96688cbb7287e81e6814cc86e3b057e0a6129cbb02892108bfafaf4

\Users\Admin\AppData\Local\Temp\_MEI25242\api-ms-win-core-localization-l1-2-0.dll

MD5 20ddf543a1abe7aee845de1ec1d3aa8e
SHA1 0eaf5de57369e1db7f275a2fffd2d2c9e5af65bf
SHA256 d045a72c3e4d21165e9372f76b44ff116446c1e0c221d9cea3ab0a1134a310e8
SHA512 96dd48df315a7eea280ca3da0965a937a649ee77a82a1049e3d09b234439f7d927d7fb749073d7af1b23dadb643978b70dcdadc6c503fe850b512b0c9c1c78dd

memory/2844-104-0x0000000074A00000-0x00000000750EE000-memory.dmp

memory/2844-105-0x0000000001080000-0x000000000108A000-memory.dmp

memory/2844-106-0x0000000000280000-0x000000000029A000-memory.dmp

memory/2624-107-0x000000013F900000-0x0000000140A5A000-memory.dmp

memory/2844-108-0x0000000004530000-0x0000000004570000-memory.dmp

memory/2844-109-0x00000000002B0000-0x00000000002BA000-memory.dmp

memory/2844-170-0x0000000074A00000-0x00000000750EE000-memory.dmp

memory/2844-171-0x0000000004530000-0x0000000004570000-memory.dmp

memory/2844-172-0x0000000074A00000-0x00000000750EE000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-06 19:34

Reported

2024-03-06 20:06

Platform

win10v2004-20240226-en

Max time kernel

1927s

Max time network

1917s

Command Line

C:\Windows\Explorer.EXE

Signatures

Gozi

banker trojan gozi

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\aware2.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\aware2.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\aware2.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ncvslurs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gx4ufkdn.exe N/A
N/A N/A C:\Users\Admin\Downloads\dxwebsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\Desktop\aware2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\Desktop\aware2.0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_4.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_2.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c9b6dde-6809-46e6-a278-9b6a97588670}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_10.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d3332f02-3dd0-4de9-9aec-20d85c4111b6}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c0c56f46-29b1-44e9-9939-a32ce86867e2}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_0.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_4.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0977d092-2d95-4e43-8d42-9ddcc2545ed5}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c9b6dde-6809-46e6-a278-9b6a97588670}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_5.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_2.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_0.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54b68bc7-3a45-416b-a8c9-19bf19ec1df5}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{962f5027-99be-4692-a468-85802cf8de61}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_1.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_7.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_5.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{77c56bf4-18a1-42b0-88af-5072ce814949}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54b68bc7-3a45-416b-a8c9-19bf19ec1df5}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_5.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3a2495ce-31d0-435b-8ccf-e9f0843fd960}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c1e3f122-a2ea-442c-854f-20d98f8357a1}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_1.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d3332f02-3dd0-4de9-9aec-20d85c4111b6}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c7338b95-52b8-4542-aa79-42eb016c8c1c}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_5.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1138472b-d187-44e9-81f2-ae1b0e7785f1}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_9.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_1.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_1.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c7338b95-52b8-4542-aa79-42eb016c8c1c}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_4.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{962f5027-99be-4692-a468-85802cf8de61}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_3.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\Downloads\dxwebsetup.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A checkip.amazonaws.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\SET6B0.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx9_27.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SETB210.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SETAF4F.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx9_32.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SETD1BC.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_38.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx10_39.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\system32\SETEA6D.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2006_xinput_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2005_d3dx9_26_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETF74E.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_42.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\xactengine3_5.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\system32\SETBDEF.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2010_d3dx10_43_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SETA902.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SETE667.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SETF714.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2010_d3dx9_43_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\xactengine2_5.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SETC3B1.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\xactengine2_6.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\d3dx10_34.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SETCC58.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SETF654.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SET894.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETB8FD.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SETB978.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SETC74E.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETCE4A.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SETE87C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETF0B8.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\SETF9CF.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\XAPOFX1_5.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2008_d3dx9_39_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Mar2009_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_41.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2005_d3dx9_27_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SETD54B.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETD436.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SETDC76.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETDEF4.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SETEE31.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SETF337.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_7.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2009_D3DCompiler_42_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\xactengine2_8.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SETCBD9.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\system32\SETE03D.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\system32\SETF51C.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2007_d3dx9_35_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Mar2009_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SETF1B1.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx10_42.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\XAPOFX1_4.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Mar2009_d3dx10_41_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Nov2007_d3dx9_36_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SETA47B.tmp C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\XAPOFX1_5.dll C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Apr2006_xinput_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Apr2005_d3dx9_25_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SETC889.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\xinput1_3.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\tmp\PAHKZR8T\Microsoft.DirectX.Diagnostics.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A294A.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D2544.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5CA527.tmp\Dec2006_d3dx9_32_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5AC7CC.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D00A5.tmp\Aug2007_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D1853.tmp\Nov2007_x3daudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A5E54.tmp\Apr2007_d3dx10_33_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5D1A57.tmp\Nov2007_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5DF296.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A4A9D.tmp\Feb2006_d3dx9_29_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A404C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D0C6D.tmp\Aug2007_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5A404C.tmp\Apr2005_d3dx9_25_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D6599.tmp\Nov2008_xaudio_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5DC26E.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5E2455.tmp\MDX_1.0.2906.0_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B1F14.tmp\Aug2009_d3dcsx_42_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5C0945.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5D6990.tmp\Nov2008_d3dx9_40_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5DCB77.tmp\Aug2009_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A364A.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5CEF30.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5CF6F1.tmp\Aug2007_d3dx10_35_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D5D9A.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\assembly\tmp\PAHKZR8T\__AssemblyInfo__.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B5065.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5E3CEE.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D6599.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B45F5.tmp\Jun2010_d3dcsx_43_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D00A5.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5D1853.tmp\Nov2007_x3daudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5D3A81.tmp\Jun2008_x3daudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D5C23.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D9E6C.tmp\Aug2009_d3dx10_42_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5DFCF7.tmp\Jun2010_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B4430.tmp\Jun2010_d3dx11_43_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File created C:\Windows\msdownld.tmp\AS5D913D.tmp\Mar2009_xaudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5D627C.tmp\Nov2008_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A5AF9.tmp\Apr2007_d3dx9_33_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A503B.tmp\Apr2006_d3dx9_30_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5DCA6D.tmp\Aug2009_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly\tmp\CHK3J92E\__AssemblyInfo__.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A430C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5C563C.tmp\Jun2006_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5C9A59.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008fdc540eeb98985f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008fdc540e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008fdc540e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8fdc540e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008fdc540e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Windows\Explorer.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133542277395623027" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e21a7345-eb21-468e-be50-804db97cf708} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\ = "XACT Engine" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_3.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\ = "XACT Engine" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af} C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "225" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-609813121-2907144057-1731107329-1000\{25B59904-6942-49FB-93F6-E0DCA00CB0D5} C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_0.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_6.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\ = "AudioReverb" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54b68bc7-3a45-416b-a8c9-19bf19ec1df5}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{962f5027-99be-4692-a468-85802cf8de61}\ = "XACT Engine" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\ = "AudioVolumeMeter" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{074b110f-7f58-4743-aea5-12f15b5074ed}\ = "XACT Engine" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_1.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "1235" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0aa000aa-f404-11d9-bd7a-0010dc4f8f81}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_0.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c0c56f46-29b1-44e9-9939-a32ce86867e2} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cd0d66ec-8057-43f5-acbd-66dfb36fd78c} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e21a7345-eb21-468e-be50-804db97cf708}\ = "XAudio2" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d3332f02-3dd0-4de9-9aec-20d85c4111b6}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_2.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\ = "AudioReverb" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3a2495ce-31d0-435b-8ccf-e9f0843fd960} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine2_9.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c7338b95-52b8-4542-aa79-42eb016c8c1c} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{65d822a4-4799-42c6-9b18-d26cf66dd320}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_1.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_4.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "92" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c0c56f46-29b1-44e9-9939-a32ce86867e2}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_0.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c7338b95-52b8-4542-aa79-42eb016c8c1c}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\ = "AudioVolumeMeter" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\ms-settings C:\Windows\SysWOW64\reg.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).x = "4294967295" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32\ = "C:\\Windows\\system32\\xactengine2_1.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\ = "XAudio2" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 545836.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ncvslurs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ncvslurs.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ncvslurs.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\gx4ufkdn.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 952 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE
PID 952 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE
PID 952 wrote to memory of 5092 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE
PID 952 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 952 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\aware2.0.exe C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 5092 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE
PID 5092 wrote to memory of 4792 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE
PID 5092 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\MAP.EXE
PID 5092 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\MAP.EXE
PID 5092 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE C:\Users\Admin\AppData\Local\Temp\MAP.EXE
PID 2456 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 2456 wrote to memory of 1988 N/A C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE
PID 5020 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\reg.exe
PID 5020 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\reg.exe
PID 5020 wrote to memory of 1920 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\reg.exe
PID 5020 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\reg.exe
PID 5020 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\reg.exe
PID 5020 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\reg.exe
PID 5020 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\cmd.exe
PID 5020 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\cmd.exe
PID 5020 wrote to memory of 4184 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\cmd.exe
PID 4184 wrote to memory of 1796 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ComputerDefaults.exe
PID 4184 wrote to memory of 1796 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ComputerDefaults.exe
PID 4184 wrote to memory of 1796 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\ComputerDefaults.exe
PID 1796 wrote to memory of 1684 N/A C:\Windows\SysWOW64\ComputerDefaults.exe C:\Windows\SysWOW64\wscript.exe
PID 1796 wrote to memory of 1684 N/A C:\Windows\SysWOW64\ComputerDefaults.exe C:\Windows\SysWOW64\wscript.exe
PID 1796 wrote to memory of 1684 N/A C:\Windows\SysWOW64\ComputerDefaults.exe C:\Windows\SysWOW64\wscript.exe
PID 5020 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\cmd.exe
PID 5020 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\cmd.exe
PID 5020 wrote to memory of 3396 N/A C:\Users\Admin\AppData\Local\Temp\MAP.EXE C:\Windows\SysWOW64\cmd.exe
PID 1684 wrote to memory of 4328 N/A C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe
PID 1684 wrote to memory of 4328 N/A C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe
PID 1684 wrote to memory of 4328 N/A C:\Windows\SysWOW64\wscript.exe C:\Windows\SysWOW64\cmd.exe
PID 3396 wrote to memory of 3016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3396 wrote to memory of 3016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 3396 wrote to memory of 3016 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\schtasks.exe
PID 1840 wrote to memory of 4132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 4132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1840 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\aware2.0.exe

"C:\Users\Admin\AppData\Local\Temp\aware2.0.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE"

C:\Users\Admin\AppData\Local\Temp\MAP.EXE

"C:\Users\Admin\AppData\Local\Temp\MAP.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\swimbrowse292710.vbs" /f

C:\Windows\SysWOW64\reg.exe

"C:\Windows\system32\reg.exe" add "HKCU\Software\Classes\ms-settings\shell\open\command" /v DelegateExecute /d "0" /f

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C computerdefaults.exe

C:\Windows\SysWOW64\ComputerDefaults.exe

computerdefaults.exe

C:\Windows\SysWOW64\wscript.exe

"wscript.exe" C:\Users\Admin\AppData\Local\Temp\swimbrowse292710.vbs

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /Create /SC ONLOGON /TN SteamGameUpdateScheduler_WpZthSX2kJQyC1N9J040MX /TR "C:\Users\Admin\AppData\Local\OneDrive\WpZthSX2kJQyC1N9J040MX.exe" /RL HIGHEST /IT

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C del C:\Windows\System32\drivers\etc\hosts

C:\Windows\SysWOW64\schtasks.exe

schtasks /Create /SC ONLOGON /TN SteamGameUpdateScheduler_WpZthSX2kJQyC1N9J040MX /TR "C:\Users\Admin\AppData\Local\OneDrive\WpZthSX2kJQyC1N9J040MX.exe" /RL HIGHEST /IT

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8425146f8,0x7ff842514708,0x7ff842514718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5604 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\ncvslurs.exe

"C:\Users\Admin\AppData\Local\Temp\ncvslurs.exe" explorer.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\gx4ufkdn.exe

"C:\Users\Admin\AppData\Local\Temp\gx4ufkdn.exe" Taskmgr.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,2258626575932618071,1517830612601999011,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8

C:\Users\Admin\Downloads\dxwebsetup.exe

"C:\Users\Admin\Downloads\dxwebsetup.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe"

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff841599758,0x7ff841599768,0x7ff841599778

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\StartNew.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8425146f8,0x7ff842514708,0x7ff842514718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3584 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"

C:\Windows\System32\Wbem\WMIC.exe

wmic path softwarelicensingservice get OA3xOriginalProductKey

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7112 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\aware2.0 (1).rar"

C:\Users\Admin\Desktop\aware2.0.exe

"C:\Users\Admin\Desktop\aware2.0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,7975557110268183193,2676390631147156962,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6768 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE"

C:\Users\Admin\AppData\Local\Temp\MAP.EXE

"C:\Users\Admin\AppData\Local\Temp\MAP.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Users\Admin\Desktop\aware2.0.exe

"C:\Users\Admin\Desktop\aware2.0.exe"

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

"C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE"

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

"C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE"

C:\Users\Admin\AppData\Local\Temp\MAP.EXE

"C:\Users\Admin\AppData\Local\Temp\MAP.EXE"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1932,i,4224962269491416319,16109598907369674800,131072 /prefetch:8

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_24_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_25_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_26_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_27_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_28_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_29_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_0.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_30_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_1.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe xinput1_1_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_2.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe xinput1_2_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_3.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_31_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_4.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_32_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_00_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_5.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_6.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_33_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_33_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_7.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_34_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_34_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_8_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_8.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_35_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_35_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_9_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_9.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx9_36_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_36_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe X3DAudio1_2_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT2_10_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_10.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DX9_37_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_37_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe X3DAudio1_3_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_0_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_0.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_0_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_0.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DX9_38_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_38_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe X3DAudio1_4_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_1.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_1.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DX9_39_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_39_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_2.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_2.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe X3DAudio1_5_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_3.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_3.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DX9_40_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_40_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe X3DAudio1_6_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_4.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_4.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DX9_41_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_41_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DX9_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx11_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dcsx_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DCompiler_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_5.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_5.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe X3DAudio1_7_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_6.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DX9_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx10_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dx11_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe d3dcsx_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe D3DCompiler_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XACT3_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_7.dll

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe XAudio2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe"

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"

C:\Windows\System32\Wbem\WMIC.exe

wmic csproduct get uuid

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"

C:\Windows\System32\Wbem\WMIC.exe

wmic path softwarelicensingservice get OA3xOriginalProductKey

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 203.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 0.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 filego.app udp
CA 198.50.211.71:443 filego.app tcp
US 8.8.8.8:53 71.211.50.198.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 textpubshiers.top udp
US 104.21.79.145:443 textpubshiers.top tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 145.79.21.104.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 ntp.srv.lan udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
GB 92.123.128.176:443 www.bing.com tcp
GB 92.123.128.176:443 www.bing.com tcp
US 8.8.8.8:53 176.128.123.92.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 edge.msiserver.lan udp
GB 92.123.128.176:443 www.bing.com tcp
US 8.8.8.8:53 arc.srv.lan udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.163:443 r.bing.com tcp
GB 92.123.128.163:443 r.bing.com tcp
GB 92.123.128.173:443 th.bing.com tcp
GB 92.123.128.173:443 th.bing.com tcp
US 8.8.8.8:53 173.128.123.92.in-addr.arpa udp
GB 92.123.128.163:443 r.bing.com tcp
US 8.8.8.8:53 163.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 ntp.srv.lan udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 login.microsoftonline.com udp
FR 20.190.177.149:443 login.microsoftonline.com tcp
FR 20.190.177.149:443 login.microsoftonline.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 1.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 175.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 checkip.amazonaws.com udp
IE 52.211.130.173:80 checkip.amazonaws.com tcp
US 104.21.79.145:443 textpubshiers.top tcp
US 8.8.8.8:53 173.130.211.52.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.135.98:443 aefd.nelreports.net tcp
GB 88.221.135.98:443 aefd.nelreports.net udp
US 8.8.8.8:53 98.135.221.88.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.37.1.217:443 www.microsoft.com tcp
GB 23.37.1.217:443 www.microsoft.com tcp
US 8.8.8.8:53 217.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 cdn-dynmedia-1.microsoft.com udp
US 8.8.8.8:53 web.vortex.data.microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 accdn.lpsnmedia.net udp
US 8.8.8.8:53 analytics.tiktok.com udp
GB 23.44.233.159:443 c.s-microsoft.com tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 cdnssl.clicktale.net udp
US 8.8.8.8:53 d.impactradius-event.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 lpcdn.lpsnmedia.net udp
US 8.8.8.8:53 lptag.liveperson.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 publisher.liveperson.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 www.clarity.ms udp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 34.120.154.120:443 lpcdn.lpsnmedia.net tcp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
US 151.101.1.192:443 publisher.liveperson.net tcp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 35.186.249.72:443 d.impactradius-event.com tcp
US 13.33.52.94:443 cdnssl.clicktale.net tcp
US 204.79.197.200:443 bat.bing.com tcp
GB 184.28.198.193:443 analytics.tiktok.com tcp
GB 23.44.233.159:443 c.s-microsoft.com tcp
US 8.8.8.8:53 99.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 159.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 120.154.120.34.in-addr.arpa udp
US 8.8.8.8:53 23.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 192.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 99.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 72.249.186.35.in-addr.arpa udp
US 8.8.8.8:53 94.52.33.13.in-addr.arpa udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 22.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 193.198.28.184.in-addr.arpa udp
GB 184.28.198.210:443 cdn-dynmedia-1.microsoft.com tcp
GB 184.28.198.210:443 cdn-dynmedia-1.microsoft.com tcp
GB 184.28.198.210:443 cdn-dynmedia-1.microsoft.com tcp
GB 184.28.198.210:443 cdn-dynmedia-1.microsoft.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 210.198.28.184.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.23:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 13.107.246.64:443 acctcdn.msauth.net tcp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 192.229.221.185:443 lgincdnvzeuno.azureedge.net tcp
US 20.189.173.23:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 download.microsoft.com udp
GB 95.100.245.121:443 download.microsoft.com tcp
GB 95.100.245.121:443 download.microsoft.com tcp
US 8.8.8.8:53 121.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 73.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 download.microsoft.com udp
GB 95.100.245.121:80 download.microsoft.com tcp
GB 95.100.245.121:443 download.microsoft.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 textpubshiers.top udp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 76.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 accounts.server.lan udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.server.lan udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 accounts.server.lan udp
GB 92.123.128.166:443 www.bing.com tcp
GB 92.123.128.166:443 www.bing.com tcp
US 8.8.8.8:53 166.128.123.92.in-addr.arpa udp
GB 92.123.128.166:443 www.bing.com udp
US 8.8.8.8:53 gofile.io udp
FR 51.38.43.18:80 gofile.io tcp
FR 51.38.43.18:80 gofile.io tcp
FR 51.38.43.18:80 gofile.io tcp
FR 51.38.43.18:443 gofile.io tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 api.gofile.io udp
FR 151.80.29.83:443 api.gofile.io tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
US 8.8.8.8:53 233.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 ad.a-ads.com udp
FR 51.178.66.33:443 api.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 store1.gofile.io udp
FR 45.112.123.227:443 store1.gofile.io tcp
GB 96.17.179.205:80 apps.identrust.com tcp
DE 144.76.28.254:443 ad.a-ads.com tcp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 227.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 254.28.76.144.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 store13.gofile.io udp
FR 31.14.70.249:443 store13.gofile.io tcp
FR 31.14.70.249:443 store13.gofile.io tcp
US 8.8.8.8:53 249.70.14.31.in-addr.arpa udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 arc.srv.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 ntp.srv.lan udp
US 8.8.8.8:53 nav.smartscreen.msiserver.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 accounts.server.lan udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 filego.app udp
CA 198.50.211.71:443 filego.app tcp
CA 198.50.211.71:443 filego.app tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 update.msiservers.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 8.8.8.8:53 16.234.44.23.in-addr.arpa udp
US 8.8.8.8:53 accounts.server.lan udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 textpubshiers.top udp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 api.gofile.io udp
FR 51.178.66.33:443 api.gofile.io tcp
US 8.8.8.8:53 store8.gofile.io udp
US 206.168.191.31:443 store8.gofile.io tcp
US 8.8.8.8:53 31.191.168.206.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 discord.com udp
US 162.159.137.232:443 discord.com tcp
US 8.8.8.8:53 textpubshiers.top udp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 162.159.137.232:443 discord.com tcp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 accounts.server.lan udp
US 8.8.8.8:53 edge.msiserver.lan udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 textpubshiers.top udp
US 172.67.146.76:443 textpubshiers.top tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 162.159.136.232:443 discord.com tcp
US 172.67.146.76:443 textpubshiers.top tcp

Files

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

MD5 f0aabc22b8789fc2b6efd44f2784c925
SHA1 f8fc40774245a0f67f43825bf533c6b4cc6cf7c2
SHA256 f866214ce0a04ff9f102b04b17a8b057a4e582858c37bdb50e236ac3f8dd0af6
SHA512 f464b3babc03830a55dfe80eb74ae7868469f01aed8c216b255d86b7f6d11c5987f8e97d3aff316e431f5cf91ce08c2b6c642193340f298fbeed3e48984be0a9

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

MD5 63559baf47915f7a74ca79e740b057e3
SHA1 b513075e2203803e2961560c83893466cf5a28c8
SHA256 f40658c2d66e598e35444400d1774e59142bec4e2c919de4f5829f782e44b6aa
SHA512 39a38e0fef3fa4fed32c342cbc51b804a45ea4eedba073ad6d6ee93d7aebda7f589ee9144933645d2d0e0ee2633ee51935111288594b40b7374749b7c676e3cc

C:\Users\Admin\AppData\Local\Temp\AWARE PRIVATE.EXE

MD5 bc618f17faaa377e87325c14ccdac70a
SHA1 0cc771967ea17308492484dd93b067d80e129ee0
SHA256 7df11ccff931504c09f05dd674284fc7282056e993fe2b22a24df54ab56f6c1f
SHA512 8299727a7f4a4fe1a3d1b39066b428fe9ff87f0b1cc871032b51321c65a591a49694a19e039f25ca3d267c9144eda1ecea1015466b5961471f944900ca69cf25

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 6c09b9201033b70d7c59e29a195c8097
SHA1 55e5d399b843804cb330fde0a2a1a5d4be7ef4a5
SHA256 194278dad46104f7f2b0e6f9cb2e0e2a8d020d1d414aad2fda283adcf291c2ed
SHA512 0a66538c9cb343b69142533ecdc8f6752f1d33b0fd2a8cd4d32919171d7da6ae87925229b479197428be7b7ec26c9555194513a1b6984d6195512cb4ba324e12

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 8bccb2ef010fc2deadf3ab9f0cad8a4a
SHA1 fdcb384b7e19e985f3b7755d2c7601ae402945ce
SHA256 8163332008af7814d974104e4052b9474473a484f0ec551ffb26c2d6e130a385
SHA512 4648bd543970f6f9f875bd4f83db981ac4c58ee87798c2d8e965bad8c19f4585ab286ed2f044dcf10317589e6124901cf0f3569bbee5d79d0bcea0f8f37bb01f

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 d42e829716686aa490df74faf8368bb9
SHA1 17f0fccbcdccfbec04d587c124c93acd8cb0d4b3
SHA256 ffa623d87a4ca229dd203e840d4241f434c2de81c9445839bf6cc9f0209f08cb
SHA512 74b02f218ceaa6ea9b942c1c62b570786651319d0fa2242b7b1e98b631e6ea00444a46855ed27c599878a435d824480bfdc5ea9b780d8b1e10770b6566985ff0

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

MD5 e9b983580610ad555a8c1e677e3b4578
SHA1 b244c755f7ba6dd415ef7f7b1ef14145bb211ecb
SHA256 f547d4e9ec6868dbb5ae89cdfda4512523f9585c1cfc7ec270dca6976c1a3c54
SHA512 227d50ceebb97727714cda914bf39c7e878b9107a320586f792707d5496a415df7ca28e0fc31db26e301a49dea580a77e5e53f92177ed08fcd058df30b4dbdcb

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

MD5 0b142f5d7fa868b88e649da3e552eb6a
SHA1 66041553939a35e7ecb8ea3cb356bf526de0e12e
SHA256 0eb397c7ace0127bef7f78d726385415b0695bf2e1cb5ffb1aeaa48dc6ec2d85
SHA512 8b59a4aa2639859283d221c22e647a51eeb218c04aa78688d6e9c5701b65798873b0f398228e4a05c0882eb025200d5183ab5242df5e6fc9081cce22f83253e3

C:\Users\Admin\AppData\Local\Temp\MAP.EXE

MD5 22d149842b1fb73ae68dba7226fc0e44
SHA1 8cc1bdaa6263ae95084060515b616075c34c7543
SHA256 7c048755ac81badf221d8cdd63cbcd18c18acfe638f051f0c47d5f6ab4c29e55
SHA512 86f34869c3105e28907376d6e76377dc8af8e9ff5365632dc631b74dbe9132254b4a3fba5555d2e4fb062ddeb041c4124971ea9ff2c066bb9619fe559e0034d5

C:\Users\Admin\AppData\Local\Temp\MAPE2.EXE

MD5 10fca33700999132753850fe4c5c5b25
SHA1 9d7a99b587ed75754cdb6bf084921c0551bbab5a
SHA256 243a410e9d2ae0f47fbf26d8d0d22cdefc2102ffff171e0a5b48976f168452a4
SHA512 153ba1ee0539db51b16662a51906557f334734800bbe517904c9cebe8f5998853af993ea127468bdffe0f0caac171e7f48a2a5527e83d46f82f75b11cfbbb789

C:\Users\Admin\AppData\Local\Temp\_MEI24562\ucrtbase.dll

MD5 0aab2d5f0361753ec845e4eaf51d529c
SHA1 5908dd14ae1fbba31668a21464b7d3aa4bd4d46b
SHA256 9b39b2a8f30d488953d8fea6e75cc60b03b7dabbd21d6aaa0dd836570adeaa59
SHA512 0877d04d5aaed02fbd119854262fb4108017fb3e486bc7ec2dce6fd5ff525812f311b4411e803b442ffb9da019d8247f72d521be8d2675d0a756e9f950be1328

C:\Users\Admin\AppData\Local\Temp\_MEI24562\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI24562\python39.dll

MD5 c66dceeb489f29dd5faf1796f07be363
SHA1 89d17107c2280a08d82d41f885c7bfa7ca43241a
SHA256 1617322919304279396ee21384a93e843202778b11ffabfdc2c0653c0f4a28a3
SHA512 ef5b63a933c4f1281c79bd525914e65830b506a9d24e5af4847a9620fc3eb974dc5296af08771c2d93c99a7eac9dc28f3c82f54d1b836ceb6dcc5f080fae0ef9

C:\Users\Admin\AppData\Local\Temp\_MEI24562\VCRUNTIME140.dll

MD5 4a365ffdbde27954e768358f4a4ce82e
SHA1 a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA256 6a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA512 54e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722

C:\Users\Admin\AppData\Local\Temp\_MEI24562\base_library.zip

MD5 2fb1ccf297ac06605caf9a8957eafa58
SHA1 b8862bfc3976a7b0de8d37b575b6403ea79aaf2c
SHA256 c38b28b2fda0ffb03fc3e4cf4482fedc3091cae67cf5212661e5bfae17321e14
SHA512 ec2609d427e2235e617f0d8206ed013976667e31dc82b57cd3af3060554f9bece122e1bde84d97954d21607b89ab5abd6d62b29322f68e85116941cafaf85cd6

C:\Users\Admin\AppData\Local\Temp\_MEI24562\_ctypes.pyd

MD5 6fe3827e6704443e588c2701568b5f89
SHA1 ac9325fd29dead82ccd30be3ee7ee91c3aaeb967
SHA256 73acf2e0e28040cd696255abd53caaa811470b17a07c7b4d5a94f346b7474391
SHA512 be2502c006a615df30e61bea138bd1afca30640f39522d18db94df293c71df0a86c88df5fd5d8407daf1ccea6fac012d086212a3b80b8c32ede33b937881533a

C:\Users\Admin\AppData\Local\Temp\_MEI24562\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\AWARE_PRIVATE.EXE

MD5 b1c3eb8c1dc5dc29424ff858568e807f
SHA1 bbc3f1756ea9c8e5d4c9a4f29b7bca18dcf3ecde
SHA256 b2f19f558b354760176d25556bd5d544828a11b6db1bd7acdb908f74efc0babb
SHA512 7350fd0f71d51668b3afbdd3ae81bd37e2990c2add56b81c9f5f124f1f8a225ab765bc24a7b9396381eedbaddf5d704c769ec8a4d1aabc812d3a536f08e7ba9c

C:\Users\Admin\AppData\Local\Temp\_MEI24562\_socket.pyd

MD5 fd1cfe0f0023c5780247f11d8d2802c9
SHA1 5b29a3b4c6edb6fa176077e1f1432e3b0178f2bc
SHA256 258a5f0b4d362b2fed80b24eeabcb3cdd1602e32ff79d87225da6d15106b17a6
SHA512 b304a2e56829a557ec401c6fdda78d6d05b7495a610c1ed793d6b25fc5af891cb2a1581addb27ab5e2a6cb0be24d9678f67b97828015161bc875df9b7b5055ae

C:\Users\Admin\AppData\Local\Temp\_MEI24562\select.pyd

MD5 0e3cf5d792a3f543be8bbc186b97a27a
SHA1 50f4c70fce31504c6b746a2c8d9754a16ebc8d5e
SHA256 c7ffae6dc927cf10ac5da08614912bb3ad8fc52aa0ef9bc376d831e72dd74460
SHA512 224b42e05b4dbdf7275ee7c5d3eb190024fc55e22e38bd189c1685efee2a3dd527c6dfcb2feeec525b8d6dc35aded1eac2423ed62bb2599bb6a9ea34e842c340

C:\Users\Admin\AppData\Local\Temp\_MEI24562\_ssl.pyd

MD5 34b1d4db44fc3b29e8a85dd01432535f
SHA1 3189c207370622c97c7c049c97262d59c6487983
SHA256 e4aa33b312cec5aa5a0b064557576844879e0dccc40047c9d0a769a1d03f03f6
SHA512 f5f3dcd48d01aa56bd0a11eee02c21546440a59791ced2f85cdac81da1848ef367a93ef4f10fa52331ee2edea93cbcc95a0f94c0ccefa5d19e04ae5013563aee

C:\Users\Admin\AppData\Local\Temp\_MEI24562\libcrypto-1_1.dll

MD5 cf0c6903a8891068e0f8b126bbaea123
SHA1 70203b31a0951f19f6958e794a4efeb0f13eee07
SHA256 63fb00dd7a99473470bd3edf0d3c3cdcc6050551d54db3e1dd994d59b62a6d09
SHA512 6edff4b5ac0122ab3910b169d9ffb15283d451a44bb0d2ada2371a750018e91db14ebb6eb0aec6e059871fb2162bb087f759d7d81675ce4a6e715f7609fa8426

memory/5020-112-0x00000000742C0000-0x0000000074A70000-memory.dmp

memory/5020-108-0x0000000000CC0000-0x0000000000CCA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24562\python39.dll

MD5 5cd203d356a77646856341a0c9135fc6
SHA1 a1f4ac5cc2f5ecb075b3d0129e620784814a48f7
SHA256 a56afcf5f3a72769c77c3bc43c9b84197180a8b3380b6258073223bfd72ed47a
SHA512 390008d57fa711d7c88b77937bf16fdb230e7c1e7182faea6d7c206e9f65ced6f2e835f9da9befb941e80624abe45875602e0e7ad485d9a009d2450a2a0e0f1f

C:\Users\Admin\AppData\Local\Temp\_MEI24562\libssl-1_1.dll

MD5 69744ea8dafcc4bfc9c449a5d2be5559
SHA1 5ef7a43f09a846abaa2995ac33034f1cfec5e23e
SHA256 612cc850517fac767be4e84004d29ab6a4d40605536338ddb956d13516508d3b
SHA512 d8f760bab174db54df5acf8788abc695fc83cb5cf80f70dbed357675bfe83f62c270b34698a0a70537f604ed35e84186044cce854f9dd63663d157a90939a272

C:\Users\Admin\AppData\Local\Temp\_MEI24562\libssl-1_1.dll

MD5 6a3942f8c11b47c344977f9a92454bda
SHA1 8267a8f4ca62756496b3e0f346433cf47155c235
SHA256 25f6f59b9ed0e0a1ae159fb3dd61044ee07ff48b6c3b0a98548f7f42337cc37b
SHA512 b29ac77164a7d7a8dda1402c9f075b8dcd31bfd8bdd31b0640a599cebdcb4080e82aafeb420ca9aa799fc5ebc2f6b2129b44613ce47fd565f58c741f4d7fd317

memory/5020-118-0x0000000004950000-0x000000000496A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24562\libcrypto-1_1.dll

MD5 89511df61678befa2f62f5025c8c8448
SHA1 df3961f833b4964f70fcf1c002d9fd7309f53ef8
SHA256 296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf
SHA512 9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

C:\Users\Admin\AppData\Local\Temp\_MEI24562\_hashlib.pyd

MD5 7c69cb3cb3182a97e3e9a30d2241ebed
SHA1 1b8754ff57a14c32bcadc330d4880382c7fffc93
SHA256 12a84bacb071b1948a9f751ac8d0653ba71a8f6b217a69fe062608e532065c20
SHA512 96dbabbc6b98d473cbe06dcd296f6c6004c485e57ac5ba10560a377393875192b22df8a7103fe4a22795b8d81b8b0ae14ce7646262f87cb609b9e2590a93169e

C:\Users\Admin\AppData\Local\Temp\_MEI24562\_queue.pyd

MD5 103a38f7fbf0da48b8611af309188011
SHA1 1db9e2cb2a92243da12efdca617499eb93ddcbf8
SHA256 3bc50ac551635b9ce6fbcddea5d3d621c1216e49e9958fa24546ab8f6f2d111a
SHA512 2e6c4b9786034cbf6a6d94761ed31807657ee10edd679147c838a2e6e97a0c13acd6e59bc6e69edf1ca725f12e0f972a0de0ae4b331da46dccd687c59096a250

C:\Users\Admin\AppData\Local\Temp\_MEI24562\unicodedata.pyd

MD5 7af51031368619638cca688a7275db14
SHA1 64e2cc5ac5afe8a65af690047dc03858157e964c
SHA256 7f02a99a23cc3ff63ecb10ba6006e2da7bf685530bad43882ebf90d042b9eeb6
SHA512 fbde24501288ff9b06fc96faff5e7a1849765df239e816774c04a4a6ef54a0c641adf4325bfb116952082d3234baef12288174ad8c18b62407109f29aa5ab326

memory/5020-127-0x0000000004940000-0x000000000494A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24562\_lzma.pyd

MD5 493c33ddf375b394b648c4283b326481
SHA1 59c87ee582ba550f064429cb26ad79622c594f08
SHA256 6384ded31408788d35a89dc3f7705ea2928f6bbdeb8b627f0d1b2d7b1ea13e16
SHA512 a4a83f04c7fc321796ce6a932d572dca1ad6ecefd31002320aeaa2453701ed49ef9f0d9ba91c969737565a6512b94fbb0311aee53d355345a03e98f43e6f98b2

memory/5020-133-0x0000000004AC0000-0x0000000004B52000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24562\pyarmor_runtime_000000\__init__.py

MD5 2907d181029a78f6070d363a0838e33c
SHA1 d5868dcb89826ade2be8163a4d72c4cbf11b5664
SHA256 ede907ec18aa199b76c6a9938046df16bf48414bbe132b48963650fa9fb112ed
SHA512 61acb2c5df209e6d613831c024c50e5c81d6bdb12cf7501e815b393ad1b146ab3839e5cef8247f4e9f98592eba9a2e03a1c24dc3fe25704c76565575270c8a58

C:\Users\Admin\AppData\Local\Temp\_MEI24562\pyarmor_runtime_000000\pyarmor_runtime.pyd

MD5 cfd8e74e188e13e0f7a9be7994ffd84b
SHA1 a96576784879364e4869a1dfe674fc63dcf73044
SHA256 9d88afdf323fdad91147cdb11cd142dbf965386acef428634a24093bd49fcf99
SHA512 e460d56ab3eacaa0051c61837dbf16657fb6cfae501422cf7b32099bae6b959ee8c0a797c60198b19d7d560050f189cad1bf9e5d97b7c4d349cf0bc653ebfacc

C:\Users\Admin\AppData\Local\Temp\_MEI24562\cache\sys.py

MD5 d4a6a132b41964560be8267827a0abb7
SHA1 715ff0c024150c1a67cb9b315c5e0c8968b74be4
SHA256 65ec8003b0ce58f4b4f9deea02237b6629a5a22180361e2e1c4d6ca368f92cc7
SHA512 b13e400134f2d9eb945c6582ee0fe58f53986daf9b4dc1292d37ece8d1210859566820920772548dc2b0331102e3c1e50902f143e6c12307ce2448e5d02476a9

C:\Users\Admin\AppData\Local\Temp\_MEI24562\certifi\cacert.pem

MD5 d3e74c9d33719c8ab162baa4ae743b27
SHA1 ee32f2ccd4bc56ca68441a02bf33e32dc6205c2b
SHA256 7a347ca8fef6e29f82b6e4785355a6635c17fa755e0940f65f15aa8fc7bd7f92
SHA512 e0fb35d6901a6debbf48a0655e2aa1040700eb5166e732ae2617e89ef5e6869e8ddd5c7875fa83f31d447d4abc3db14bffd29600c9af725d9b03f03363469b4c

C:\Users\Admin\AppData\Local\Temp\_MEI24562\cache\os.py

MD5 ef19238435cc2c50126ea92ee9afd90c
SHA1 ecd5e35680ac491409512aa36be45b4188518f67
SHA256 0929ae5ac200cfeca6a87910bd8c2d0256f28ae5bd99e43e3f3292f113cdedd6
SHA512 eeafc6b7fcfe852289a8f3471b038b4a5a19700c5c0b504b91f1334be8a19b4c1b250cf8a8b341a36c33aa436199da665d8472ed841f67b4b3c9a58d9ae91a97

memory/5020-141-0x0000000005110000-0x00000000056B4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI24562\_bz2.pyd

MD5 e91b4f8e1592da26bacaceb542a220a8
SHA1 5459d4c2147fa6db75211c3ec6166b869738bd38
SHA256 20895fa331712701ebfdbb9ab87e394309e910f1d782929fd65b59ed76d9c90f
SHA512 cb797fa758c65358e5b0fef739181f6b39e0629758a6f8d5c4bd7dc6422001769a19df0c746724fb2567a58708b18bbd098327bfbdf3378426049b113eb848e9

memory/5020-128-0x0000000004A10000-0x0000000004A20000-memory.dmp

memory/1988-142-0x0000000061B00000-0x0000000061BA5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\swimbrowse292710.vbs

MD5 a34267102c21aff46aecc85598924544
SHA1 77268af47c6a4b9c6be7f7487b2c9b233d49d435
SHA256 eba7ab5c248e46dbe70470b41ebf25a378b4eff9ce632adff927ac1f95583d44
SHA512 5d320312b93b46c9051a20c82d6405a3f2c78b23adb3ab3e71aad854b65b500937de7ca2986cf79967386d689beecccf676d89afde8ecc5d5ad0cb4ae2bf38a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1e3dc6a82a2cb341f7c9feeaf53f466f
SHA1 915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256 a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA512 0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

\??\pipe\LOCAL\crashpad_1840_PZAAPOHIQXDIBUUT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36bb45cb1262fcfcab1e3e7960784eaa
SHA1 ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA256 7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA512 02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 24f89f7a68981f5f5e55ddb68e1b2430
SHA1 c9614e75a685a2070f8d892829d567cc2cb38348
SHA256 1d20429b29b811c12f48e736162492e87916183612fa85f900787a56e78e5944
SHA512 842bab945d1b64377c15d5849c387c58d0c8900cbf6ca7b4717512044bc2c57946a94151ea3839a03b8e499b9a56107439aef13c16b3f487dc57b4e1d997ef12

memory/5020-177-0x00000000742C0000-0x0000000074A70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c957895de36a053736f0ca39a9818375
SHA1 f719717a53ba2f1e0976989202028adde210fb54
SHA256 c912338445f6ed1f08b25f040a7142791cc1385be624d632c74545ac19f1fad6
SHA512 f1781aaa72c5f034b6303f75762e25d0e7780e5176ca0665eaf835392dd6a84e47d70f7101b90c1047b66f7669b1d064e1720aabdb112c35c82d70c1ee4588f2

memory/5020-184-0x000000000A6F0000-0x000000000B2F0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a7a842bc6c6ae3e8661609017f461654
SHA1 43c2cf3ebeb487615aaeb0d2b1452c62a089c8d2
SHA256 bf532637755b3139c5426646e8fa1618455fcbbfa5710823c1ba0fb5628fb274
SHA512 c02ad3d10b2cfdf8c50c2ca66c10d7bb887c1bee5f9657c3cefb3e9e70ad64ec298de503671c7e1a71b4f7f00503e1ab4a71fe04b80e616292779004bc7f8e23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5020-249-0x0000000004A10000-0x0000000004A20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f476555403efaf90f4c33e739e65258e
SHA1 1e5dc785cbe9b02c9dbfdd07df3b6bf2dafd31a4
SHA256 bc8b213103a70db7b12b5351ebaa20ce474da6c80c32bbab4943b30836671701
SHA512 a1d38ba58bcb5790cc615eaab1fdd7c8525cfe05622eea50888b86a031be39f7ef4d7f79f04d3f4ad5c942997e58d81d268a75d10db88420d1576fd1bd9ec068

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3e2a5bacdcd97116cd24bb71aa8e63b6
SHA1 e34134ccfc5bc0164422845e38b10ecf57261a6f
SHA256 a727c346cb5bcca5dd4f7e70b67bed006c7858d99a297c85feafb59efbc2e8cc
SHA512 6ccaf9e407c82b389b0bf660cee5b673e2975b2cde76873bd864af29102bdc480ba3a0b6915516bc242884bccdc268fd274d7ed4d825a29cb6285b6fdacdf51a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

memory/5020-373-0x0000000011470000-0x0000000012112000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5886cf.TMP

MD5 d9ce9154223ed0c2f6df8d7c1faf1cf7
SHA1 fc5038f611aab69cff3232125158c7aa60ef5288
SHA256 1d0e901e21eb84e1cc9d8b69060da25edf72ad0e4ff479198ff8b0ea8ff2de8e
SHA512 07ec3d1645eb0a107c09c2c70751fb05908781f6fd4ffe1e3a5b3225e2cec8b50f1ced8af329e6f98acb976a294dc69403ad796b3020715a96ec8e67e86b342a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c48ace28-d301-4e08-aafc-11aa51d88ad4.tmp

MD5 4b9156a9aae73b17a07980863f6b3c07
SHA1 f7c39092415d492cade931fbd0130cb29feb82be
SHA256 2f3831e3349c1b7d7784ed3d5f47d41e1aa29c3a83f343e05995201d765e95a5
SHA512 79bf81d1fd900c4620e9afe07f7d7181e2536de478a1e2c30059348c2a5f9dca555fde0d3881f9d53b11c66e5f8622c3f050f3146273ac00eed6060ff5caf95d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 121efeb1e2b4e9b3e9cba1046ed4cc11
SHA1 566f534831d35ddfd4bfad5915c600d0239fa174
SHA256 fdf7d24b78605e9c88a60f0b54404761e5dabfbeb89c19bacdd918ca86e14f98
SHA512 2054c10dfdf0598a6c100d4cbaf5bf9ccf48d919b47138271e6304629f72c4335bdc92ec0516fad136f101e226070120a99bdde97979bdd1dc1ecfc7ab918d05

C:\Users\Admin\AppData\Local\Temp\ncvslurs.exe

MD5 e898826598a138f86f2aa80c0830707a
SHA1 1e912a5671f7786cc077f83146a0484e5a78729c
SHA256 df443ccf551470b3f9f7d92faf51b3b85ae206dd08da3b6390ce9a6039b7253a
SHA512 6827068b8580822ded1fb8447bdb038d0e00633f5ef7f480a8cdeaab6928ac23022a0b7a925058e0926ce9b41a6c8c22a5692e074621b2fccdb7edd29a0d4cfb

memory/3496-408-0x0000000000560000-0x0000000000568000-memory.dmp

memory/3496-409-0x0000000002B50000-0x0000000002B51000-memory.dmp

memory/3496-410-0x0000000000560000-0x0000000000568000-memory.dmp

memory/3496-412-0x0000000000560000-0x0000000000568000-memory.dmp

memory/3496-413-0x0000000000560000-0x0000000000568000-memory.dmp

memory/5020-419-0x00000000008E0000-0x00000000008F2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 143851213a8c9bb73c3df32d032b5fbf
SHA1 9a08b253f9298b3a0abfd2848765893b9f684bcd
SHA256 9e9b586a3286d9c7df98e2b06517acf8cd21079a7e9d4c319233a8db6baa964c
SHA512 baebf636d3650998cbce2a986e88eec4f75016b7936d095c58330bc30c59138bbda32d19bebbb57b26f582285d1f8840b70b93ce55e5d58fc2fbc5a6c7311188

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 764666e3debd6fe7ff0c0b625a41a62c
SHA1 d89070fa6d0ce0f1d23a734d7dd59df17857e002
SHA256 eb96750ea92f4a0869b8bc96e6da246127aac54b53a336c924c7a7bec891258a
SHA512 ca32adb6382b05f136afdc5328729ec2af14afab7a55fe777e06499ad2dd11550a09d278432fea9d9ec831ecf5d4952f08a8c1abbf299f2db9f226dab1bdf1c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab5a7743c112bcd3ec45d6680c339b96
SHA1 74b0a076246eb2f92fca800cdc81a3577b2560a2
SHA256 7866e630dd78969d95ab2fff9aacfebcfbd62aec078ee77e21dd832e170075fd
SHA512 6aa815bb6c24d63c0be5fdc816ada70b56cd679dfa3ef55160c0727d1ebece096a47a6bc15df81b21a152dd35fb18712f89ed3b2e4e658a364321029fcd9b832

memory/5020-639-0x0000000005E30000-0x0000000005E96000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3dc6d2e05c7312fb05310b716a49a4f1
SHA1 e9e8be31d208f1a2485d9143230f7137e914f585
SHA256 7525054ab9ecd32122133c49dded7cd7c51d4bb597c5ecc92450cc8f3d781656
SHA512 d47c0e348020ebf30a11b5d4365afef3e081b2135f171c1be097fe98ee83fa4a983505549e15d1b25fa047a23f0260035533353be200ab7964cc93165eb45844

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

memory/5020-661-0x0000000002320000-0x000000000232A000-memory.dmp

memory/5020-663-0x0000000008540000-0x000000000854A000-memory.dmp

memory/5020-662-0x0000000004A10000-0x0000000004A20000-memory.dmp

memory/5020-664-0x0000000008560000-0x000000000856C000-memory.dmp

memory/5020-665-0x000000000A650000-0x000000000A658000-memory.dmp

C:\Users\Admin\AppData\Roaming\Gongle\aK7I45I9WG\7nvvjyxe.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite

MD5 e0b8a9d53327c71a8ade7f9730462fe8
SHA1 49b0d2dd5d1542775a6ebe92a03efe3fb3685e9e
SHA256 1b263d2db1ff1a6c7d3b9c4925b04e1c51529b3ebafa5977024a22fcd6823263
SHA512 ce46be6d9d56dd9058644b6ecc636f27bf3a4eac51a35ab62c018a395c8fd75a389d3b674bea55bb6d8445baf4b31ee200d322752cf5676088bfdec8f33a4cc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cb096651929db44b583c9a3e4065d49b
SHA1 92bddae9c14e26ff0ebe0a9a3de8618c394b14df
SHA256 beba4152ac58909b6b1c70e24dfe68b6dc68b126119b44fccf20dbea8740499d
SHA512 c3107721d7991881b7f540f3c783ad8f35a8b64bb44513c0bf52ce001b6e1817bccebba028daf47f8c348600bb5ba697ae5508892db8be2f31b3958710a6f634

C:\Users\Admin\AppData\Roaming\Gongle\a68ZN3CU2B\LOG

MD5 04a9b982d47e16d94475a86f920b1ac7
SHA1 8449bfb61083bfd3a06aa4330bff5805a7df3172
SHA256 b296522cb7cc6f3c4dcd46fd7e636434d75848f57da0dda8257ceb258583ee3c
SHA512 fe2e51e4a13791f3e4364e1acf6e0ae2342c509e05835019f181dc3ead23cc7b7b5b75005079920c2c089a498c75d261efae21351d0622945fe0d63497aca606

C:\Users\Admin\AppData\Roaming\Gongle\a68ZN3CU2B\LOG.old

MD5 a4756aac19fab75322d4e3f6b9a74e7d
SHA1 c5854438f0525cbaa0c303767dcda1878fb4660c
SHA256 c7131a98ea11f3d58e79804df1d53cf71b9f08341d2adb4129b94c730cf1614f
SHA512 4e474e0400fa26606857a62b6a91dda47b851db16e25e010de20ca6148d693fe715d70f064b0893b879aac4ccae52f4414c8f035da01a0a8fb98f6493091f83a

C:\Users\Admin\AppData\Roaming\Gongle\a68ZN3CU2B\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Gongle\a68ZN3CU2B\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Gongle\a95CTLQWSP\LOG

MD5 6025c8e29cd3e8354b095cc31de6d6fa
SHA1 755f557efd18f3acbc32cdf16c96c87b345f3a94
SHA256 d4b37807fa8a3f679e683f5acaa52b631e18864a90e9983aebe8cb9f58ee9b84
SHA512 b5bbb00d350ea147fc3d4c808925a6a9f930faf1854284dab1fa229b3974fe7f1f0ceb82f48d9360c8f6c735b13735fd560c45121a7f826d920043157484f319

C:\Users\Admin\AppData\Roaming\Gongle\a95CTLQWSP\LOG.old

MD5 9800331dc60cda3c30a779a60cfa8892
SHA1 9d5c7facba6ba02e085d6079711464e28f6bebf2
SHA256 39e35f9b4b7b6cd9ae0b77c3f8a56474b6575179cdb3cb1719f33dcb30e2eaf4
SHA512 836c45f54219300e90dc74061f25476cfbbde4ca72c4323a52bb7866ed579bb1e75ef288a853b7930047286cf1a2eb5aef522112c2f1d102af018cb389206845

C:\Users\Admin\AppData\Roaming\Gongle\a95CTLQWSP\000003.log

MD5 f64ffa8adfe6f8dc29346b356e635cbd
SHA1 908fa15acc33f2d9e1c843616273ac50ab4aad00
SHA256 299f58fe1b6ed4db395f0d4b2f965b43d7c09b190031cad68712544193aca26c
SHA512 a3c570673aba5854b498646b48279f80020925e5b1298167e668bf256f20774e456d4d63f5c2a2012e84c22aef5497018426d8ddbd9ac5f9ec776839c495d6b8

memory/5020-821-0x000000000C7D0000-0x000000000C882000-memory.dmp

memory/5020-851-0x000000000A660000-0x000000000A682000-memory.dmp

memory/5020-852-0x000000000C900000-0x000000000C976000-memory.dmp

memory/5020-877-0x000000000A6B0000-0x000000000A6CE000-memory.dmp

memory/5020-890-0x000000000C980000-0x000000000C9D0000-memory.dmp

memory/5020-891-0x000000000C880000-0x000000000C8EA000-memory.dmp

memory/5020-894-0x000000000CB10000-0x000000000CE64000-memory.dmp

memory/5020-900-0x0000000013210000-0x000000001325C000-memory.dmp

memory/5020-906-0x000000000CA40000-0x000000000CA7C000-memory.dmp

memory/860-913-0x00007FF76BC00000-0x00007FF76BD30000-memory.dmp

memory/5020-910-0x000000000CA00000-0x000000000CA21000-memory.dmp

memory/860-909-0x000001C8CCB80000-0x000001C8CCB88000-memory.dmp

memory/860-921-0x000001C8CCB80000-0x000001C8CCB88000-memory.dmp

memory/860-914-0x00007FF85BAD0000-0x00007FF85C260000-memory.dmp

memory/860-922-0x000001C8CCB80000-0x000001C8CCB88000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4ddc826886524c5f9d6f891d2e27dd57

MD5 16e2d911fbd3496549c37401fe451382
SHA1 e36735828d0c6adf30b085967cc244511d1ce393
SHA256 94d3e572376f7262790f74d38233a5dd5783e18ecd19e62fea5912362099e95c
SHA512 f10331259962df730ea7651c0a94843e974dce692881598cb9622c155c5516ae8148100146ee131226a09f87f8387ab0dd7d5f04fde453bb3a85eeac1e6bf6fb

C:\Users\Admin\AppData\Local\Temp\a29f9bc0b10b455ab5c8fbe45ea743b8

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

memory/5020-936-0x00000000076F0000-0x00000000076FA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3f42906a36c524d9b2d7677341f582f2
SHA1 1e0daf406f2f464104177ad54b0dc913431e234c
SHA256 43ee02027fa4c8746c31ac1033f4d2d9dd13ee35d523feacb247d93ea0fb33c3
SHA512 02da464cdfc4435ea5e11fd21a5896aa70a73bf4e7c4f0b27e13baa0dec98cfed86f0be7d5abc0ee2dd26e3ddefb5ee2ac389eb809dd3b3eff44cd031b9ac531

memory/860-946-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-948-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-947-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-952-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-954-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-956-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-955-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-957-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-953-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

memory/860-958-0x000001C8CFC50000-0x000001C8CFC51000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 604a93ebdbf78fc5c652f26119482a44
SHA1 914bcd62a9fccdb862aa3cba9b74c703988003a0
SHA256 7ecb52dc24ba86223270a387db486cc17153b5fe31381f20a1a071f5ddd35c43
SHA512 14b3e3284c41dae504f4aa36a65dd09079b3e1e3b37cfcb6235ea8026f2df4b3563e990d1596c68ed5217d68ce3db85c0c19c8441333a838eae6944a35306e35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3afd46f1aae0346489daf1e5ed558de4
SHA1 e979e8a23c36be8783f01fedd31d9b4db81d81d1
SHA256 a0c208880eb94915c9984fde8c794796601af3ab51219280792cf66bea640949
SHA512 a149fec6a065fb4dad67f8473619d976270b85d4c00f46c54dcc2735bec9ae0e7496a6c98d528cad7312a8bdea03f6d222900badba045848021ec95bf642de2d

memory/5020-978-0x0000000004A10000-0x0000000004A20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a989875962390bd7a136c48622f10bf5
SHA1 4ad276155205125fdabbff6b08437f9605a9b461
SHA256 7deaf5a43cce06ea38c63d0b2bcf6051b4e94d3ded527beda4c6b8f97d76de0a
SHA512 f4672c00cdec686b57b1e097fbff88fb0e597531005cd17ce038e86bc91c364d1b99f1f9e1a880e705321b88b6f94ed47a213518a3382114989d794b54be100d

C:\Users\Admin\Downloads\dxwebsetup.exe

MD5 e58a2a7831d7f0dccea872bf656ffee5
SHA1 c861836db6262e5a3fce9e0e559b5fe82a6c0837
SHA256 4de93375e795dd3683d03bcb0960d0d14a24a385c9df942daeb8648cfd12a044
SHA512 565a2f0c924c22fc000b36cfaa4c6fe279ed41ebf2af65942651c6e0884411b4d7422308ed6b7502db962215c80514af7e368d73847f31cac19cde0d688420bb

C:\Windows\SysWOW64\directx\websetup\dsetup.dll

MD5 984cad22fa542a08c5d22941b888d8dc
SHA1 3e3522e7f3af329f2235b0f0850d664d5377b3cd
SHA256 57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308
SHA512 8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

C:\Windows\SysWOW64\directx\websetup\dsetup32.dll

MD5 a5412a144f63d639b47fcc1ba68cb029
SHA1 81bd5f1c99b22c0266f3f59959dfb4ea023be47e
SHA256 8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6
SHA512 2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2344b86ecc8dde34d319f45e091f3606
SHA1 3b46f03df4586a4698f0dc05caf6449b9dddd65f
SHA256 d702574429da3816fba0cf64d7ce7ba5fdd4dd7c943fa91a5f19a0aad7c947cd
SHA512 da9e02252371c0694af883a7b34329ea11f07e5e472b44ce317164b6ca45b06d984ce502f5bcaed8ef8ce541b2b76c5ac05ec1de47e8b3bd429f42e43fa66863

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 d6f81567baaf05b557d9bc6c348cb5f1
SHA1 0c840165fcd34d996c85b6b44b00c7206bf772b6
SHA256 e60413bec64775bf1933ef4f9673c8bcfbe0ce71e950fd589bbd14c0f9a00359
SHA512 09b84cc9199592821d7de38cbe24332097b276bb25b6d09f7dcdc3a6b17369ee944a6f8120f13ea6a5c15eb759a90d7ce29cc845a5c0680ff2fa53e2623171e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f14d8783018c9ac03b155f36954b7010
SHA1 4b255aed83b79867faab827bf6234ae28fbf66ef
SHA256 44b7ddfb326363469eb6c98a7e801ae8111a1663767112e5bc9996fc1dd09db9
SHA512 60275fee365a582a737e736ebfb7586d513dc68753b9810ee7bf1bca42b2c39b616baf059507fc3744f265dc0c66f14ecc195e9a745a03276eabf493bb74dd83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 89c306fe56093d0233d2163696c77b37
SHA1 5ee6ba46e163c81b4c0d61f542d88b97ecb4b26c
SHA256 faefb1ce8b82d4ec9aaab535c235e143c88a39d7d6b17520bd56b774c9bbbdfa
SHA512 13c676f18af24a6f6cd683c332693ca8647dcdea3eed13c747a74c46c53e05a60f6f2cccb59a26a5aed40d4fe6c5e14ef5eea7be90e0fcdb06216f19bb4143c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 670a7f439fc91f44e1812b2aae1c965f
SHA1 37a23718bcebb3f5ed417d118cf439db61c39501
SHA256 2a6ed667f14270e538915bdc77c373f3d04790ce0b8a75cc91f2439898f5063e
SHA512 cf0ef734683e24980c60d49ea3214becef4479b1ba33b90704286ea06a8f3d698f0d7473e2cc96fcc9ba3ef55097440bb6eb27cabbc5400e6e48167fff4215d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 77025a9c66a440d8d4f0abfc170a8963
SHA1 42d7e6583f999ff30e5da2d39fc4c7686d9c7b17
SHA256 5208482ee289f6f2424fe39fc8009b3cc4ae1e78adfd5ed8636e03f56c453332
SHA512 5160477a7bba5850806b677b13838c2508d47f775c2424d1cb91784507f78b46ca566fa562505a5a0867ee0a4656d115d759bff3da4f811ae26962252dab2f0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dd0622ca6cb3734128ce9a90a60bdf66
SHA1 98e8ec981354ba79bdf9a9bfac8db4f2ec794c8f
SHA256 aa700f565d4cae2299b02afb0c27c265135e7269fcfcc480247dd43805287415
SHA512 87666f4bc6da24420cc02fb568ace85f9695da9ad8d4bc6f1fe81d1df9a016651a3e31951a445801852c00aa9a7028f5dab2727f1f2a5b39399305648d1bd553

C:\Windows\Logs\DirectX.log

MD5 073cb72056455203f94de5e5d0ec09b1
SHA1 189ca007a567d501c86c8ccb051457fe5b1ca3bf
SHA256 f18016ea3f7308b228032f33e3d788306e2c2cd99402a698e3cac891a731145b
SHA512 d1624cba3589c577f348a836ac86a0a71840d732daae75d04be7fa4d6680c777290e8118121d30897f7a04365569b03c9e98cc35d217a9b57eff61e9d2731a56

C:\Windows\SysWOW64\directx\websetup\dxupdate.cab

MD5 4afd7f5c0574a0efd163740ecb142011
SHA1 3ebca5343804fe94d50026da91647442da084302
SHA256 6e39b3fdb6722ea8aa0dc8f46ae0d8bd6496dd0f5f56bac618a0a7dd22d6cfb2
SHA512 6f974acec7d6c1b6a423b28810b0840e77a9f9c1f9632c5cba875bd895e076c7e03112285635cf633c2fa9a4d4e2f4a57437ae8df88a7882184ff6685ee15f3f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\DXIC394.tmp

MD5 2c4d9e4773084f33092ced15678a2c46
SHA1 bad603d543470157effd4876a684b9cfd5075524
SHA256 ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a
SHA512 d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.cif

MD5 b36d3f105d18e55534ad605cbf061a92
SHA1 788ef2de1dea6c8fe1d23a2e1007542f7321ed79
SHA256 c6c5e877e92d387e977c135765075b7610df2500e21c16e106a225216e6442ae
SHA512 35ae00da025fd578205337a018b35176095a876cd3c3cf67a3e8a8e69cd750a4ccc34ce240f11fae3418e5e93caf5082c987f0c63f9d953ed7cb8d9271e03b62

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 cec960807fa5bec11ad4a31c3512da4d
SHA1 a3ac60a3518747d3bbead5edfd17e155cf7ce9f7
SHA256 f960075a7b1c2590e18700f3230f7baea9aced3e6ba5dc93dac193027b5cec48
SHA512 2da2d935f9b96bd36536f3a7a494775c8ed9bfef6538ffe66307b73cd5c82210fc43bbe6706d74d99dd5b924fb78a0d1beceee8c0e22d91e17b1346dd85690ec

C:\Windows\Logs\DirectX.log

MD5 2b0983720ca49369c80cc7bd44624781
SHA1 c1f61aa8939c600fd174eae9f247b1c50a1f56bd
SHA256 4dca6a04467f973715fb802756ced32d6a72367ca120b1823f0ec52f2e55dc68
SHA512 9c261d57d8b7d1d4e55507a695a531c873d11ff89004ff6ce0d5dce3b856b3e7881f3fc46bfb4a8f799d2e56cb95590e3a3074472d2882caa05d07c4a4a805ae

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll

MD5 7ed554b08e5b69578f9de012822c39c9
SHA1 036d04513e134786b4758def5aff83d19bf50c6e
SHA256 fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2
SHA512 7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 135f36c496de6829050cc982ad175858
SHA1 8ff30ef9fe31963f07fa256d83ee13252238da18
SHA256 c9ebd0c038382084726724ee5203e547bb79c34a99e95bb4e1e9b4bfd8def35d
SHA512 357d286aff5b36796ef3f22148e334ae48cf473541954c8b25730ec8853a839b82419876bb53b2bb6455aab8b270bb83153bd4f8689fa9f89d865d7697f6b085

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 72c4b844b58739d4beea0cfe989aac93
SHA1 ea101cfec6a65a8214c93693ed9927555fdb785f
SHA256 df533eb9e0dbc2d1822963a5de20a7fecf8539e7308eb542653e6dcae9c82bb9
SHA512 52697de937dcef3ff261c4b32c840263221af51939b95094ab3996dd0d9b3a55eac3449ca23b78116086c50e0e0f58bc07c291a12cd8762e0033d735f5d66983

C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x86.cab

MD5 e207fb904e641246f3f7234db74121fc
SHA1 1be8c50c074699bdd9184714e9022b7a2f8bf928
SHA256 3fdf63211b0dd38069a9c1df74d7bc42742de003cef72ad1486aaa92d74546fa
SHA512 ed95d53bc351c98c0322753265b0a21c98df97d0e2fbbc58a6836bff374b7540b0cea21371cd4a7ead654210a42e1f9809cac6e4eae2ecf0ef2b88e220dc37f7

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 a2f81d61adb271cf23e42c94e7aad855
SHA1 c5565b10b6292a73905902caf2d6b4e1e2f77569
SHA256 97d97b1c7f27857c71ad255d8127d6aee07ac9d9ff89cf26122d2b67725245dd
SHA512 017d88238780208ad5b449dd33410fcf00786e9c36190cbdb411f2859937dadb7739071a3f5a11787a18a20076f43bdc407586f39714ba902c6fb438e22fa811

C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x64.cab

MD5 b0669f7d395078bee0087b089f0b45c5
SHA1 30506fc3dce9532ef0a8cb3973347ec9c3c9875f
SHA256 e63a67783ef7624559f95ab697bf8afbdab7ace31200283ef840e6b94aa16e5a
SHA512 d7efcfd85b3cb6cb9b1936b701a9d7d91a6094aa08d8c933edf8493c6ad57be05a579980a404b35e9721f71b45f4cae28399fca3ff5df20a9a3138b90f86b94c

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 4d508ab9e761666446ed75d10a9952c4
SHA1 447b9463666058890903a712e48080bcccd3cf92
SHA256 f62e34af76dd829b4fa111ec5fd14ccf7223e8d8be149ba08c9fbdccd822af91
SHA512 750ac58f0c42f37fcde4a931f350a1f0a7606165b8904cb475aebe2a3079cdc848a21d686bdd1be9f77ea5b6c84be05758cad2f0b20a2843105412c0c7c72637

C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x86.cab

MD5 16b968ca0c435ee45e77a84c2d0364a9
SHA1 90b17a60a34f6335787a6b2d489cbcd3a4ea98c8
SHA256 6dd7c0abe37d3df7aa6db7bb352260f4a15dc965ff9d30aa32fe9595c1a18300
SHA512 3bbbfdf8b5673641ec066c3fb52e6b0d5ce0bc6ed6bff17ab4ac3fa69a8628b09e5ec8322fc39d2a206974b54d297caaff9410197e26d090fe74f963cd535045

C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x64.cab

MD5 a9d582e44e46e36f37edb7cbc761179d
SHA1 ed1bef64385e94ce89afa704d38408e23b31fa79
SHA256 c26633d38e0a91b9be70382e916a83d50e219609f7e05cfb2d27dfafbe480b43
SHA512 20011bfb547dedce8e6fceda22c3a3a83db140e8a20844f3b0e8741b4474c1fea73d84708b801e83eae3cd2d8a2d6c851c3f7cd0154c0382a78bc2c2df6b01e5

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 edf660a46f752a049c8d4dd05a854bfb
SHA1 8461903ce4ae4ba6c7d3f5a11a79612bf77627a2
SHA256 9efd51642c41cf85174850e297a4b3aca1ce824819dcda2fa7a22dfbb260d7fe
SHA512 d6ca336d44d76dfc68a2d20044f4c296630c1ba7f139a5c3e9eeec31745ac4eadc884b3c4d80d9138a181d81aa22d5fda3283bd86e9c77cb66939f33ebd6049b

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 aceda5efefa3fecfa06cb939f8bff9f4
SHA1 2a0ea6ec07b0c5a369d264f2c3b1b7817b56a7a8
SHA256 a99703529f06346901e4e262d93f1b8c8e4da3e96ca4c071106c4382ca2558c9
SHA512 f2f03242ac609a606eea90d8f98090f70704702df189e9c87d81d248d2a98a2af74a5974c1464fa29428be10d21aa35284ea0d28d95e81d753906c21c7f401e9

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x86.cab

MD5 75c33157d8a1b123d01b2eac91573c98
SHA1 e3e65896ce0520413979c0143c3aa9bd3a6a27d3
SHA256 02daa8b5ac3752f76c3bfd9a505ebf22b1b4b41e44eb92ce2799033b2330d186
SHA512 f0f1f1dea5938e1c7ff2adf7c8d421c2e68e6d3a8cdf18d0f2f3fe1c6837a4f37b367d2d974c35832d1d85a619948dd0f250c7d6dc4ae39f618f5a2893eac7dd

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x64.cab

MD5 681407075e9b19e5ef2218832f6fad71
SHA1 e4f4d292a36cd9a3034007ef9d2005694307eb52
SHA256 f9bd5bb083bd55d1d2a690bc66d6d9da0b1a8b49f09e811e788c030669121118
SHA512 e983e7dd3f40510816ff3ae836600a186dba827b484b0c346c20e43e229189a86d4cb5cf219c1fc35b77ab0668866446f6e9206b279931c927d4ed66ad3625f1

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 ea20168be941c59ea61bfce11c7deac3
SHA1 f144ca4aa5a1c30bfa4b5163bd219ae1d4913bcb
SHA256 f926561442ba3d43ee6ea8d4b42588b25d5b8a382577fcd89ee3bf2c263084ae
SHA512 dbddece15382d174f9eee716395c4a7a0dbce9c0e8bdd640cba59f134b9e09d300a7daf5728fa0d992f393f40954804ad183bcc18bb759d373f0ef687e87070e

C:\Windows\SysWOW64\directx\websetup\Apr2007_xinput_x86.cab

MD5 b362ec93463d8b6381a864d35d38c512
SHA1 7ce47ebceda117d8b9748b5b2d3a6ae99fc239df
SHA256 b6c1166c57d91afeeeaa745238d0d6465ff2084f0606fd29faf1bfa9e008a6c5
SHA512 cc57733912e2a296a11cd078372c3b43f1256a93ec5becd0d1b520eb210fce60938aa1caa6dbbca03292a05495b5ecd212ee5f77e3ebabb11ef31f1975b2d09e

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 408cca21957bb22716b5d605a9c51bd5
SHA1 a5dbe2a7163afb41f1f615cc0c0d098c60fdfcb5
SHA256 6b38ba9035194a880c460dfd5d48569d6bfedfa099a9931332e79626abf042ee
SHA512 b36c8940e6f3a3d92361d6825da8fa685350b891188c0d3d0a783dd3d461423f1e1bd80d861d2d76300aaf7ea77e17a0fe22b6bcc2f11ab6126cfce34072c9bc

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 57fb131645b8289383e2e621f4c28104
SHA1 71abb1cc810974e75ff084595e16f46bd88da653
SHA256 39b61c1336e7bb95487dccaad47d33cff953589c17f51496a95342fcb17f148e
SHA512 0178f994bce78ef5adbcea90c994a6c7d99813e256f3f86e9559e306f3b795f6f506bd4b78a13a117b4afed36c4b6889b36ffc3c09fab69f94aa0f2404593390

C:\Windows\SysWOW64\directx\websetup\Apr2007_xinput_x64.cab

MD5 fae84e0773a74f367124c6d871516b7b
SHA1 caf8b9d7d4af965bf445d052d1e835b680d6bbc3
SHA256 86ee073c199b5080fe4f5be6ac24bb1117fea42e4bbcd828b4f0ec26c669b22c
SHA512 caf1381cae7417b57faef56d0023bf90c90406748f8813ab85c687ddb81e2498d2f1d5f4bc154903fd5a19836e6f245cd6f5d3927a383f1acc3bcc41b58fd09b

C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x86.cab

MD5 7029866ba46ec477449510beee74f473
SHA1 d2f2c21eab1c277c930a0d2839903ecc55a9b3e8
SHA256 3d4e48874bddcd739cf79bf2b3fd195d7c3e861f738dc2eab19f347545f83068
SHA512 b8d709775c8d7ca246d0e52ff33017ee9a718b6c97c008181cd0c43db7e60023d30d2f99a4930eba124af2f80452cbf27836d5b87e2968fb0f594eca1ebf78dd

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 5799df5b88730847dd657787d59d6878
SHA1 a1bdcbd884c81e29b7e5bc256ecfa0055d8bdefb
SHA256 f064b65618e11a6fef9253c955c36c8af441113aa7609822f2a02bf48c0ee3ff
SHA512 5e0c140dae074b27c81e652cb676855e78f32f6d9a5379654d9106a65f874dda7cb80e5dd8752a25f0c5ddaeae35bbdd43a967af182c79dd5de3636b64d1eba4

C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x86.cab

MD5 9c5dca423d9d68349d290df291ddbeef
SHA1 d9f1cae586470ea309ce9f115525b0504fffaea4
SHA256 5487ed4e969a822e5c481cefb1d4da3066b1d5ec8c55798b246915ecb58a8665
SHA512 9f50599321f45fb7451b0a1c0f1dcbd6b4a4e60ee27b0ef5aa29168c1bce5b08f34329916ea2ea655cd632d0a19c81953c2a5f1277f6a96fb63afc098236509d

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 18b6813f1219a60d1964765f8f74d5ea
SHA1 2b42ab30711bade49e5e6dc1bcf0ba5912484add
SHA256 7c079edb82fb33dbb50e014099db55afb1f338a31b5ee39ac5bc77297195daae
SHA512 46752cb9512a6eeb4a70e1f03f8bb1ad52d9cdae9f1f5a440bbdbcf11de84851390e5634a59bb75463dd7a25fd3ba181c30fb7dc27b087ed1f7c2e5fa4976109

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 04160ac95ebefb785d2f251b99d34d1f
SHA1 66aad4137987399fe894886c1848fc26e491744a
SHA256 101654a7dcc364b91670353a4cd396204207866229ab9be7a648b5f66f9d9fff
SHA512 7199b7f9d6bec65215788d14919d0610e67f98cae58f99cf91044bf42b86a9c7579a400322d19bf0b30b983e46e48e4e8ad0ce2d65ade0312f3ef6d488094106

C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x86.cab

MD5 029359ebca4ba5945282e0c021b26102
SHA1 6107919f51e1b952ca600f832a6f86cbbed064b5
SHA256 c44eabf5be3b87cd845950670c27f6a1e5d92b7758ba7c39c7849b1ee1c649c0
SHA512 fa007f257f5267119b247ec4ed368e51fd73e6aea3097e2fc4e78078c063af34d161fd1bdcaf3097bb575d2614dba226a624d060009ee4f7beda697efcf42bb7

C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x86.cab

MD5 3e91448a7481a78318dce123790ee31a
SHA1 ae5fe894790624bad3e59234577e5cb009196fdf
SHA256 8c062b22dc2814d4f426827b4bf8cfd95989fd986fb3aaa23438a485ee748d6d
SHA512 f8318bd7ca4271fc328d19428e4688da898b6d7fb56cc185ad661d4a18c8169392c63515d7dd2d0b65cbd1f23892d7a0a5d3d77a4cda6230ba03b3b917e5c39a

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 d55dd0f19164f6590f3c2b2175ea076e
SHA1 e847a31ff947ab2011587b32bd10e159feb66fa4
SHA256 ebf31697329a1e22e6ab4cc3c97d140fa76366072c518477425779a9288df983
SHA512 7cffd63923efc25684d22292019390a2110149f377d02d2a1928d834c023f5f970bd6fba34b5e1c55d09a82cfa2491cd4f740d7fa65c90fec7c087ad84c241ee

C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x86.cab

MD5 b1ccaaff46fe022439f7de5eb9ec226f
SHA1 8bb7225df13e6b449d318e2649aeb45a5f24daf7
SHA256 645f8d90b07c69330a8c7c8912d70538411c9a6b2813048da8ad3c3119487f93
SHA512 2b59c07584d45705273a975a0223e4443db190675558ab89d92e1572de4843be3d0d1267818b19185e4e438a8bcfa2af5fb5ef2a119da270be4540576fd78c77

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 6a0ffec5520dd9526d53fb206e92a225
SHA1 3935892003d2c3f6e87c24309515d1668e07dda0
SHA256 13f74a30aba7102226de97797839832b44d9987ce7d23c2c711903a5709b25d4
SHA512 63267ddca50a97491d91cdced635dbbdcbb335cd92c831e32c3e1710c71ef8558d332da0496276c2630ce5f4d840f7eec99788a433a768ab543a6c0affa0d6fc

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 28d3ba5f0153356d02dfa96e21c59d60
SHA1 2185b73098c6733325b89719d08d0992e41e5d80
SHA256 4b2c282cd66821c6622f9f0f563e34a7c865db59f79c993c62347bda84427a35
SHA512 3ded31a85cdb6ba3fa1be00e051231344abe22e83387006d55e81403f7c92c78e2e3784232798d9827edbf4d6a0ad137cad2ea3ca3990fa347e0bed377a2a5e8

C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x86.cab

MD5 f6cc1c08d0f569b5f59108d39ce3508b
SHA1 e9cf7edc8c9c4b57a9badd8386a2117ec5785aab
SHA256 4114e76799af3da9db3dae51305dad70a05b757e506e4a327092d536cca7ee75
SHA512 86df72d5b15396acb504c1ac9de7ff5c0cc9c95a90fdd82daedc55baad490cc47a71cb511571d37e25dd9bc1ee9652b9723e33879bc1756a7881a8e61ebc59ed

C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x86.cab

MD5 b3d644a116c54afda42a61b0058be112
SHA1 9af7ddc29eef98810a1a2f85db0b19b2ec771437
SHA256 ca7b9c6a49e986c350147f00a6c95c5b577847b5667b75681a1ee15e3a189106
SHA512 a2d2f12b7b37bd8f5c8465dd13ad31942df11ee5ed5423deeeb178e6b594587706d2c5116258be1562caa5eca691358af3cb83b77898d1012ff521017d199165

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 eb7ec90198bca9379dfe61238e3ee3ef
SHA1 f1306037f93e46233fea7fc931b50ead1109b974
SHA256 830f7d089d575cbfc227a0db375196a7d8d5078af42884e4582660bb2a4bb767
SHA512 1400655e709aaed964be9824fee4b6c4802c107295b377e92f8fa383ab35dba4251927672d35c0c8eeaff1bd595aa41c2157de604531a2603e485bf86866f498

C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x86.cab

MD5 f778928c9eb950ef493857f76a5811ad
SHA1 ea82d97077534751297ae0848fb1672e8f21e51e
SHA256 4891e2dea9d1798f6a89308e58c61a38e612f8433301ea2376ae14c3dfcb3021
SHA512 1f382a287fc6763b8e8d66825e8256dfb7d0dead6b6a6b51dd7c4a5c86d536cc7ef4128be0ce495fe17c859018750072dc7b43e3476d1ba435f209cc4eb6d43f

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 df7aaa2082cae0042f101ebcf91e50db
SHA1 678a1b45628af7b8209a42a74f97fc71278373ec
SHA256 36a9f0b234a4b274ad23d470224dcdab49a81a7f54bea7df9f0247a33a3ebf87
SHA512 cd9d8c227a2f046df3d1abf6a11d9c0780dcf0275dfb9451ee55b527a55d322918ae148ff1a685261ae6bab5d906b58dc2584ff77f1bb19783bb97b3160f4f0f

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x86.cab

MD5 a5bead938afdc63adfecc1daf5049d7f
SHA1 b3d5bf56f6b9bf87c33009a088ba7785b6363b4e
SHA256 a1cc7603302ee53d54f4353c223d95e223706924d99b864220b13814ef93eefb
SHA512 c9244bbcfe60f347ec8785b1a41b6e243153624ea73b16db4d624239a69fa76d2df2e54039d8f4d2c495890ac17b676e390f796118b4e16d9f03683247190362

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 1867f3d1b1ecc40fd4dfb919e6886171
SHA1 8986290180ab8b0591ded70c8d9fd7f517418281
SHA256 6086fba7481b45b503e2d892ff5dad13f5fb347374919a2764371b1efef49099
SHA512 c0fd728362abe97fca294e43988a64d51fc22ab216814c34a626946a4b69ca2f40f5f6431b3e35509cc0dd9b0e219524209eff2f01907ade98289aa19ac21ef8

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 66f8bab0d42590d51e5aed1ca6dfdca6
SHA1 47ff83321ea2c4218330a3f5a3c876c6a9a35b2a
SHA256 58fad17da80f0ab474f029b87f3b02d33876d4f098a9aa4f0923af347493c457
SHA512 e5eaeb30d1f32defbdc2e4794289be97d34b38c3b896f9c99c995a33a9d6d65fe7a300acc1ff2794ac0f315e5f7c366f023241d29264ba4b5b2c7f4bc445df1c

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x86.cab

MD5 a5915ec0be93d7eebe8800ce761ee6dc
SHA1 e8bbc21c2b5f0e5801286f07e3da09dbc67c3961
SHA256 efa2e6de548401376a575e83a79de019aa38f191d63fdef3bd2b07d8cb33e3d7
SHA512 02259ff3c8478cba134a8f8408aa624b7165ced97c0aed8c9626034599dd5439f84d1af9eefc4191898b0a524e5ffafb9875ec00e740cebe97eac4c2dd0e31aa

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x86.cab

MD5 f784b8a0fd84c8ac3f218a9842d8da56
SHA1 fb7b4b0f81cd5f1c6a900c71bfd4524af9a79ece
SHA256 949068035ce57bbb3658217ec04f8de7a122c6e7857b6f8b0ca002eb573df553
SHA512 01b818aa5188cde3504e289aedca2d31a6c5aed479b18a2c78271828ae04bebcd4082051b7f4eeca8a31e8ee5adba158420ecdcb21371c735e4781ee5f661dbf

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 37ccc8c20252722143b2e0fc1111d185
SHA1 200fb044220709686b3f86b165a5e9a8df2bd018
SHA256 95c5c1cd8a611b120d9679dee736734d5577f16b55b41de8bff677b5f9bc671a
SHA512 6c11320e6676daac19db7bf182b7e82ac0cb9340629d52772a8b4007e635c6f6a811d68f7c87ca29be6d40358ffb1e90aa0c11638bd0ef9a8d91d6b57486c378

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x86.cab

MD5 fe8feb215fae59866dcd68c1604d97aa
SHA1 cedaca678d15e78aa458b965abb467e8964a1fab
SHA256 1c1e1c6f68ba556a0af09a38c32eb421c543a4848c4b42d25867c98dab3b3a50
SHA512 9955336b561e4fd3ba3da7fc086643e811048a25a7e68344d2cc5cab091980baae1c04ce41328b59c896662e2875886b78ec869852b2d1daaa46af38c894a3f2

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 13a5aad608d219f8642cb691238a0a8e
SHA1 13de21481dfb1e5f40dde426f5eec9cc4b4a7471
SHA256 f19333bf7528ed3ba989e5275f57d2b606689aeb748efdcdca218753044415fe
SHA512 3d85dc688663ecffcf98cb4fe5c6f158a76d3eed82727ff0421bb4b715f32589f699be70cd857b311870312f888cb57a6e7149d9ebd5319fc0a5280bed58b38f

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 470705fd47fb6cc7fccd65e4cb8382f6
SHA1 d2966f90572a01b49ab314aea0beebd2395c5765
SHA256 35b2248915becaea7f1fea2fdde13aa5d71d6e762a7eed1d275f88f8b34449b5
SHA512 76486623db3452fa6ca37f1f5e8cfb718c58e15c9a93fa21f34730d49f021fc818d08fe363a5e0e546cd55ed1e6d7cf488d91fe7d97b040fa3769a8c24ab6adb

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x86.cab

MD5 19383cbada5df3662303271cc9882314
SHA1 123c97c33f7ef2ba345b220450f181d440412e6b
SHA256 8ec971c91040618338ac2369188f3e5d7c85a5b1e3b9fc8e752dd845d295cdba
SHA512 a4c6acc9ff656e05d75ae0081c65c200b584209c99fd001494c4d206f2ce8a78d2dd3644e51018574928f3b9e9373bf7ec8c5147a3590b54d1c6d50e61342853

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x86.cab

MD5 3ed592e6cdae66b1c0671d9ec417a738
SHA1 9f083ffe00a8e5eabf282130cd16044b488b6e0d
SHA256 4914d2b5c3251b00c0cc236f51afe469728d92b50c953c66d213f079ac928eac
SHA512 0144dd9a83f953eabaaff3c41f17a363100c9a2ccd932321a4afe990d8fcb5a430e842de9146c983409b6366cd974e318a535e6475b10839a6679844cb7d23b7

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 2b821c74d2e062c62994d7c95b079ddd
SHA1 63187467c9079b80cc4a052ef2d163e6884642d7
SHA256 8e781f69d16f7836dfadd36f83c68c601580bec6de797d4ee64a48737d31e5ae
SHA512 f8cc702053f37298302fe5829e55ac9186de318a873451cb80a5455c1eaa98798bb8a76b43fb2a5740addfd51957f25e87f33386b364dc5125cc36c43df01083

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 ca0f547f93a1ecf1d4649534ed5066c0
SHA1 cfe67c10e709ab816b75d9542a687744957683d8
SHA256 d3a15b921d27ceb8d84477506f951082fbbd796e0fde794aedf2211628cfa955
SHA512 061605059d113145b39cf72dc810f42de9b28dd28c4f3e904937a43b8d584e570501563973a37ed5137c9ad810c30d162de2850b15a61bbc3127854c4347e13d

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x86.cab

MD5 ddc4af0d53b477e5af77942e7118b66e
SHA1 81ad8201dcf653a6e977c4506a274d0bac12643c
SHA256 9536166ee7cc1100cfe24e01532e8e4deed6baa838b4c025581f2ca046a25915
SHA512 1e082d7e7855bc0af6ec09d4a69fd4a1b0a3a31e4de8faa52fa0bdcd601c501ada6216dddb83058f37ab4a371068e0f344bdf42f2551943be19bd719d99ba93c

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x86.cab

MD5 c5e127067ee6cacdd2f8962e6005542e
SHA1 22c571e4da75a6e5dfe02e3e3587f40c2939c745
SHA256 f52cc1304b533083b3fc5553c49433c0e4e46d66d567b9de0b558ca518db1544
SHA512 e70df11af8cb5d51c3111b8327371ea40292580f06d7d265f2449b89a4941c4740bde904367fbcb4158512939bbd7c7a3dc20d3642475789fc075a2ae8e27860

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 a84f2239c4f5d1179ffc05a09a6945b6
SHA1 ea6ab540ad81b6e30cd349d1884d53a96b3789cd
SHA256 5d455aec145c442f759e0b4464ba5eb8b10b2df1cc4801d0ec134c77a2a9295c
SHA512 9be16704682e7eb84b3a666c04900a55c32d6cbdec87363993d8702954dae97539f338108724247ae6095289269ddc25f4dab8501f51d751600ec86249a5214c

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x86.cab

MD5 3d9a0c59156d03da0f19c2440e695637
SHA1 55b050991cb17410c75adc3913066baedb482ed0
SHA256 bdf7fb01c02783a4f8c9f5e7911f5cae3e2a7cbc425b90b36f9ea6eef2c27de3
SHA512 e9a662498c43865e917f0778b772d6964517e41289cbf5a0b8a4e44d8c4b4e9a5049c76f2ecbe4acc7e9cfcc3f1d87a75c3f8703e66804ce758969814ba14fda

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 cfea96998303761e9a9b20a726ffa079
SHA1 0995eb14bfd245b795d1157ad539c8c511ebd506
SHA256 5f31262fbc7876338e63845e7dbbac366dbd1e2d9efdd062f07dba4c1f225239
SHA512 e04010f1a06620ef8783bdd041446a9462c008457302795602730df8fc4cdb1f1c113fb8218c85822a3c2aeacebc27d49bc93b266419f55c42a190ecd230d943

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x86.cab

MD5 8ed75e3205c2b989ff2b5a7d2f0ba2df
SHA1 88846203588464c0ba19907c126c72f7d683b793
SHA256 91a50d9efcdfbcdf22a91d6fbb0f50d3c2aa75f926d05cc166020bf7aaf30e28
SHA512 d0cf0e3aad9c8c43a927d1bbbd253b9fe4c97b638ad9a56f671ebeda68fc9bc17cc980d93095fbb248dd61dc11b7e46c22d72cee848b150f7a13ead9e08a7891

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 1eed8e201bb4daee24328f2166ef217d
SHA1 d292bf2c78ca085a51e5278a216af4baa71ab712
SHA256 696b358cad689b95026aedf733f462fdf565e21bb41b23652fba21216ed78d43
SHA512 a1a5a8a0a484c5f80a9b1c5ec6ffe7fc3218c84a66915ee4efd4c06018dbf17f1f4ce1b8c36336c95df20259387be3f5a1f0c3ef6efae1062728b09f877a8288

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x86.cab

MD5 8234b9b90bcbb5077e1b5faa0b66d1a9
SHA1 e9207c572fdec592b7c17a7f9c6f875c8a55b1f0
SHA256 6a2727269e6cac7c4d2e316333d29bac0dc1cd7f51c36c0c08b0388203dedad2
SHA512 74c94a6e092d7c828fc1e3faee4b21917afc3cacec04f260754190d0533f93a58289763ac620e5a577f7865902023b30548cda4d9e968c90ee13050ad6d1e8c5

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 4d51275c98cd0919a5dc0c6c2bf87f24
SHA1 f25979d34dd00dab6a8702e68234823de685e56f
SHA256 cb58110c6d731f63ec93d03536358ad0b4ad2d65a8cab2e9f7a62266cb5a1ddc
SHA512 0e78f62e800e62081c922f5d2c786bd02f7f0875a08a26b86e4810c116eb411909dc271ad0732b44f6acc0bd06b56b745e635a32bf1c4d1266a97133d557b4e0

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x86.cab

MD5 e2fb2e37c342983493c776bd81943978
SHA1 2a8f3c45cf979966d4d4d42a4d34f05c72c7e29e
SHA256 57e57a6348e55aaaca6bed5e27bbdd0a4bd0dde69c77f4d26c805be6384be927
SHA512 2d297f607c5a098a3d2b19e7f88aa12f720af3c23fe6ddce7d4659a9184d1cf8f8a76f35b8acb639b48cdad8998c919215a03b89207e2bb1829ea3d8a9efb95a

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 6460e2c4de84713242c3154059b4e12c
SHA1 bf58b021238b18f37dc6d18384db94534f9edf6a
SHA256 57bc21b86044daf245e01b6e546994ae1ae05a5d7f9c4bf4f82f6f3435935514
SHA512 073b7cf4c06c2d7b54cfd6f6b43d32370f58d60aed48a2fad4a611540187702c3eac88a865f8afc0cda8cf3dccee4156fc38075145fbd4ccc7997e3685a941c9

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x86.cab

MD5 b0e2b612daf28b145b197a4db0a9b721
SHA1 f69266e4af3d2de31a2a2e416f10b0f44737739a
SHA256 e8dc1063c9434eed8d633741b19cdfa1889581041e2214b87b5159e3ea087f3c
SHA512 6e31f18cb75ce69d291d0abd15edadf02c0693033351dfb2f435312a47540aa223c8176209725c14a05fa6494153a3e191b2fb7cb8c5cee11fb42371ce67392b

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x86.cab

MD5 4379902c4180a9a6bf40b847372cec5a
SHA1 c7fc8184d5620154b9bfd6fbc8820a78c4eee592
SHA256 61e703e8d231412f135b4aba629122d9cb69ac9ee39fa3cbbe6b95de05097a8b
SHA512 9269f49a5ca90143c50b817e9f5aec0fc4c32ba1b6d3a21cc5448cad21a16a902540c8cfc1825b124ce39e0bdc479ade4354b6be15b2067e3033e04998e0710a

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x86.cab

MD5 5380053ac4c344bd38604022476b1c1d
SHA1 043dc8f49bca3bf0bd85e858f5c2eedf68565c0d
SHA256 84800c55f773d5d6913e344e41baba58cf07cec2e6c7114ca3bf48e8f355419f
SHA512 f3ce2def6e2e8a1d2c07f627e3c437a1bba0b2e456020a84121346472be3d28e0fc69623bd408f35a2c639c83dd2787f998dedfe42b7625dc71500824b035fec

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x86.cab

MD5 75556d89fdd442967a23993c9111d997
SHA1 003de53653c0cc84f8c3d617d1f76fb475f1a7cb
SHA256 863ac3438f57158d4f53900c6924bfdc132ab43a5af57d4658e65842836b4fa1
SHA512 6086114500dbbf4db9d0a9c3f72732995bb9a3ab5c135ead53143749b95651b37b64be7a52ca09388de90216fd00486fdfcfbc87d42d77fac469f82b5290e06d

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x86.cab

MD5 8dcd23da94ba5fd40d23ee3eed9f11e5
SHA1 e5839a736953558410fb1db0dcd6cefd10f622d5
SHA256 8783b023a44cf02354f9991f0fbfaa881fce6fd3fa7b8add7cafa4f93a375f91
SHA512 eebdaa5806ef4b684e4b550d7f492318b70cdda08598c7c30fa4261041953b0c0f73e23b6f06b0c902fb4c08cce5f2a0c309eda618916208a06ae3cd4d299c7e

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x86.cab

MD5 901567428d8c82756d7bf5a406441bd7
SHA1 6e3c22147f3da77ac8f20d615ca32b5ef2a0ed28
SHA256 32356344aeddf709c9d5302d8f3fcc1ff1be2e82d8d17833a2086400af248794
SHA512 6fd4c429e32480bdff4e58ba8bc0d28fe97c9ff5ef1fabbb856230efa669246a354f99b723e7483d548b74c121ac8ba9cba2b5bc3c18f35ee828302d392cf6ed

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x86.cab

MD5 d41e883e321f0a7bd44cfc2a7e4a1ba7
SHA1 70d34459dec62a886722f40a90f33ced285ef333
SHA256 6256e2fb0ff4f38668965570c9a42d2b41de5efb4d6b4b28dd37130946be70ff
SHA512 73a0e8e72b7df78ecca2065ee9ecf08285eefa39977cc5e5473406e778b8f93734c8158ee73df3962454bbb017d110051446a3c5b43d9059dbe15dadb0e0c561

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x86.cab

MD5 9bc8213933598d050827d20a4573486c
SHA1 e6f9ba62756a00c53746419dea221881aeb336cf
SHA256 9c96b6fc4df5c0efca9f0d653976772b2b964243214f99066e4ca4aa6df791dd
SHA512 a1920d042963cdda41df44044de5b94b4cee6efa102f633214e384918d93d2d6a31eb388bdbd00c7e9c199281e3b71caa5242e9a42e7f0be27edf90a3cf6890c

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x86.cab

MD5 f264af5a36b889b4f17eb4d4f9680b4f
SHA1 1df087ea99d321ec96d0d2f1c66bee94883d6f08
SHA256 bb46189eb8cb7769eb7be00cfbc35902072fa9408313ef53f423e5ae5c728f61
SHA512 73ae1cf3cafba148f4e5b4d8ac12a7aa41f6ecac86c139c6a7714f90f3dc61c444dc152a3ad3c2ca800c1a1f4955a2b508735f8490666b57d1420fb7a7bfc269

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x86.cab

MD5 dd47f1e6dc19405f467dd41924267ad0
SHA1 85636ee0c4af61c44d0b4634d8a25476cf203ae9
SHA256 39ff69ba9161d376c035d31023d2fdeecb9148a2439abe3afd8f608f7e05e09b
SHA512 f77c4cef5cb7e927948f75c23a190e73d6c75b4f55915859046533a10aa3c5abac77d8bef71a79368c499c85009213e542094b85b94b69e62aa66b60616777c3

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dcsx_42_x86.cab

MD5 73ba11ce0e936726fc9fcb882f8b91ea
SHA1 4a4babe3ac751e60ae6b5b0d69c93fa53d7fcd21
SHA256 a9a704b73531d6bf59a421ab5c046c19a16d2b0b07f09816dbe9da4550a24b17
SHA512 9a198eb93d5623651d2981a277eab4c345c08161254d0127d90c97344450ac1a7fd5c8ac840048a43a347e3296b286b646ea0fba88f0c7bce1ceed1484112d56

C:\Windows\SysWOW64\directx\websetup\Aug2009_D3DCompiler_42_x86.cab

MD5 87bdae64fd47a75f867a290ec7b8a4b7
SHA1 dd9e69e1815e8bc161e8eb89a0f2a296074bb95d
SHA256 6bd32337826f5a5141fc06391919a249e984150905c2546dc8bfc33d41a24e82
SHA512 c8f7a490722741df4e03823880c6d623ff16ab648a40c1b1c8f7bf26c92499eb34c4596bf239337cd23a57974757958ad9a30d42a4141dc0e7522f998ed3893a

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx9_43_x86.cab

MD5 bf124b64fc3774f61d30de0a405f0c6c
SHA1 2f8a8babfa4e51555fcf125e8373d9c5f7f7434a
SHA256 457c5ce48eaa0fe551b46dffc1e4dca985d261686d8d4e6bced533ee1f682fce
SHA512 935922ce74bd399e8358693562f86c9b4b6308a6e33586a5dd61924f8b6b2cfd6cb2e472fd082b9ea32c0abb9a799a0ba9103b4c316342f8072a7a3782c2116c

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx10_43_x86.cab

MD5 591a61bd06c73c70f93dac5af2d8e924
SHA1 c9d36ac5e2acac31a7413d22ed1c09c71cc96ffb
SHA256 f0bc06ceb484d97cf01526f9223df7b4357d166c4391869f2e7d514dc1fe769b
SHA512 3e2e3318a700a6ed82a21018403ca99728c8a56b7df81f99a5d705b586cee1141586dbf19a01ef1f1a72ddc8f45ddb51ba5769ae4634b02233ef1ac4e0fba5d4

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx11_43_x86.cab

MD5 061bba3836b3ffcbb01b150467bbe951
SHA1 00d8fbcd4068b3199d3d393bb4b86bf82985480d
SHA256 b80db68cd82caf8bedaee62808171b20c546a76499c3ad53014e3bd2fbd2918d
SHA512 aec8327e1ccc0b33b3e32d66a5ee25c4b70a227b708d10f61ebad2d998f3be68145fa85c50baa16a21ee766b336b1432fbec02c75d698793092015c832b6fc26

memory/3828-9189-0x00007FF841E70000-0x00007FF8422F1000-memory.dmp

memory/3828-9190-0x00007FF859430000-0x00007FF859457000-memory.dmp

memory/3828-9191-0x00007FF8594D0000-0x00007FF8594DF000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dcsx_43_x86.cab

MD5 e34c0cf1bd5a68c80bdc709a452eb322
SHA1 4dd4553ec7e2e42d51a716b1f4cb58588bcaa164
SHA256 799b517227812252481c9c9b22cf16ff185ffc20b9273612c8a37153b53aad93
SHA512 3488a52f6fd3681b10624546b923368245f969330d4909e91c5b58f159cd24b258a8a2274d62243ca5ca9f1fb40f9f248b3bd92283f775dd24baf68ecc5fd03d

memory/3828-9228-0x00007FF8593E0000-0x00007FF85940E000-memory.dmp

memory/3828-9229-0x00007FF859410000-0x00007FF85942C000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Jun2010_D3DCompiler_43_x86.cab

MD5 e7dfa140cb0ae502048ecdf1e42360e6
SHA1 4db08318f78f076fcc6ff29737b3d6d676f59c54
SHA256 293ced557ad732abd2737333df39b08216f31601d7ab65b743fe51b4efb8b6f0
SHA512 39b69a5cc4a50de72d031c41879ed7644b577a9e3e3b44bfecc61d5312c7c32c964dc2cd37db711f7e486f444ca77fe732c642f3e494e6da1bc1cf774d9ef75c

memory/3828-9269-0x00007FF841E70000-0x00007FF8422F1000-memory.dmp

memory/3828-9275-0x00007FF855EC0000-0x00007FF855EF5000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9d4b0df11b894c0a933c19d6d1fc0a01
SHA1 a2296406499fdca810e4bd19931d60779560f3f1
SHA256 39475947524dc2ef6765306a7aef747e22b3cef11b36e8602b6e8afabd4c7eb1
SHA512 8278aa08467862b88ad17c44daeb6e24001aeffbebf2a7546f47050b59501cf6c3a2597f00faef70b34e4d2a1f2ece8c261a541ac41f20ba6a1e8064eb2ce103

memory/3828-9286-0x00007FF8560E0000-0x00007FF8560FA000-memory.dmp

memory/3828-9294-0x00007FF8594C0000-0x00007FF8594CE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5cb1f92a-1b39-4478-bdc5-d6a42191e32b.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

memory/3828-9304-0x00007FF841E70000-0x00007FF8422F1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3d4c2c0051fbd50f55c5bd1876a42a45
SHA1 afd970b36d3669d728331702f5742df2a81fc6b8
SHA256 2d3eb15c03fd7db452d0ff0464da88afcc5dc75c5d026ba7722ffaa374376b57
SHA512 ce6b9fa367beb8a6ddeda4672ba4a1fb20120eacb449d164a25f9362742f4aacb9647f39e1776fa10bd769b484a611016b8c62ab29ee3b5616bf11d67ba84f65

memory/3828-9307-0x00007FF855CE0000-0x00007FF855D0B000-memory.dmp

memory/3828-9308-0x00007FF855C70000-0x00007FF855CA1000-memory.dmp

memory/3828-9309-0x00007FF8413C0000-0x00007FF841463000-memory.dmp

memory/3828-9325-0x00007FF851CC0000-0x00007FF851CED000-memory.dmp

memory/3828-9326-0x00007FF83C630000-0x00007FF83C99F000-memory.dmp

memory/3828-9341-0x00007FF83CBE0000-0x00007FF83CC96000-memory.dmp

memory/3828-9343-0x00007FF856000000-0x00007FF856017000-memory.dmp

memory/3828-9342-0x00007FF83CB00000-0x00007FF83CBDF000-memory.dmp

memory/3828-9344-0x00007FF855E90000-0x00007FF855E9D000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x64.cab

MD5 dca673a8f9f834f9370862d1c97fd9e7
SHA1 1a0cf0fdda2c9e8abdf5cc19fcdbeaf1bc1639e7
SHA256 be3de63f136a2b41d3229e477ce2cd7f67ded031b4b370e640c39b80368238cf
SHA512 255270bdbc1dcd6a3213d8f0da2e48c6445b0141c5148edd1dabc9ca4643667651694b68013412a4f2ec90ccd60a757f64a9a76e2576c4fcb056dde726a6f67b

memory/3828-9382-0x00007FF83C9E0000-0x00007FF83CAF8000-memory.dmp

memory/3828-9383-0x00007FF83C170000-0x00007FF83C204000-memory.dmp

memory/3828-9384-0x00007FF855BC0000-0x00007FF855BDC000-memory.dmp

memory/3828-9385-0x00007FF855C60000-0x00007FF855C6C000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x64.cab

MD5 e961a77647e7fc2597a68ff572f730e1
SHA1 976d1cde1ec28a4992e1cbc345637447115f14c8
SHA256 a239e99d02fbfc9d30d5b705aa743fc070386faea1a66b3d67099ab446568a12
SHA512 cf72ae18e99942d959bce58678f544a10c98802d919adc30737389d6cc0d492f8d7902e0e2cd04501fe6429b96c782649658d2d35c879a202c23e88570a15b94

memory/3828-9422-0x00007FF8560E0000-0x00007FF8560FA000-memory.dmp

memory/3828-9445-0x00007FF8413C0000-0x00007FF841463000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x64.cab

MD5 05103e47f259fa22d27c871e4cdee7d9
SHA1 502fa5d15fe56dcf64431bb7437e723137284899
SHA256 794e23d8b08f88bb0d339825b3628c24cd0297195657f9871ee6324786fada36
SHA512 180e0abbd97b6781c6639c6ab2a2355400b8e32784a8469c3cbedea23b121cac5ba17f6aa509610d0a1e5830735455690f574054d6224a6a5d2ae70edb601835

memory/3828-9485-0x00007FF83C630000-0x00007FF83C99F000-memory.dmp

memory/3828-9484-0x00007FF851CC0000-0x00007FF851CED000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x64.cab

MD5 bbd794a74f31014f2d6ac7ef6c67da36
SHA1 d71500024600292c3273cc441daf35fb7b56ee92
SHA256 865968b129605d3cf906d2baf209a4b17cb9e1eca2f45bde40759cfcdf012d03
SHA512 6444b89dc11e8c821bc0dbaead5102fe14fe635070cecf3eb825f40a10f1f94969961d0fbd44c361542c4073253c9dfc8749ac55dd857fa35b7cf86ffcc8b636

C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x64.cab

MD5 d964ed45ff274da2c8f48e2cbd00aa9f
SHA1 5c2e5607065238fb24a0b65ddfc904406615e2a9
SHA256 daf10a54089755f9a8aceff0c7695f1aa42d35e3179da5b9bb91e409036ae547
SHA512 a74e2dd4bfb037e5f5a1deaa86f9c4a354f023b62e1f2075509fb707eee1725b1136441d1059bd3929af1a44f6372dabef9cd15d386a77b2b22a532b74cf16aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d24beb68592210bf8629dc9be37792b
SHA1 5ef043ac79ceb8401df9013b23f758750533de6e
SHA256 0b78441a8ae7c1ad3457f93dc384979463c7ea772d21686d0fd67296dabf1b87
SHA512 53eb77e46a59b746674dd3c9c1a8d42521438cba30a60cb7a5867f68650540406a9e212eb9e6c4294e9d74e3fbe95385efbffd3c7d7f4661f43827eecf6f5099

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c85466807a236c06fcc7d720eedb97ad
SHA1 4295c0d34b4280356b80c15d0caa1afeced98cae
SHA256 62b85c50bcdbdfe190da8e14637e3b0504b153ec382d3301c668c17d4121e6e9
SHA512 64fc4e26301d500c751efd1569cd6afde8505a6fcecccfe978d170559fd42c6db73ff805abbfba2f95caf1f08c2b095ee0337ba134e5cb88e7f08cdbe17ca426

C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x64.cab

MD5 33618039dac4e97c813e5bc1a499e6c6
SHA1 c792b9d0134df698476c2fa4179de6bce8aa583b
SHA256 a5ffaf9d58da5d79402c4dc93e79960f971d2701d4651bb33d18925af641f11d
SHA512 35b490903721ca5faef73815d4f9c6f52efab1fe82a4fdbd7566a1b028525afd29a72dc68d4b7d219cfa5cb33fec241d6b2784f15f9795d368dc356b3df30b5d

C:\Windows\SysWOW64\directx\websetup\Feb2006_xact_x86.cab

MD5 fec720c0c15c43569ea9fab7ceafea95
SHA1 c65235b40865725a00675f1bc013ba8b77307669
SHA256 6456fc26622f3a72b9449ed0e61874cf1adba23cccbfcda1324f033fe0788fda
SHA512 8edee940930e3c610e709e2c6348abab479628bfac71a0c507f46af8d80f1f0c6e31c7c44af5f884668ce472b281ff18cb44a97ab68232d455b7bc8f89a75268

memory/3828-9671-0x00007FF83C9E0000-0x00007FF83CAF8000-memory.dmp

memory/3828-9672-0x00007FF83C170000-0x00007FF83C204000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfa7b9a9ca9060f5a8727114cc362494
SHA1 5f8de304e90d6a97a4e5ac2af52c733814090218
SHA256 7e95157a66738012fa34d5e6a5efcbe5108bf377b5331fc6695be350e7be1b0c
SHA512 44acd755398bc974c29ea9838cc24819120fe8c6831b9359a450c45322d250aea04762fbfd57b6da83aea3793922682b192f87de83f723bec20f878f6b06d4f7

C:\Windows\SysWOW64\directx\websetup\Feb2006_xact_x64.cab

MD5 582102046d298e7b439c819895f6061d
SHA1 09900f44668350118589f18c693b131d7c1f9238
SHA256 c91a6380c65853e41e2f9593b954f3b5af49bcc894476d8eb78cd9f8b6dd7da4
SHA512 8aabbcbc88489ff8828d532be5c1bc0d33d7960f41c7b38348aae73ba4777999f4358466d061ddd8291dbd434e7741ee2c3215a10f8287be36209e0842c4eb2d

C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x64.cab

MD5 f04c50992691eb782c3e4e86fd4a46ec
SHA1 c599bc2568e09eb05d1466c8154d675a6ed6d050
SHA256 4c229b0fbdca1747ab09a2dcea8d34f3727d1030e6d16a82e9ce9590aedd4f1d
SHA512 1058c017503244f590b0d74fcefee696507a9156d0dff76e7242d2aa6b135ee7bf302a2afd796353cf4f848834b22f47a3b2f5d2c25d65521e612d2b72bca400

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c38d68d7ffc8937f8bfc752c97b64d88
SHA1 6840b5db796c88c6da6f76ba09ea996b49ba2e26
SHA256 ed34b13af36f60036cc7b4d750493c232cdb98eddb2367dd9c845cc332d9da90
SHA512 1a9a699a6a2855d0e45ca87109780d3f2480a227177ff8b2f94d762f4775e813a43e1ee9ad3b8bb44378aa339aa55172b3b173b9bdef8a71e3e86d67b16a81ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbf2b37f5f4c3c8c08c27812d951527c
SHA1 df767fce08b1e15298a2a1bf597285e0d4350d3a
SHA256 cd956811b1a00f8b1aa64aa37c05818edda33c17e2b775469edf46ab686c3133
SHA512 92ebcbc20df97b8b7d96d180bace69dbe95849e11f53cd1b73e9609da7d81f5a15f175cc746a3208dc7bd7449be90770b8468a0f4a0b8e16fa23e30c7b3bfba7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7fa7709cb4be22da37a8e4d8643b04e6
SHA1 545e57e81fc14193995eb75b8ae3b9f4cceabf6e
SHA256 b8a3a31cb57212802f6ccaa54f2930253062080b1f3c7b5faae28960afdf515f
SHA512 8acca54e7b06d7db26032fbf227a4e0df232bf3cac041ed091704daf1308a93f880e833b17c773e8adb379eb0072b15f7985028e28032f3a6b1658a8eb7a8839

C:\Windows\SysWOW64\directx\websetup\Apr2006_xact_x86.cab

MD5 a2132a62f9ab0bddc3207166dc014581
SHA1 53b19ac3e6c6752011ba641ee3c409ed10c95dd9
SHA256 52c71c89ccc22fed3d7c985a22c464451af34b63b3a26a3799bc25d881221ebc
SHA512 76fabd7f440b6f9b409b0b2635ead4ef332563a9bed738a722a7c6b9a077094154bf735caf02c67191b08ab0a19fc03e05ef3d984f6e34dcf3bd587a05d2f424

C:\Windows\SysWOW64\directx\websetup\Apr2006_xact_x64.cab

MD5 6ca70cdb3fa575506ba4035e9a50d8e4
SHA1 a2a20f5f95a1ab293a188a55bf593a82ea0dcb7f
SHA256 f82b2043b470bf0e711c3d05d758a379920340212437917b5d98af0c14e7bfe0
SHA512 a453ced526332ace37861a0a862fff3710ef74ed57965f28dd279f526a2f33c390e82fd2c49bee75476e5b4c349c40a71eee49edac720236a16780dfd700fe62

C:\Windows\SysWOW64\directx\websetup\Jun2006_xact_x86.cab

MD5 cfcca19d60ec3d822ed5ec8bbadec941
SHA1 ab0e87182877991810af48f1478906c1e671829e
SHA256 23495764aba10ff35cf9d23aeeffdf38716219d8a155ae29162f01f7fe6a30cf
SHA512 2acaea2de2d77bbe8206e8309d48a4cba432d72fb9bde2576bce7a31ee29fdcb0d44c2b996e8dc21a31bcdb03c806e11ad53b74d9c4c972436d5202825900c01

C:\Windows\SysWOW64\directx\websetup\Jun2006_xact_x64.cab

MD5 d404cced69740a65a3051766a37d0885
SHA1 288818f41da8ab694c846961294ee03d52aea90d
SHA256 5163afa067fe2f076ab428dd368ba0a2cf6470457ba528a35e97be40737a03c0
SHA512 87998e67b359c2a0d4f05dc102f6c4db4f260903385b7558a2c1a71436001d5b18f42b984e6b279a8197243593c385d41f51de630fa31c5ca5140f6970f87657

memory/3828-10016-0x00007FF83C240000-0x00007FF83C51B000-memory.dmp

memory/3828-10019-0x000000006DA40000-0x000000006F83B000-memory.dmp

memory/3828-10021-0x00007FF853B30000-0x00007FF853B3D000-memory.dmp

memory/3828-10020-0x00007FF8512F0000-0x00007FF851313000-memory.dmp

memory/3828-10023-0x00007FF8423B0000-0x00007FF8423D4000-memory.dmp

memory/3828-10022-0x00007FF850AC0000-0x00007FF850AEE000-memory.dmp

C:\Windows\SysWOW64\directx\websetup\Aug2006_xact_x86.cab

MD5 e16f0875713956a6f9cd8c5acad36e51
SHA1 984b821eaef3b549ce0b12f72a405a93e51a9dfe
SHA256 31b16f93be7f5f9bb78e9ece6da96565d50a0bc1f66b206b7a21c601a308dc53
SHA512 dd626d5552eaf0c1dbd32bc4dd84811bace74c6350eddac692d3c3e8c393f4a19c26e8f2932f54a14648448912e6b87c796c6eeb6da9b2c55ec4565983b76189

C:\Windows\SysWOW64\directx\websetup\Aug2006_xact_x64.cab

MD5 4ba26f9dccaebd7be849a076ec82d6ff
SHA1 42fb0d0089d8bc92735820f475968f59af4e4365
SHA256 13e7eb934a7596e7c3b7d8a0962e68da841d9c73d154825dc982ff6d05cff221
SHA512 4e4fd8a31ac3c2f8cc66d434103c0097ab3fbe2c2e8140aae2f95fc4ac1927aae9cdce8730dd7c4dad785d9a653d90b0f914b258bb5695c68ca93f605ac82dd4

C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x64.cab

MD5 edba7bc2a22f3186420c271b7291dca3
SHA1 65483db4269be348528fd205239b811d775421ca
SHA256 4f5cffa56fd44f7775f12fc511a1e3f030c05ac78484f6866b12b82979067c22
SHA512 90a9fdad3d7f933da8c3731e42d262034907d8088b85d7100be46c57def02b436c31eb9ff144b9d67fd931f92a1677ec0cd762d9aaf066bb026f139499ba3a66

C:\Windows\SysWOW64\directx\websetup\Oct2006_xact_x86.cab

MD5 4fd2b859952c008de0542053b15bf0d1
SHA1 0800cec84b51fc6362c871fab87a09db5c4ad6d4
SHA256 f6b6ebc9c239c5263aafaa63fd691da5aa715e9c794d5fd663e86559d5c6ae56
SHA512 d656c3bfe4593ea9084a5d09f0173c8f6b7d6229fc7e3f6757ac03089cfa94a7337bbef0456785b79d777b976f5a8259056d2ddcfe0f74d78c304a02bcee0ad8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8e3a1f852393dc66169f0763d5d1b1c6
SHA1 c375f7723f3a0f61ff13467f67be089dd804f443
SHA256 f2ea8bc846cceff50370d0cf14eb0249385176800823a48a7b8adeb338d943f4
SHA512 7210aa6eef29f840bd399693eb58febf4090ff849e9715a7925bea448bb17a4c0fe17e67d83cff4b9b341f6184c9de39e8f9d46c77d774aaff07c0058ccf2664

C:\Windows\SysWOW64\directx\websetup\Oct2006_xact_x64.cab

MD5 cc568d26b5b4cda021d528cf75b21699
SHA1 dd47a33950c9e3a88defcaa7ea331fb1f1bbab97
SHA256 662d4e5d005cdba02fabb0d7a68a7b48ecafdebe21718d892833d5c482e5add7
SHA512 24b53bbd82dec594d9909352d1f2afe69b6f082db99aab3385826c4e8d22f5c075f3c5a24c8104dbeef2d894980319af141c65d768a51936c75092a846f3c8aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7f63278a11b3300dfaa1ae37b1a0e5f7
SHA1 efd5792b11288ae3540f0cf8b67d7a43589ce11a
SHA256 37e7dae011e70766f728ceaafafe3be861b4835e51b04e9435290d69502d90c4
SHA512 77a58967a5c9f2e132ef44e7d53ff7219c95c1a49abef798c6665d9f3d50648b33ad4c84d8c7d8026d6acf8ff3eb67d2d3fd3b7ed133decca39528ae33d9f08f

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x64.cab

MD5 2290064562f2d6d197765f4edebc5bf0
SHA1 70c2e3c3eb521ba4c46c428d57166631f86512c8
SHA256 da1ce01be39f41f967282849715e8310dc1887bfeb92c4e0166d2c31f00647f7
SHA512 b25a517de79668e3abd88acde835df4a0d69e70ce0e001db31d5debcd812bce46f4ada5e07c036c7bbe88d6dfc9f6531b2198f03fc27fa46070c790b45955dec

C:\Windows\SysWOW64\directx\websetup\Dec2006_xact_x86.cab

MD5 082b7d69f96799aa2ab1a8ea1fa2ab88
SHA1 75c7032b749259977c947a5103f9a4b92c2025de
SHA256 b98e55c654b9ee6f6d040665d932bea7a1299c56cc9996eea900ac4f5649c7d3
SHA512 57c96a4c99ab9a7d33a8cc81a3b4e2ab58fe3a2fbc7f79ad688c7d0257d281c662d4ce0737f68c00d15f715bc6177d2ff9cc32a69cfb77216265fa56ff79dd8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e3a066a4c3487104f240b3f2d665a5b
SHA1 4f518b34623ab18930ed3ee65259f92a62947031
SHA256 595e6bb981d03c3eea01e05b6196d0975b7bd22c695ccdf86fabef146d90d8d1
SHA512 1747dd69534d0b6b29358a6d2d0e4a2c87873831af05bf094780b9c7ba5972492550c60d6c425ff482586ef196b03cf6b27c6bd39a2c0a8c298403d7b0d9501d

C:\Windows\SysWOW64\directx\websetup\Dec2006_xact_x64.cab

MD5 f34ffbdb67dcf84092c9d321e3343d3f
SHA1 52fafa930c3464e070e1e4692d4600b12678e9d7
SHA256 bdaf9c41f83e65de2b73aaca2002541d48c65f551cfa0578b3259d3bfca54ead
SHA512 a78d32ee71f5b4214e9b8b95fb8bdd4b629d34529fad7a494219175ce5cc129a3f5c500d426afe0de6a680977fb86abf0b77be353d8d19d6ed1a11c421c6e757

C:\Windows\SysWOW64\directx\websetup\Feb2007_xact_x86.cab

MD5 a09f7eab35816d682e7432dbb36b047d
SHA1 db67b9434abaa8e7f166956a1c8d01f536162c21
SHA256 0e3655490667ddf17150aec089889268bdd7f1e8367d2bed6f3eb68a5ff28288
SHA512 fb1cdbfb3cdd60783d1c8696ea6efb746331880c79aa74052808ca09092cf1a2336bf784104d16203740998129b718dc0ad4a632e4031e85ccf340c593f05e57

C:\Windows\SysWOW64\directx\websetup\Feb2007_xact_x64.cab

MD5 cc622a75240ca96fa8f28bd984bed5bc
SHA1 424f216c5c0e02ae654612eaeb04900c9dafbc61
SHA256 3454d5101716a5c17bcdee8632668d981f99e8558d8d05e20a33ed718ed8c2ac
SHA512 eab36cd6bc3ae6f67d89996785f9c7d51e140bfb839a866b4e4ffa7809846df861d30d1fce2e1a498e8403deca5ccbc50b8f37f4c1b4ad3cd3a63b150c49ecef

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x64.cab

MD5 f33c12f535dc4121e07938629bc6f5b2
SHA1 6b93fbe3d419670a71813e087d289b77e58e482b
SHA256 3ca2acf6b952d6438b91e540f39abcb93ee12e340ba1302f7406f01568e5cf91
SHA512 df1753ab43d5b7fde2a5eb65a77b37ba28599bc0683a4306f101c75f82b0f1a2c8ddf5741981073cc5df26e9ea38c9a495ed0fb1689d2e7fc7d6f693759c822a

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x64.cab

MD5 906318e8c444daaaea30550d5024f235
SHA1 3f3dccf0a8a1cbf6f603be1da02e1e2bf89d24fc
SHA256 1a37565c5b868b6a5c67f3e24b8af547506799444cb77c7086e7b0cec852f239
SHA512 0a7aed2f49ea3dcbca1607fc46f166a44bc9d08589db05051b422c8ad84adf322352f71333367c612f9579b4aacb4cd6b82489ddf168ad67fb4d42ab52999c88

C:\Windows\SysWOW64\directx\websetup\Apr2007_xact_x86.cab

MD5 8922189c0a46d26b2c52c65515d87180
SHA1 27830c01afb15158186a045b7224ef33793ad211
SHA256 39f970bf4cc42e9325ada84a603c6c691bf94921385a52325f402f7432ace697
SHA512 53d51caa2cf448681a709f2b9737ef75dea4e9a46e2b29e6588b13e941671643a64d3597649aa2ae0b1fe9e5d591ed00bad9ff3344ca62851e03a68279142cab

C:\Windows\SysWOW64\directx\websetup\Apr2007_xact_x64.cab

MD5 fbb6aa140d5d0aa28a7561ea15d69e72
SHA1 26804276edbb1ee23b96690b40a01bb9c723f7da
SHA256 7781f0494648989583d4ac7695b9c5310eea76b6a102e15ea0fc7376250e4584
SHA512 08d6f2ef3346229f71e9fd6904d99bcb69f0a03cbd2d428f0a3ba58836694b801446165814aee120b4c5eb7046184b08fb49248f5e1941579b9caeaf9fba1b1a

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x64.cab

MD5 8dbaa3047397ee4cfca2efffcc2dfbd1
SHA1 d88fad72d7eaf38b8469b2b8492311c39c42be04
SHA256 fe4b15931e048c97cbbc26f753093e7d41eccf174402542631284f8bdb9ee692
SHA512 1ce01bf0bd4c0d832d95b13e958da6cb69c0d3949b128fcf40ec59ecc0ad8989b27c91eac28cd98777d57dfeb811cc1077fdb87348a11b6370d806771d7e742d

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x64.cab

MD5 1ab35d11274d1adbd316b19c44b9ae41
SHA1 14165ec367ce179588c8a5806fc968fdb49b4aca
SHA256 02ed1b5a850edb52ec174de177e91842edc7c5f4c06ceda5b16f3427dbcd4c99
SHA512 71c8fac7c95211d323c4fb6a02916e7d43ee399bbe0f1d983b5ac210f5039b23355f40b36f023f3c36e19787e2871a60cc389e51d6327652cd84d9e3b93d5a4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b764ac6ac5ae9b544c9efa472804184d
SHA1 10dcca5c174957687bff636434db8d75eb33ed6b
SHA256 42cd03ce985897d71cccc93a34fba5184ed45f6c686741d1be8f4217160d64dc
SHA512 b9137043e6559ecd6e495d33d6fc92d9c45b93883f362258a771d4cfc3365beca6d9c9a263e7ea82a1061b1b245f8289c27f468ace3c836be40d45bda41c571b

C:\Windows\SysWOW64\directx\websetup\Jun2007_xact_x86.cab

MD5 001cff513a31ee082133e7ba3b0d71a2
SHA1 4517610a25239a16c26ca9890e1f0e52dda3781a
SHA256 245b0c554cbe2677939a70e5c4c6666b1b43d10d47980223f8cdeadb2d0eb76b
SHA512 7119f6ca16fe6d968310f34828f30d8144531b89583cfd529056d2e31d5164fc65136fa9015b69849f724ec641a9291ac644c91cc3fa8ebdd4daf9cf5a665a7f

C:\Users\Admin\Downloads\a13d4c15-58dc-4039-b9e7-4b0ecf2b30ae.tmp

MD5 7be6c5770b69247918371eaa07c03d48
SHA1 bd2086b2b03578458b925c68b3721b0a7bd08d56
SHA256 26a48ffd8f2d7e828a1c783e07791861ce56c31104b225183f7a1ec147438350
SHA512 9fe447fd28581bf7cb66caf137c10a0337d6e23d5f0435532ffb7c1eb1f16ab9160331f2a8be62017a92caa3ef5218d867bac714dba20e864f5a4672650dd07e

C:\Windows\SysWOW64\directx\websetup\Jun2007_xact_x64.cab

MD5 6f86cd722a5c33706092c45e8776a727
SHA1 5d46ea8c7680466002ea8ad2ad05f6b55fbc7395
SHA256 45de3825d6cd5c4df5119559cd85cd77d3495ada2fe688f633b4e980cf178dfc
SHA512 fea44ed9393921a0390ec3a0ea842ecfffe196eea2c3bee9080d6ffaa678455ee9f65624742ebceb6c60944a60f25abb0a97c9912565baa968a887b203ffdbee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e0b9c14150bc89be58dd7ba03facccc7
SHA1 99343d0b39b03fc2b26c0472e4d41fb1c37a88e8
SHA256 a083d2f1cc3b112aaff15e2ea6a60c4f0b826d4b5e69bca0a8b4308f0b681f91
SHA512 5abc2fdc27e7dabd9e8c50053038f25171b1d567a4d28414cdaa6c2f6937a95b507b2e873ce90b928a2c4067b84b003a9f26e3872f92f1ebfd7cb5de7c63d34e

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x64.cab

MD5 86d444318c3ec40e39a6352f49a51ac2
SHA1 8e89049423ecd431162369581ac81d893e4bb24c
SHA256 3d2cc646f166400fd4f8350415597ba4f7d4b6f503d2c4d38a883cc827fb6bff
SHA512 80a590fef548e4c6465ee01c90c113230cfaf357bbec697f038c27478bca857cf6aeeac5f697c8a405cc26df62dde3d0300e712a6e51ea4b9e1c36e359d2b6d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dfc35f61e2c68d79ccfb43831d205bf4
SHA1 871509e68aebda7822577b27d39f7a20f6e0b30b
SHA256 9baeda049787c0c79a9a17f540bae56513b3bc7b3c24d5e0c2f8241a87dedc81
SHA512 6a173e705452a542912fa311f7142526370f9b55e21a1baea4a8092dd1d5a87226db6b0893b8a44b6a5580e5528263a756b3d29f0e0e54b3111cf01255077f4b

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x64.cab

MD5 8f715d741b7401547a263fd4af02e7ba
SHA1 39c031174008a0e7bd603a5670f578c0cc6443dd
SHA256 c97275f60e2f25732b3b264b8bdf9cfdaa39d6e5b189c08fab5cd7a04fae9bf7
SHA512 27cdb534361c1f6205585e1baabd83b03f6715d29afb61351f660bed1ccd1ef035c6541ad7e4c551bfdd2aa8fe77a903d23eb27618ed369c37a369d373467c8c

C:\Windows\SysWOW64\directx\websetup\Aug2007_xact_x86.cab

MD5 12fb614027a3f3ca6b510bdbbc3cac81
SHA1 aeb8241e273e12d984f3551b2e9ef978153a6ff8
SHA256 c35652b18c6a2d108812f415ddd435ce0eef5489e37142300ba67d66986ef43c
SHA512 f983f518ac3573a6425ffa0ca049ecbc9d4b857bc473767ce2c67fe4118731ecf902ae739b4d817288bf6cccaf5d9e90ed035bbe23fdf7026d16b80c08c441b8

C:\Windows\SysWOW64\directx\websetup\Aug2007_xact_x64.cab

MD5 527e5861d4999e7b410f5bda36cd6d7f
SHA1 403303e3c349a283c275c673261b600b3589095e
SHA256 e8ef9c88a6b958916c1959d1c6c7f1666d22e0f70ce8a8c83183f49ed71f6287
SHA512 38b1d719a477990eb5033cf870b070103d13fedac7bd99e61d54e7afe27d3a1c73a250981524c9fe9a29722efe01a033531ddc97fd3e550d4ba5df28903c5bf9

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x64.cab

MD5 a24b26f20ffd17ff3725a6dac823749d
SHA1 e0a9f241a083a58bd62046b0fe50afe73561c901
SHA256 23ad953d03c9da720002834eddabe71bd649dc9cd31abc7a09a8e77a948414c5
SHA512 5fdc1571574ae2ba50bcaa90e2cfe2dfb30a66574b6dad682c5b1b68c0ce1c8378ca8a766485968ad20432672b42a030a6edf6275b3f78daef055c45f37d0d3b

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x64.cab

MD5 9ad15681fa177c198ed2c1780f92262d
SHA1 5391c59fc75cdb5426f71e09b67384b2b9fea98f
SHA256 bee9bec21771bc5365847be692e785ea619d625df629981a167429df6f0cc9cc
SHA512 eca7104fa4e306326a92c1967d339d32b9e9ba1e42965fca820847f9f9b085d1ed30867db10129766f9dcc9b6320d4bd43f05103317e53b79f1355d1f1d69f05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 854d4c2c90c2158676013a4798e79dd2
SHA1 8cb87ebf34edb6b4fb8b4ecbdea4df059cc4c919
SHA256 e17e3a0d11bce6dd622c67feafd8f8735850f6ecbaef84aad3a7a024265b6256
SHA512 b8ba3b064cec1f48a5fdb280769e903c4b60bca2dd4faef1193638d87a6b0f22c4a52239b5a08fdeafac657960e9ec5922f19fe125774148d0f767dde5ac8c0e

C:\Windows\SysWOW64\directx\websetup\Nov2007_x3daudio_x86.cab

MD5 bb6131295182fe609e802e39f7b3af9f
SHA1 925dc4dbd64492f4d013063ed6562427269668dd
SHA256 90f472ed8b0beeea5db1b462da44577160337c767b27ce70ed58d68d0a03e7a8
SHA512 0b61e722b2ccbcf8de5d56244d9bcadf5d97c43da0ef01363f1f0d79f686b70c74d3ea5d6482ee28d2620c647cd690f5fd807e2f5b4328044aea5bdb6372d04d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 522f682d5981759accce24872d226c52
SHA1 8766665bc214c06b23adf33b3c36e569888224be
SHA256 d71140f3c99816657b2f94b9eabe03c551d81612e5550705d42d03f89fdb0f87
SHA512 c999c42dd589186c319b358b666e207e10043487a825455d1a35df582fb5e1563e4799e9696e21d743e34b746f2d688b1900b7c6da2f2e4d1931433b9ee43356

C:\Windows\SysWOW64\directx\websetup\Nov2007_x3daudio_x64.cab

MD5 523deb17de80955969d860376fc0768b
SHA1 8964d237c360208e42d1a879e541dc710f1aab05
SHA256 122e09bbf46b3c3edae6c28ad060482dac24d4331c682fe0231cc5b6fb53c5e8
SHA512 c46522b916bd840478c06256305c187f950e525f7780a1763589c3ead8cb425a245944549accd58cb626769d368b03a047cc3b1fb38cd2ec4c4bcfc5668a2b7e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Windows\SysWOW64\directx\websetup\Nov2007_xact_x86.cab

MD5 b3eb2dbd7a3a366ef2a2e1efe54a4e4e
SHA1 7edfde36ce6f8904b86610ead23aecffa0a21c63
SHA256 6dcb9461eab4aceb999784ecd74d985b3543899542ffd66203929f409c70c8d8
SHA512 b69cdcc7a2519a48dc13f60bde5dd0dd84af63386b1d98a507103492ad8a9ae5bbfda78761ce15db9abe5f201d509fda8013f3489aaf21db85cdd25dbcc29cb9

C:\Windows\SysWOW64\directx\websetup\Nov2007_xact_x64.cab

MD5 3d098aef8ad101782fb2187d7666ec64
SHA1 e6565c1c8cc68a0013490be6b3d6819dfdad94b6
SHA256 9fa6f4116a4eb1e72f75cbdcb2e34198a243d169276d4f493ecb8a9dff3722d4
SHA512 eed7ad526c5dba959e5d5b963154ccd87c4177a286e2f59a59ccbc7226e7a738ec89ee9d859113b72eb5c15caad444929c456beafbe125853976cc9e1f4936f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9c39ed88db0fb880d9229f6ea119dcba
SHA1 58c38fd5e5114cc4ce2a528907586c0ee1053e3a
SHA256 91562fb6b9e50d725ce83645149628ee313e799b337060da7185097e25f7ebeb
SHA512 0f6d3c7bae97af4b553fc1cc828362e3f530591bcc7af17c06d1f77a90dd84ede4f0516bd8de00e9e6e3403db8106915f2958e3779f0099a54b2fc90add1df24

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x64.cab

MD5 600b24bef0749c2fbf406e0173478843
SHA1 d373147cc4ff0cf42d084edd75af18f1d0a347aa
SHA256 7ef2e2a5d4843f58b3eaca34f5a9c63e9abfa726a3244b762a6de70bb9a95123
SHA512 e156ee9e70a1b2be4b2d4b538b6f6ad4f4d877bb0d31297464840e3eabdb9239d73e54a9ede97c4eda688d7afa8483e271e31fdf9c658b240aa9510f161ab19a

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x64.cab

MD5 756fe364f6a8bd2e70ecbbe895e134d0
SHA1 eaf82f86086510c0522b5dca8199110874b11b37
SHA256 6aff708a5bc25b4ecee972f930293324f86bc45dc97d687dab782108606c5902
SHA512 3d1c0a3ca8da93a85a459b252ca9ecd9177a450dc1a8f73add303a601ec64285fedd2dd97ae0a2c72661dc579e03fdd63ae6df900f645975885ab7a178e47352

C:\Windows\SysWOW64\directx\websetup\Mar2008_x3daudio_x86.cab

MD5 5262e69c5834aa27a833c1e589cc2574
SHA1 757bb50815568a7aac35c1d85adce68466fa39b0
SHA256 1ababdfd6ca26f1c56f618f8c9f90dbc063d964bfa31caa787b0a8a1bee519be
SHA512 82f75f1fe7524e32514eff95ff7013ee1a095085937c1d31c7209c6403b6de9bf5ff0391fdb4bd3ef3d2cfbd941924732ea2b9d30055d90e04405abc426dde95

C:\Windows\SysWOW64\directx\websetup\Mar2008_x3daudio_x64.cab

MD5 bdc5ed445942d7384d946acaf03363c0
SHA1 b7e021195bc4574a5676ad57eeeade1835299dfd
SHA256 312c2dfd80126d25a1cfab0fadf5c99bf1f81b404e121afec908f5b5d04529a2
SHA512 e6f792d767f5f4d3fbb08ba555d6aac3a8a873c11711eaf8936c738a9205fbe6ef7e64a9b56c58fd3f858bb7c20e595afc2f3c9d9010e101c2eca737d1676895

C:\Windows\SysWOW64\directx\websetup\Mar2008_xact_x86.cab

MD5 486b18945e3f5ef496727202eb8e1473
SHA1 d1741959717a62b3981542b3a9d75f58d5aee637
SHA256 d2140d9b4420b022d6e6135a67029033b5b0ec083893eceadd1007eee41ef4cd
SHA512 e262c6b5bea9c60e07985eaa5f84fd7d8191a17739dab8985fbe60116352cffc06f05f309c6aff00a596d8a0b61982e86ebe26097554f1a46b337d155ee437d7

C:\Windows\SysWOW64\directx\websetup\Mar2008_xact_x64.cab

MD5 3fc4683385ca18bb91a64aabd6287ca5
SHA1 1dd91f7af09a1d6ed2d205bc385b526d3400336f
SHA256 b6f81e365b7fc224f66bd6560e5040dabc9370b3f21f9bd85728349200dd7632
SHA512 4c6be51c33444d62967ac4dcd3b0ae127963ec831f4c618cab2989726130fd5a50d3928e1e66111d000f14b8fd3882aca1b0725ec6025359b30017cbc5380afa

C:\Windows\SysWOW64\directx\websetup\Mar2008_xaudio_x86.cab

MD5 dc71ac34a07bad6d68fc0520a5b0fb2d
SHA1 fc74844b5bc6c504568fff83ff629e802b859f39
SHA256 bce9c695d24972eacef357da0f83ab9d9cce2ee9a46176ffffad3a0abd64f48f
SHA512 15b9e540e0b194e2b6a66a41a143184c4ec26c8124b6d7827cea43d7bd1f0bceb33c5617522fa5787ad28423a48f4e735c4e782b12abad53defd1f9ef0ef9c11

C:\Windows\SysWOW64\directx\websetup\Mar2008_xaudio_x64.cab

MD5 3b2c203ed13d8901ab7c27616da80b6e
SHA1 f4c659eccd07abd1429ccb0a403c6fa80e821631
SHA256 e9a2e00f9c96bd5c91c4ae069c1c2ef6451e0207e8c18074f14d0d0ac08301fa
SHA512 967125b6ee2e3c4ca7c80037ca0a9d4d766ebb333ed68832ba1c7e321cb6ccdaa6ccc6242b01f61c779515e34185c63d71e99a7a2cd267f289967413c3606aad

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x64.cab

MD5 93e07225a9cdcd077af0d83b232da2a3
SHA1 8ebc7e6376203c68a2e3cc82dda75b2e7b285aa9
SHA256 f33a6b6ef55bd4e75a2e67d269b917fa6113f2b1c9b745b19d3ce6a6365d1cfc
SHA512 6cc39c9eaee38a9ae8755ebe6091bd60ce780332a8cf70934f8b08bc920a148fe8ba78967f2290609f07ab992880ffd64c55b6243fe3b0d46dac56a12aff5367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 34a14a7a5ae6a0bfc33e733b483d7413
SHA1 ac94ddcd717765f8cc2097a328f77e3d5fe293a5
SHA256 f9c97e7dc17955ed5c6b2a9600d52e7aa23bbb3d5c5c1f93cff64d98ac07acff
SHA512 c4a03ae1b62256f474783ec51bce541b9732504976bc7ed2ec90a2f2423d90f078fc6be9635935f09253655a9501f422f402a7f0344f2ae78c84af8ee5d28cf1

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x64.cab

MD5 ae0baabeaa94d668f9f1948442fe9b79
SHA1 34dd1c1ef542cceaf8202f41761c0c76cd9611f0
SHA256 a75a8109e3b4ce2a805555577d45853bc2e67451ba287b45aa3ce4ca14ce87b7
SHA512 da4fbcad45a08d8c691324aed44c227e6b6a22b2578804806f492bb7c1644a8f9a8aa7540d6f35c0fbd243448a79e56bec2e7e2b26bda40f637242f1207c789f

C:\Windows\SysWOW64\directx\websetup\Jun2008_x3daudio_x86.cab

MD5 dbc81af3e6112058cb652136fc9e99b4
SHA1 ccdf0a69cbf4ceb933dbbbc15fd96df52931f4f6
SHA256 75f048bc8261c1877126a82d3e7983f22f830596eefeaffb799947d9a13afd51
SHA512 879f04a0c66b76aceece022397f87e52f15be73bbe479fe03f01163746e21f6b5178091f30a5118b32f116a4ed27a99c1baee5ea5da9d2e277b6f534daa4b841

C:\Windows\SysWOW64\directx\websetup\Jun2008_x3daudio_x64.cab

MD5 8f47579336d3e8bdffa6ec7efe59ba29
SHA1 4379c4f9c5425668abbbdc965f8bd9df0b7b0855
SHA256 7363590b33717a0c2e07f3b2dceb3689a526b255f29c84092022a37bf6e9b9c1
SHA512 257e5b70b727b44bacc49fe30d73d4cfe0637bde62ebae58218bcd24f4d97a3f9d30a938b9a8a6e0479b3f6b0410bf8093e7d74752bb1df73c1906dac809ccce

C:\Windows\SysWOW64\directx\websetup\Jun2008_xact_x86.cab

MD5 54640e3a5216776937ee5f026ebd22f4
SHA1 bcf0ea32672f6ddc01bc4e4e23fc67301769f42a
SHA256 fa86c9d133cc5ca499b1f57d52a6024cae3f5605ff0e5bc466f07e3f7bac121c
SHA512 6b4fb153aec1f860fa57462a70937de3a94d61164c263850ef883e72569871913df5390bbd92a6b2574ffed5e8f39e434e435f16a0ef232121eeff3e71db0049

C:\Windows\SysWOW64\directx\websetup\Jun2008_xact_x64.cab

MD5 a3ecdff8018bd0ad0d1a34860e4cda6e
SHA1 36db6dd7d33e4ead7fb2629205b8c6717a62dbce
SHA256 09e15921b2a8204235c7128b804f26e72599f05f55005bd29fdb05da8c812460
SHA512 01da2b3ee535dfb0648fe340f3fb34fe98dfa7d5e0b87d5041ee8032581bf5bc0cb03678dd19b9faed3e0b9dacc36819cedc705fa5f093f8244e422ebf30d9c4

C:\Windows\msdownld.tmp\AS5D3EF6.tmp\Jun2008_xaudio_x86.cab

MD5 50de676bbab28205c1d045c35eadc944
SHA1 ff963262b0d5d73e27a827116eed38ee1e182258
SHA256 6d128830655e6cc400c1677ad91341e7b69f3d3f5acf32bc44ed2a32b5e776eb
SHA512 5f544aa2c671a5ce3b6431059ba042b00e973920b1e77a57b42b387db493d03e2a8ef1bde824d7752646eda20e7ac3e17b5729e391a2e3e20ef953c65b7542e5

C:\Windows\SysWOW64\directx\websetup\Jun2008_xaudio_x64.cab

MD5 be0eeff1ac4f42be998940f6564e89b5
SHA1 62f054a4ecd6aa187c3d1704378c458786de5337
SHA256 7679e7b1e03399a5d0d7b802308ee1503a9c5c59935d16c330db760876bfb37c
SHA512 c3ff516aa3730e908ca626349f037311f5521849ad970c64dd44e63344b29dec6a40454cdf436732302514b976ad7d8913d7416468241ebe4d2f043056510192

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x64.cab

MD5 85ffa26e1821c06035bbb25ca9241c34
SHA1 272016aa12473f9c3ab33be1ae1ca11a2df3eeff
SHA256 03f30dd485a82b6505a881f525e432bb84447e108bf086ef341a39951a1863ed
SHA512 537e708761fdc3b5f1a3908f565e0d2c09a5a7cc4566fc65176e81cffde8702b918377d9aa701032708ef253b91f2a7153995e39fe4ac2cd311d51e791bf1473

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x64.cab

MD5 dda02cd5814439f8368259285e408845
SHA1 6c9de1bcabcdd5333c24f253f38ddd256e6c6787
SHA256 c6602fb00efe93ea7875e29974c073b4f83991bfc064470de94a95dbacd51712
SHA512 8809577e13859067d9af53c4d6d6da047e9c88d264e7facf102ff34101c530e2691f1b6442ac2694ad3342f83b1f5ed3333d6f12d2523cc1a6af1a29b0aa6c24

C:\Windows\SysWOW64\directx\websetup\Aug2008_xact_x86.cab

MD5 5e96c7336834510b8af861083d87e8d1
SHA1 1c4065905496690b59b0c7ed25399ce6593a4a29
SHA256 736b3c20aa536c1569465badec5bffda858978b2d9ec1e48ad639ccde301d6f6
SHA512 683cc10a5fb529055bec363dba6b26dfab6f764fbc256ac9c224d70fe7422d4df6e1303cfb707450d1150d79bf8239bb55653e2f0af87c4dc28969ac0db17306

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b8204c37449efc427ba1a3086da5d747
SHA1 cdeb01bc60debefb11be13ab2ba3b783eb92a8b2
SHA256 8eebb94d08ea1e7bf1c2b3a6765fe2e8c338b020fe579f3e89b07f727017f244
SHA512 112cc167bf8bd6a139685560741b018aa758faa67e2f1e8321faa03ab7e923791f21259e9ed57a281df39be01546cedc7e22a1d6f7abf321ead7a5418c800c63

C:\Windows\SysWOW64\directx\websetup\Aug2008_xact_x64.cab

MD5 1284916b97980a2dd714ee7d9f3bef97
SHA1 80216e9bee9ab8a7a94c11039126533308411034
SHA256 1b640b0022c876f74a41db17672bb0685b74d3759a7818f84c8ffc51a9aa0d51
SHA512 aa367c5eeaa123eb983a188bdf9558deea1052ef0332ae144ffe2681039c374fa80adc0daabe12e91c9505107c2bdbcd4780b58e58738183ea8ca927d14a0bae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a551681cc782e774cadb505a17e33bf4
SHA1 9ca7bc43bfea66b7c2127c2c0def129ead162c9f
SHA256 61a26a90e674aef1aab7f3f9d534282d912c9ff810ef051a923d613570dd0989
SHA512 3928d609df8bebdad53e989b3e3320cb5cdf9db5420b5167da40dd84878b26b7098f35408e36f415288e4c266980bd7677ec589d3fa02acbb030a27a6a8450dc

C:\Windows\SysWOW64\directx\websetup\Aug2008_xaudio_x86.cab

MD5 60aa66cca3684683e233daac694bdf09
SHA1 a14140e7eed90414b10ba0c248ad0cba888c1516
SHA256 a1550abc06e39ca576d24efd2801d139c64c7dce643246a7ddf2de2d03a7ba23
SHA512 ca846a0e0ad82b4c96ba1ef01e6bb0b98852676598c4e3e80877018f6d4ab25a2f4eaa8f80115cc3304aa75169a584560de65f2a63bfb43f26b2e1a2f7edb5d1

C:\Windows\SysWOW64\directx\websetup\Aug2008_xaudio_x64.cab

MD5 154c82143b1b0730e7df3459cad48253
SHA1 bad95ba1b8294f8574aa93c6aa3dabc1e2ae95a4
SHA256 42807ba4736a40b7bb9b4b558c0daffd2ca75987dafe47a6571f3c45f178d29e
SHA512 db6d734003542c8891ab86d3cd2fbc96a020da852bc4098c9451035ec40f33ec0de44f770973df932abdd3c1ac35109a12c542278d0c898e54e6f8bd49c20c97

C:\Windows\SysWOW64\directx\websetup\Nov2008_x3daudio_x86.cab

MD5 7b59a5d0824ab10eb4dcf0295d2c0a09
SHA1 0c084c3e1a3da5aff22aa924a5209c57d44435d8
SHA256 8fbe56582e93b3277caf8660f689cc9e9fa6a33056d40a88d48f669a005430cb
SHA512 db4a91267afd98205e98716e0080f18d8efac9b2043962e8b909910619d04ad3f99692b1a9b0b612c8a5fa32b31150805e375b67ac6b897dc1c70bffc9f24f81

C:\Windows\SysWOW64\directx\websetup\Nov2008_x3daudio_x64.cab

MD5 c931e5b595c62925df29ee9040a0bc12
SHA1 2a06d78f47160cadcd0f9ec634818c9b79b7f61a
SHA256 4da03f7a174d276dbbbe469c12670fa85fe247428fd5033e93ccc3ae4d5f84da
SHA512 5d9ec84116df04b955e026860ff7b2750cb87261d2a91088936e7b5ee500548686f4a7a4884b1c54081701f3982c8991613c0c77c93fa32df70084e63717112b

C:\Windows\SysWOW64\directx\websetup\Nov2008_xact_x86.cab

MD5 6323491029405204cfb35e995062b79d
SHA1 b281a0781b01d2d5f55723f5674df508873e35bb
SHA256 3e804174d83cf4908cce7aac97756541a58c16372368904a253d10d64fb4d2a2
SHA512 c0b39e2c1912d04d39ee46f8e30e554fbfcb8d011c05a133774ef78ec761abb7d619aacd68a8dca48b6515ad003006a500386bcaecb9356c0cbb41684bf797f1

C:\Windows\SysWOW64\directx\websetup\Nov2008_xact_x64.cab

MD5 45eb89f9552c6536092dbb848dfca448
SHA1 40c7f5144e80614870bfe1ff1d0eb400deb8fdb6
SHA256 636f4829ebbf2e9a1ebe572a0f0b7f8289089339cc38c7075f48fe4930134cc2
SHA512 e4e771a0b6b93db895620c23a32ae4bf3a455a687480c7c1363e53e9b8d9206cad53989bf27b326e1583c4a993c59d68ce6d3f054698c405c8cf62e3cb256e6d

C:\Windows\SysWOW64\directx\websetup\Nov2008_xaudio_x86.cab

MD5 350f4eecb4407263a2417a284d355186
SHA1 ec76503b1f170010d778eefb6c3ff1d4aabd309b
SHA256 cad128dc2e64a47f65bb44f43a5a0650b045a5dae34ce13f34817642c56e4721
SHA512 c6a1c97bd08a02135062b5294e895e60e6c4361626bc15c0693b2a3aecf610b5e9604c1d71aafb1a62a9154cb2fd8067d77894698585286fe2900683982c1c29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d7c6668b8b50a8e502c9bdccc4831102
SHA1 bec965be3c246053b121c80243de9d1ad44b2016
SHA256 a9c181842a90ad492c4da04f452f436cc48e6baad2a151c03f0a42ded8a11224
SHA512 ba7756d4594165d8ef9c21678a452e5b4ad09439beb5559b024575c0b08ea4600fb781fde8a785269f489dd55ee8f5b622719c7fe2f94372a0012b0bb08bf221

C:\Windows\SysWOW64\directx\websetup\Nov2008_xaudio_x64.cab

MD5 97ab92ee81ab716560b9c51ba6e644a3
SHA1 681cedd9212cab09139585a69bb55898fe7c4a40
SHA256 63229aa8bd8e675b292c263fcad6b7868394ad29987d3f4db55f618359cb0681
SHA512 ca783306876f76b59e5c0ce4f6a49461bf5fa4c2206f289fc40c0f0f050687fcd798dd1b07e2229aeb0a0b736dc5123d4acffc0e737fa70f51ea7abb6d410372

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x64.cab

MD5 2d7ffccf9db1906fa49be695354e5290
SHA1 8d0a8a4b7241e31bf931cc3cbc2dd50cb48896e5
SHA256 9499871ec59f7f115f51399f21730734fa1037eb0c1ef9f1bd12c0479b216a6c
SHA512 5df399c1b62652a91fd3250fe696aaf283f028910f0e25762576bc7c74588822dfb4010ea33c05d222bc60fbfd6d3fcd757bacf4773d7d2fff734eeea078beb8

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x64.cab

MD5 9bdcd6514ca65c183866b1988ca23d43
SHA1 6678a610be410bca5fafa0761afc10eefcf1bd7b
SHA256 86f96aed9c4e381623a6476bdeb375c3f49eb0f252301ad4db2f7974362790b1
SHA512 e4a9d9087633d7e6302ed58de60ae7d35bbc1257d209b082cc67f36bf85572912a703f990254e15abd8e3d0e5510f4f9db8e2efd1d567f647a2da2608e49bd7c

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x64.cab

MD5 212bb7229cd29cacf1a5ec4e1c6e52e5
SHA1 c79ff23f737b991e8a7f38b9e674677482405f20
SHA256 53da650f9aad168fe8034da45abbabc950729780ecc4f645f1470e851fd67ac3
SHA512 6e1396e665f7b7d6cfda0591ec4c4082f8e3cf0eb2e64b7eb771cbb16f73af2a1c35ed2499062cd51d2c7c438425e235fa21bc48cda6ac3fc60d6518bf609fdb

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x64.cab

MD5 70456abbb34272f7a6c2a48223c08f23
SHA1 3d4ae2460131b32293a2f0b0c3c3b4f8b4dc484f
SHA256 25ef5135a88061ede0c4fde037be62e3a11701748ff83eda1aa9cc496687265d
SHA512 e660fa94c8d579aac1a6c8f8bbe55e2488b744a8acb59631eb82231a5c3363b3b923d43e6fa044afa5190060c8da67c0800c0255d8ee666d44f45e177a8241bf

C:\Windows\SysWOW64\directx\websetup\Mar2009_x3daudio_x86.cab

MD5 fa5256647c0eccc35c2b1c581a846f91
SHA1 0d5a854808650098afb36c25cea9f67d2c9ca7a3
SHA256 2984d216a782ca017243f4685ba592801b1ac3ccac2bf20a8a134fecaff03510
SHA512 0ee38e439e202e4a06a1e9965112a663dfd4f7bfa5a6f34694f8429786ab0eda3a6ab13469d0e750d9efc8834cb482fb8894e76673aeaaddd9fb814bd6b13204

C:\Windows\SysWOW64\directx\websetup\Mar2009_x3daudio_x64.cab

MD5 e28e921c4c92007597e71d499edc77bd
SHA1 d8c0e4ad125b21a32f14d967b7f1f9dcace4a86e
SHA256 53a41f2989a2f68e4e927c89b2e38bbfcee7a2182ec588db233f26292f9d7911
SHA512 da023cdf89845bc7c7d2541348455c17730d4890df5b8be00e807d7c453d8d1da1cf12600a600f22580f9805233f96dd3394ef95c511e267f33746701b6f1d64

C:\Windows\SysWOW64\directx\websetup\Mar2009_xact_x86.cab

MD5 c1ff75f8ceaca8bb6194efc53563a3f3
SHA1 789890284ad15df5acaa580dc47ddcae1f0d0c41
SHA256 250c430741fc09d74ef6f43559a365ee908f52d96cfdacc7b6d8bf5e1bd3e5e1
SHA512 5e51ec6d2a6c71ccc070a48539170dc9738c7b500d6bb3bdf9fa15a85e435b4418399524d278babf0b79ca91880206d7c57a7a27104093dceb1ee1f9aecba1f2

C:\Windows\SysWOW64\directx\websetup\Mar2009_xact_x64.cab

MD5 a9d30e5a134b5d7c5381e4dd018ab673
SHA1 2fa0a0050281d98c2b00e1a0ae0b99d0b6a594a2
SHA256 19890202eaec445617d364ffbde498e8eff48ebe5112a42fb4b99b4258aa0757
SHA512 5257241c6d2638439e6274c084a096fa753536c0d5f7ffb1f4242676a9a27ed4691cac7ca614df039278b87ab628a8e75fdc6e223413abd82b26b970869abe1e

C:\Windows\SysWOW64\directx\websetup\Mar2009_xaudio_x86.cab

MD5 528d1c8ba95c79a237ee6f83403b919a
SHA1 cf2270f9d664e90e6481ee37c319ebc0dba1efb6
SHA256 e7aacd3af1c4e2031e4e4365d47e8af1023272c795f823b41f1728d48d127b67
SHA512 f7fb7c5cdea9dd4a58c597019cf50c50a568bedbce2fe86c9c9aa459f16c66a23ddb89e45970de251de49d0b2f92c250a836ee1f727c43bd3b062ab716aa6bb8

C:\Windows\SysWOW64\directx\websetup\Mar2009_xaudio_x64.cab

MD5 04850620fc179a2812ca31b9ed375ffc
SHA1 cc04b25b10b16166e36499256a4693297a7023f1
SHA256 2c1610997f383e55d5e264b3cc52d9bc5262ea72bad6116a0d84e623f61b0361
SHA512 d27ae04e183771bee6ce15f611f563657c0fc4914d5857b018e7fe374122ec9ce56ebb2c5f990f46689255a84ab3d3e8d9746b41b0559b506df55aa7cd7b0d03

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x64.cab

MD5 e3a8689d2876c6d3baac0b36b5c4bf1e
SHA1 22746af0bc59f5ba90a1f48a9cebdb87f40e56c9
SHA256 54a61b655ca36f76a489b46c6174dd601a831210f16ecb9d839cdb7e19d47904
SHA512 76fdb7b7cf64751e1d59e70968a14547e889d2645468e5125c280d8d585a3dcecfbd83cc1a08d552db7ee91be78d769372dfd9e4c0e86a5b80ea32ec7a78073b

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x64.cab

MD5 55fd3e53e8b2bfb1de4143b5f2b7c829
SHA1 c3711ebcfddb1d52e9417bd02509b768e683fc40
SHA256 98ca8f4d1c6cd13fa721a35a23992d9edd14cc7465d3752e5978d89c9bc91960
SHA512 eda2cf25132359899806296aefd0af98ab406ede587a582d701a5f8584e0e0dbddd60ef0225a59b0669965afec97709c38e20e8a3470c26b4dee35205c1eb01e

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x64.cab

MD5 4196833920bc3bf77ffb56e3693e4160
SHA1 fcfa14f51cd79582c64f7956a5781622b682b1b7
SHA256 f2f4753e201d6e7f40f4011cc4b4fa95f4519da0481d98cb24dbb6679518ca93
SHA512 242b19b6f8132577e9a7c7247dc714a95c7a4b81416b79dbcaabcfe14c03405b965d0ac751193947af64356f34bbbb25acc021b0bc7e452e35340058f169989d

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dcsx_42_x64.cab

MD5 f711e4631cd4ebf7bea6c783394b2c75
SHA1 5049b2dc62b6df73a0ae86afbe94ca78fbbd5d83
SHA256 c7251e4c3fcd0a1a2b15f09dd62901006f87932ffa2626da62822bf36feeeaff
SHA512 04b70a601ace816ae1301ecf78791a0c532f4cf0ab54be853eebde94c83eb495020403f8c768ac6b540394141a162ad4a6dfd3fcc241b9e189dbc69ce2d4f786

C:\Windows\SysWOW64\directx\websetup\Aug2009_D3DCompiler_42_x64.cab

MD5 34864d6f882bd93615154ce1ba7d58a4
SHA1 fa1f0022b5d2fb79f5127cf54f6d38bec9114cbc
SHA256 fba7951681bcbeeb771bf62e8609779587a0e4555785c772dfc62e821c62db75
SHA512 d8808aed8bd500a326292f0632eec6ff0b0811bcd695a35f913d0187ecb90054abcd46a7c243d27b0967753b89ea2bcdf51b457a9570b311bd46c72d2373970d

C:\Windows\SysWOW64\directx\websetup\Aug2009_xact_x86.cab

MD5 234963b689c5fd79cf71a3f555b2b418
SHA1 e9a4a8118da844571beee04a8e79675729396c15
SHA256 1520e988f112dde8ea11794e4b6dc9bc6ccb2ae7e0be7342d4696b719e5a86d0
SHA512 dd00fb9da7f14daaf3ff535e4ef31c1eb35757836242b8b1f491e4061128781b59c117aee0ad7789d90852babc459ea5614ed5fe4263a8d7219e045b0a5a80bb

C:\Windows\SysWOW64\directx\websetup\Aug2009_xact_x64.cab

MD5 503d5dcdc151739cce29b6bc144413bc
SHA1 2fe0261a0e81da501448861d710bae9627ff658d
SHA256 34d922a89d6b354572c17b890b0efc21bea237b94859010278fc1a4435ae7724
SHA512 fc7d8896ce2710a6189a812bb57b80b74489a9311610eece7db32ec0f830525e9c73e10755031ac3bbe8649344f02c44df2450e5b6e98b17c706e4755fbce0ff

C:\Windows\SysWOW64\directx\websetup\Aug2009_xaudio_x86.cab

MD5 2136cdc81fb2badbabb1ca9da463034a
SHA1 7a2d39f51d390fa28d627ab349523eda6bb9304d
SHA256 68785e0781b43c34cb184ae167363c23d5b9d18ddaf8474a5f1d6b90a939e8b7
SHA512 82a600478e77ee623552ec7be8cd63f85a0028d552cb3764b0e36400020746e2503c505aa31f9b3569c65ca56e34a900913f712a4a9f60471ca4126e3e582de6

C:\Windows\SysWOW64\directx\websetup\Aug2009_xaudio_x64.cab

MD5 3f50dca229c21b19c6ff1da50f9b7022
SHA1 c9db30c33c27923da5303cfb6fdffc0642af7315
SHA256 348bcd596d4b3f1e10059a0ce3c4383d383c4964c00a77ae7281e3472f6b8b25
SHA512 c7d322d0f8d14a3fb65578dcf84c31f6f57d674e315d0f5bd9c4c2b9f05c006febca671d486cc6da5ffee5af46a45ca967446820860609d62ac9414f633e36b3

C:\Windows\SysWOW64\directx\websetup\Feb2010_x3daudio_x86.cab

MD5 c0f5452d6ca76e8cc63ed7e6b6fe75fb
SHA1 05a175375eae4953bc2aa5b6777fbad268d7b7fe
SHA256 3cdd51afca42c61a7fcf0e7348ee4f2095d1bb9deba31f7c09f5694a028b0d35
SHA512 bf75bd537f253c2a989416bbb0cf68e530c8e9acee0de0cabb245a4ba06d827b7eb35e940472a6c9096112be58fd96c50ad398ea14acad0739c154cfbe405aca

C:\Windows\SysWOW64\directx\websetup\Feb2010_x3daudio_x64.cab

MD5 f0ed6ef41acf1e74ff9bdfc16aa8cd02
SHA1 8f888a9ef499ef705a512352ea976eb7168d6860
SHA256 a46a4b55659921966428301c02409c32a642ff7699419f71ce8775944117ec41
SHA512 577373645ac7c617d6cd98e92fa52379d1b098232c0d563d31bb0171379d04d5f43aa8142a95943c8ae702b82e94a1f46f8516f1cddf53d8d63a2474f8643421

C:\Windows\SysWOW64\directx\websetup\Feb2010_xact_x86.cab

MD5 022f58555cb11343e2bf69562eeaaac1
SHA1 1cef7f8e152b72c3d8892702e9c6cdef6bf7d8ad
SHA256 d5a7cb9a858e3dc2fa875c8aa915b6999137b616327aa79d382379a1ce3974b5
SHA512 7308bb60c33bf063ca1e13fdae7aee032d4725e967149ad8db8bf3935b1c5cee8937dd8772702413e0d4b440110ea2af4bf58ff0bae89b9b6eecbba9702665b7

C:\Windows\SysWOW64\directx\websetup\Feb2010_xact_x64.cab

MD5 16384557c085f2268ee68a6f200060a0
SHA1 68493582ea6e17342227f326a2aebe3830b7d0db
SHA256 dc678bde00cc64b91d29c5d98be82b19de00518d1706643e8eb8ddd4ec577327
SHA512 d0ee2f2836fa5804f8c5d817f2c51dfb2b63d1f2c14516f467b757445e08f346596a9861e86873fb9c78556390a3c60862dc8bffeca0b1cba92a8df061f206a1

C:\Windows\SysWOW64\directx\websetup\Feb2010_xaudio_x86.cab

MD5 1a65ed07a006532b97beca96bfaeda85
SHA1 66bafce1212a29513f26d7bf8d1b80c96238facd
SHA256 738f0ca04f3f568eb5c1a4d8f1af30e4930e4f7950e96776a5b8adea16efc8f1
SHA512 a8082022c5a7b2cc0a3f8bacd3bc85d1788ddd3f4abdafe2b83497d4e1fcc9bf574ad86592d850ffdae85f45d445d0f11e89c219107ac7ec6e7ecfdfb69ed9c7

C:\Windows\SysWOW64\directx\websetup\Feb2010_xaudio_x64.cab

MD5 c501686b2ae5f884c3cfcf67c300fdac
SHA1 1817a5dde8fda83dcc6075836146eb17621e229b
SHA256 b99380971dccf9500604a39bcdf5db6f5d96b14519ec0bd575587638a0238099
SHA512 e41b18c0c1b69d89d5f64e1cc4dc815faa7234e13fc63f46ee0913e1eb99fa0ce585cfe94d5bf124246692e04c580716f334700f4aec3eee7aef77d8c2b53cce

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx9_43_x64.cab

MD5 4ebfa56903a486e4ff5c0ed4c57ff8bb
SHA1 ea0edf56084d4a7011953fc34ef4ae5e0004f753
SHA256 810a07865b7fcaf0d7abebc86682479a05bccba71c69aa2d4ecbec3c88c8270e
SHA512 be06091faff54db09aff6c034addbb1a143de17d05f4ee9239509a108dce5f479cec2789fd27c2ea3fb66ae47de12631dd4f4599cce80368020e620c1a6a0a35

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx10_43_x64.cab

MD5 15e92aada1119117964d28291f8adba9
SHA1 a4bcfd73e2d1adeacda9046cbf44c9fd21b3e075
SHA256 c689eea749f1ad76a162d1c6dff31dd92d0ebf85f5b539c4c953d55bbb921b57
SHA512 d0653f6aa90f9389a3ffec1bfca92b3ef22e0a2c7892dec2d156da3e2d757a26cd39a00ca47e3a4e153460599e48657f5dc96c8aa9f7c2509db0ba1ab0ae5ec5

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx11_43_x64.cab

MD5 1c119486920ae4e41cd2c328777509e3
SHA1 a89e8cb197576d78c6d1d2e45d671d7e187efc74
SHA256 37ae82574cbbfe2cae6019a168a6d1bde38f88f8e51f13335001943980a665e1
SHA512 d81c623005db87ed057aba3fa807ef3b4534ecb8473e9a3283457543590d6d73b9a9deca333e312a2616f74f1bd407de9ada7bd1c52126e04c56fdea78119bec

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dcsx_43_x64.cab

MD5 89111c646b93b8ebcb306f0f743b2d7e
SHA1 f9e83beac4d9665eaf54c6578147a6ad539d463f
SHA256 ca1b0022af12f048586761439e152d1157eddb7153c031e075ab8d946173d31e
SHA512 3e79235d4c73d26506c3d537491987c06c184f0bb2eb7f40babdc70682215393f6e9ef49deb57c83d7d29ff15740b472a59a7320b5d006a0f094614396b06be0

C:\Windows\SysWOW64\directx\websetup\Jun2010_D3DCompiler_43_x64.cab

MD5 b6c9433b3ae42a99b0ca86700b265d9d
SHA1 595ef071c6798b31be6db2c721ca8a1fc51c8210
SHA256 9b56aba20f49739cde64f07ec317b6e20b0713fb9ae697318d811a0f103a6dbb
SHA512 04dbf5a877ae71f0b96680b34946f64a5477d1a23669eb89f4b2746084784efc0bd78db548671cb2eb8d3701570478a07485874b2d293351ae2bc1c6c2845630

C:\Windows\SysWOW64\directx\websetup\Jun2010_xact_x86.cab

MD5 3188814f4f1b69543688a55af1ffe23b
SHA1 57108fe718c3fbc3ab17b849d72dcb03315a1068
SHA256 fb320286968952ae93c7cdb4078bd99e689a0946157574760b844f7bf39c7ea0
SHA512 dcad3777a739bfeddef3bf7c87db289c88b9a5dc0d9e196acd2ab0d3c685cf14d361cd539ff07b0f23ad36b2bd4163c9c8475e014e22da272de78bcba8ca7793

C:\Windows\SysWOW64\directx\websetup\Jun2010_xact_x64.cab

MD5 79ed229e336b3c13524d5769e95fa97d
SHA1 1407132b85923d199509c700806c705af3a67727
SHA256 3e8fcc374e84e1170067a057acfa3b5464220d6bf5324566a05242e8208799b2
SHA512 676472162b9d54e9cbf23c853236f10009e5646be45f97be5d08dae7e5f87a947dbcc9d63cfff5b7d739ab9131ea6e3b9a499cfd813c678c9a4c5dd6eb338907

C:\Windows\SysWOW64\directx\websetup\Jun2010_xaudio_x86.cab

MD5 11e2b64c1e1c07f5843adde7e247c8ed
SHA1 ead54df66fbf52fc503b2d364da64a7de4f19fc7
SHA256 c364833271396d78811a9a3388341cb9e1cf5e6e0fe2d7986cb4dd2f931a0dae
SHA512 e3a988dd221599678a7b691f2b0b5eae5e8fdcb5352c7e9c38868c2cfc0fe9417a5954d3e8240157c5d9753d55f540c25ee1944c9ff3f2ff14df5d7051a79991

C:\Windows\SysWOW64\directx\websetup\Jun2010_xaudio_x64.cab

MD5 461c07c13afd70954f34d55986a0515d
SHA1 d74a8f99e72d182c21a30e4cdcf9f7ca39dcea54
SHA256 7cce405577fae04e58fe31a099febba96d3ea7cb94ed2184b6bfba32d9f20acc
SHA512 aef4b8bdd17af066f5680485cc45266859f802f2a79178472f5c00b9146ab52f8e04d36a973ef8ff45eee29940fe072180d4e7e0e89366fa2e8aba8bcdb890f6

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2902.0_x86.cab

MD5 74a550d8ca43f210e526bb000af42303
SHA1 ca3dc6136846ad196939cf71ccc04be6b108bff7
SHA256 afa44ed18e3217892499062db4337b94025726df991a0bd4dcc3a9f8c27c41b9
SHA512 58757d831931daba43ceffd512d47e29bdb91cb7b1505d69079a14f911e149d718e1566323b9bb1d0292333c76603e7634da5798307b6dd6c97f885ce25c87fa

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2903.0_x86.cab

MD5 6df41acd290de624df34e57569225f7b
SHA1 b33a256ceec451e467dc2aa2339a3736915ade25
SHA256 84e240f8813bacb2fe0f20081ca20cd0fed4b9e10c96aded8516b25375c407aa
SHA512 0b2647e0f6ddd936023d70f4a6c3f69275ef65433dd45cb47293a933f2d7b2d0d0385f80c8cb8be8538c4d4420d2da17484dfa056fc7dfddf1ca974b4698954e

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2904.0_x86.cab

MD5 0ee4994d37940795f01cd2be93b7d847
SHA1 082f6aa6d9d92cc23ac1ca858244a101dd8f5dbe
SHA256 cadffad57691af14fdc0f41250e644257a3068da134a5922f343f2e69b1b5441
SHA512 ee23312d54c0d0140f80317fd0cea299a362d8cd1463cfd79a9062eff2305ea188cae4f83f3cf2c301e6d82d29820fec726844971e286ddf729df9a17afaa167

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2905.0_x86.cab

MD5 70a647ca8587b3be1d2209c998b86b50
SHA1 5850552af0aad715c2406a3f50d7c6af1595444b
SHA256 f10aee00b78b734acb3bfdd81ce0ac22648376486d0c308f9975b05181ecbe13
SHA512 470c027ed3113af38c5f3c4fd3348d3cc8affac081dfe3b7fdbd1787da3bf78489e5379d8f306d917586ef8810b31a7f303125c94739f6dba15e3ac4745d996d

C:\Windows\msdownld.tmp\AS5E2455.tmp\MDX_1.0.2906.0_x86.cab

MD5 d7bf6789f6c6dce7ec335f842e91c9c8
SHA1 c0297ea86238a166da27b9428dc891256b52b364
SHA256 bcfd420ecb20116a78b54678cbb04204e76368809aee1e1bb36810a4d433de2f
SHA512 b07bf7444afebd52a11f64c57d76cab8976a222d8f9fa0e78e1dcd7bd2c126dc28d7df7b778f10bb8f69dd7b7163c76e5f7edb260e31ef66c458f4fd72899b36

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2907.0_x86.cab

MD5 d82fa9747fd442d8cca1cc35b97440b2
SHA1 a3e2ab8588a1bdf435e786c000c38144adbca457
SHA256 b185fce1d25a4411c1a2f53ec1e4232de9a3078d7db7aa469d53c5fb041f792e
SHA512 234e7a4dad6e9f83ffec2c769e775b18783b6a03e50d7e8186fb7fe01747fbb5ac46cff6f8437ca932f037da6c565f4faca694da4580f2876e31c252fafb55f7

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2908.0_x86.cab

MD5 3bb868c2953151575cb8833fcda21fc3
SHA1 403c8a2123f59d2a3abeef22630cd6f62cfc1d92
SHA256 fd1c15037800a0a689126b09f29a6329452cbaf42508242d9cc185f557f04954
SHA512 33021b90441bea79525dcbad841164d1b8568907edc5c27c0374c7cbe93bc381d93081f8f7b20f14aefec3b59153dcc9b2fa44c80b1ef7fcda0f8a6038ac24cc

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2909.0_x86.cab

MD5 3f8bf012bf573f071e98df62843ece92
SHA1 b6004908bb160643899b04b6edac9fdc7e3d86fa
SHA256 1e9c063428322da24df17c5d49c63a53e0f0751d26f741d90216b9c4ff1a9136
SHA512 dcea9b2fd7379f8a0d7eafeea4340f3ab7d71069ff843550e2c7a2ea21e1fba7a779a5352bd5758bc88eb8dbde0ec1d1f3e8164b1766e1a47f676a44c36c30ce

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2910.0_x86.cab

MD5 4ef2b868739e09e4020f2f0b0ded4a46
SHA1 39d201d0666cabadc0dbb81ee2bc691b9be10191
SHA256 1829a24a8ed3a2496ce92aa0c5142d8f512b11cdf23eda5e579edb5b11e2b589
SHA512 3a2f894854f9932840c7c7341f2e1882102e4f12dfd45f36deecff520da6d3237d9ea3867041f53037c808789e6bc57e7ba067d9c8f621350396126032c5223e

C:\Windows\SysWOW64\directx\websetup\Apr2006_MDX1_x86.cab

MD5 c0fb3fbba00268b9992fd0bf2e2d2efd
SHA1 fa6ba1c5e193353f01b816fe782ed296ae7814dc
SHA256 90e08fc3b98267756c6017f4d37b157eba3586c262474d1556b21d9c35d84da2
SHA512 00d23eb3c3312170e4a6a2992721255e307085f6f128cd3203d6e9b16eec7f0ec54b8a3fc09a5be51da2225b55fd89b13c278e25853771e414d0a5a93e3a3b0f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\92f54877-a56c-4406-bcda-b49e396835c7.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 10e930b3d6beb55a5bb75b07f3ea4b8a
SHA1 ec8d151c22c75eeb7460801d2bba442095656513
SHA256 02b4c39298913e0213818f9815972200e3e74069b2afe4fc02bcf84e690ab3e5
SHA512 80f213898f20d1cbb67909f6d9a9f5ec361efa3b46ed3a9ee386c6f79dba128f712dccbb21f47b3245304404360a54d96ee9de288c7b197444852e7470be3f89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 569651fd2a480c3039d9b8f3f7b9a91c
SHA1 5f18fa1e011e5a36217e67ece6d7b85281a666a0
SHA256 fa174609dc2ab867218101ff5688d39dfdebe81149340dbc5b0c54a2f63cb47c
SHA512 878b0d363d2b2b2fe5cd77dbe465cbf6016f301b823439c51ff15c18c4697486fe1a4c1b58ceba9899f56c4ba30bf60d7e49be6af8124855d2ba243a60277d4c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dxupdate.inf

MD5 e6a74342f328afa559d5b0544e113571
SHA1 a08b053dfd061391942d359c70f9dd406a968b7d
SHA256 93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca
SHA512 1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\mdx_1.0.2902.0_x86.inf

MD5 81700fd8d24ccd5ed83ce202dadcc625
SHA1 380473dc3560cc64fd0beca96674554d87085c28
SHA256 3bd14cf2a96544ece692e1911500f7196370a111017fb6b0e23db0f0d0f40dfa
SHA512 8ee1bd03fcd6125d22d1d35437537f594a84e67573ac72d440d45d419b88f5d3d1f5fcd8804e1a0b873714c1a71c63a488b8068f0c465e94940ea6e2db1c7860

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2005_d3dx9_25_x86.inf

MD5 bae5034d79a545ce120f2c336de0f68a
SHA1 7276af2015696d5041214fa92eff4375b3d8b183
SHA256 f484ef48e0c6e2be8207d8c8c7308dd966d52bea1fde221b927d3e49f1cab0b7
SHA512 be58875949d23732ff63a6f505b242a44811cb9603a9863d6a78a4c9193b6336b89ec9a82666865888590a7b81ad99d466a3847e7c22d0de399d476364280a22

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2005_d3dx9_25_x64.inf

MD5 f052926f0715b88b23ad52855b34df46
SHA1 c411b1ddee73a4b317d652bc3ec159ed58efffa8
SHA256 3d97810d00ceb3e7674a2ef81427d4180f77f93f9454837c5933fbc6a1ad5c1d
SHA512 8fad81eeb503d81b96c098190b5c4155f4bfe1cf2f36fdb5834a176c7c78d11b52efb6b3ba6f3168d7a21a1fc5e53fec770d125feaecd7d1cfad9cb1106d0b94

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2005_d3dx9_26_x64.inf

MD5 134624a22aefee1fad4eb11445b8d342
SHA1 3f0f65ab8be678250660ba47f33f229643c118b1
SHA256 addafcf0cfd36587c12eb2692922f0fb134874d11005a0544cc054546a493933
SHA512 24bfc2d96b3078f82ba031045271460295f3a1e6dd3c8c30d8d50c98daa9051aeca93ed8ecae8722b70083d3b0ba41735f81068e7514e81767e1e119e45ad6f3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2005_d3dx9_26_x86.inf

MD5 62f8ec9c0d3bd54ace90cb15f5caa208
SHA1 e84f4a60c79f862aca0f917d1d30898af4036fad
SHA256 262ed4a65dd45e19f196cb2d9946326693ee31a86b51bf77116dec2727971cb6
SHA512 3de4ad76b207c2a0ecc10835cb787d61faa02e3531f6242a606ac0686cbfa156f59c30695effe5560d9a8481800b356873b7590beb8a739b33c0b1fcccea3fab

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2005_d3dx9_27_x86.inf

MD5 e45a175750a672cbb2553087a8c5cf8a
SHA1 70d487f99e101bf39650594c27674313181a8ff6
SHA256 d02232a6587c460c026601517178318bab2ac29c59d269c6e3d1a3a993a9a1c4
SHA512 199882ada178e41be14af82001829d009379445028d3803d2a86eef899c01600cf2aa86123311b728e888498674379a35d40ed0964c2f88da24758fe3c7093d2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2005_d3dx9_27_x64.inf

MD5 7cfa60cdb7e697b40a268eb8814446e5
SHA1 e8e77082361d5a5ebf6163cf880f9700cff5741b
SHA256 0a8ffec8d7ef3a0aa005f604a045dcf80cf5b6473b4f26e30c58eee23e253fae
SHA512 77aaea559ef94d405194351b52643512a71990833dac22a331d5b78d569263db11bf969e26224ba8a362bf538782010ca074286ea605490d40c10f7d2d53d255

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2005_d3dx9_28_x86.inf

MD5 e0b6120a048295ebbc629a9f8fbe53ad
SHA1 3d9cbcbdafc1f9058af74896a5859591e164555c
SHA256 d4d03c4ab3c8486d6331548e967ee17e011fdac90f63c0a9a44a744815a7da7a
SHA512 66c0b9501bb08d41bb708d0a724fe6ac27abaf735ca224074e594cde932ad1f9eb9db5defba8a8a71a0a12904f20324ee4d129a1ac9fcf816fe74d648379908c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2005_d3dx9_28_x64.inf

MD5 9a3ccc90b71d554e968eca0a812bf0b3
SHA1 0ed1ca28d7f6c8b4e017cd48b8504340cb4d736e
SHA256 510b6d528be3f2997b8bd811486dc3c13eb27a9de22d1bf030e6db0e632cca4d
SHA512 0f10d2ec9f72651927599b69dc3f4e037febfb9c2a18e02eaa49962903c1cf77b63ae6335c06effdfac26b87418ef2c7a2d53dd799a28d275632d8255ffa8be4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\feb2006_d3dx9_29_x86.inf

MD5 f4c258b663ebf54c55d7d09b05b26ff6
SHA1 85af1252cf3d9ae7afcf8d576cdc17910203ad03
SHA256 f12f4bd86d5cd748b0fcf7106e9dff333c27c0886541339ba1f40c443bdc61cd
SHA512 cbd491fd8e847a4659758bfe0f5a4b56c97e539e3b3aa7ca601c329d858c882cceefb9ee8341d794235b7c2403a090f45a0ba8f2f44de3e3b1685d027d8bd19f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\feb2006_d3dx9_29_x64.inf

MD5 0d951a2eda3638d4c976a5ffc1a9f8db
SHA1 fca89fa6bc6d4c25758b7baaff9136c3d73140ff
SHA256 ef36ece1a6bd8af3b0b9247b081d28ed511b7e18c43eb3aff364c9ce8d3a06c3
SHA512 89e960fbf9421a208476f7f65acf8047d231f3d6fd87fb31b01185ce88f5ebb1fa7513224124889082f41f1dcd579cc8bbb638f1af73081b4630fb07934dbb80

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\feb2006_xact_x86.inf

MD5 9dda266ba05cd917cca889659e3b98c8
SHA1 2a2ba2ccb3c9d87c03198b9ef3b9c6e21d693055
SHA256 45146fd446fc8533dc5f97d88bee9ae220161f24797114d0bf3afc7c479ed69b
SHA512 26fa18c8058397b8b5d89baf1fb9cd689827b48781dbe40ddf884c0a3ff9cf8d8451c6c084a693e4fdf107ad181fcce35a2fcfb371548df948416b5713d8ce38

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\feb2006_xact_x64.inf

MD5 7d46669082d530935e79c74c4fd83bf2
SHA1 194a05e3b019beb07da96c3bef780e6154a78b9d
SHA256 b7ca1a4942057592c5b83b4425350da41c61779dcae608112141d727091842d4
SHA512 590a9628fb90d4140d6f96238caac46f8ab23a59e3a9d94a28d1638006085efdbfad259b9633e4a56585f6cc10119d67abf3fa873a426a1946af589c17f84fa1

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2006_d3dx9_30_x86.inf

MD5 a49046c25439fa900b1d1bf826506ce3
SHA1 deb71dad1d55dc5af2f80a1c3010c0d899bec187
SHA256 373cca07c0ceffa72901441219a4457de9ff110aededae5e4818588da39cd344
SHA512 d3e04f2e7b358faaefdd683e7ede8a41c2f65b7c8072754b03b2a5de416651f92712fa7d9bc6027d7326dc5bd8a497161685c04cbb7bb36a384aeee8dd77b086

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2006_xact_x86.inf

MD5 f67df97463d42bedc122fbedc37096c4
SHA1 42cde962b355cb3c6a7a7a88c8dc315f811a7494
SHA256 037db252501fd0e30303c11706d804d9eabbf319d0b4e88181ef8f297b4fef8e
SHA512 93815abbd6b6666438adb146bff476aa2728aa7475178259fea623dbfdae819bcf1accddddb7695ef23bb2913d234264ad2ec826bda6eae5d99459798b032144

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2006_mdx1_x86.inf

MD5 2ca62bfeb43facdd1fc06f20fb20397b
SHA1 ffbb8f6a8a11f949ca180a7e73279c4b775bbbb4
SHA256 2546a1875bf868edc621a1cd0ee262151faa08762bcced0117e1304eace0c04d
SHA512 3d16b07bbfd172dfa979dfcf4384baff35538de371dfd0b266e5110772f0751f9e5274fa92b06d1f289f8aaa585ca1fe382f8469561e74e343f37e8a05f85dbb

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2006_d3dx9_30_x64.inf

MD5 5d684b07779ae5b421e23167e2b9b44a
SHA1 1e3570908b810cc799f047221351cac7a3583787
SHA256 b70b8f62a2459580d22999301f1823bcb8a9bef54bd33b38e0af274a3a12e010
SHA512 6688f5a9952b36a0a83e806c9be99d9ffe9ba4982b76a9c7e8cef5f824c17ffe9e5ad9ef4e4974c6e2a9cb37e8c05584d8d83033182d1c5d00a786bd2b693e23

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2006_xact_x86.inf

MD5 fa59f92f7d32613a12189e75eaa700dd
SHA1 f2c3947427e7eca9fd1ad53427d1dec28a5f0f55
SHA256 6bdce6f6779712e38c6d9e6e5961217e417254089f096c719f25566e952cb257
SHA512 e8dcbd918cdd7d98a94d53413088e2f75e4d1a15d4f69b6927f3cf19760d9f2fc577659fd533b2e4e2997aa29f285b0fbb35830331997549e429dbdcc7ae9853

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2006_xinput_x64.inf

MD5 019f21ca754cc2e21d97c3a2a97d5ef6
SHA1 54d97b4018e0cd04c63f1221cd8da7a0990a2cb0
SHA256 f9d01e93e547045e1d232242c900530dfdfa54698586c7049281965e3bd01ca2
SHA512 0c0ef6a8bbc05eb81cdba8aa2c3f4a0d39f4859b6de495c79f813894253ad1ddca4851841064cadfb1901ea1f056c68560aae1e68bd12c590a143a6b7f0b16f6

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2006_xinput_x86.inf

MD5 53294b978995caafcb6a9ac8f67b8580
SHA1 c165d2c615261f135f60442ad0a6e589d681a850
SHA256 b604779115d32d439f77b33257c96f928ec4ce564189f7d0d357099c1da140c4
SHA512 a3da7e02ecfadb181ed13855b093908fca0aae2ee75e6bc4f873fe69a34cdc08f3bf504aac2ea98f9573437d2ff000e43ae8450c87036ead48e6c2b80ec523ed

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2006_xinput_x86.inf

MD5 f87111f61ac57d80199cead8e63ec45a
SHA1 4a525a78a90fa87290f60f0598fe285f9f46c90a
SHA256 cc66d67daa1f4c31ff5e59c2606c3930f72204a5057c29b9d58dde37a47b1cb7
SHA512 ddb1b7259aeec662fa271f6a6d271e9d48c4b8ce4d47d452dc2ab15611421baa13cec0024e668309b7444b31fa5b24f41b032796c81a36e94d7e577d9c516712

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2006_xact_x64.inf

MD5 a983924d66305104b4e21a551dc66448
SHA1 23deca69eea790ae7afc30cffa55e87ac8520cdf
SHA256 fe9caa55be17684622fd7339b1b96e1f0d107dc33c065706d24a435d523c6e12
SHA512 83c2117df0fc37979ccca7d861598a8a127d135456f72597366ac65276906435ab99fa353f246f9f61634fe96f8376d38253300f177d5cedac194cc92407f3d9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2006_xact_x64.inf

MD5 09c9b7346b65f5ba209934f16e711c8a
SHA1 9d6cf0fe295475c438fce214d9d24d5579f2f29e
SHA256 d9c3216ada5dd7791ca852a8ea97765f94a7b56fed27b20916b5067eb82b14d0
SHA512 26b84a457b5bd17a5deba56926af156a2144213a2b75fb015641a7817fd2307cfb439ca22ec0bb584dd21f8f9e4c7b3cc749a350b26cfcd0257f5fbda23fd9c6

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2006_xact_x86.inf

MD5 ddb0d03b1d4a6ce09da5cbc61f5525c0
SHA1 ba5e1361e394301d5b9d9a4aec68ae21f19c70a5
SHA256 34e7227e03812fce5415b0a4c3d15a9e9b259350ac9873db2a98b2ea76ae2284
SHA512 2160652a7f8adfc346e0af6f822875c34d2d13f168b9895b063925979d4fcf33a7da777ce7d43c9ef2b23186ac00378e8c2d4ee115bb2ff794e863e8b6feec5e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2006_xinput_x64.inf

MD5 90d7a7386af9b951f939d869567894d1
SHA1 ef70a6efb5f7b32193bdec6c5ff13a4abeb4f00c
SHA256 35f25b9538e55172cf36729519581444e26b38a9dae5cccc4ad75dfa34ea08e7
SHA512 10920d0116aab01eb1130eb91b26bd91d4b3ff8e09a77db5b79f88c94c463389548c2b3ce494162d4b2c3fda903eae6c2d87492475c56fc901c37fc8306555ce

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\oct2006_d3dx9_31_x86.inf

MD5 8f7aa1f0f2389f3cac574652f5d6672d
SHA1 921f2161cf46c6314a330ff52c83f8a3f1058f0d
SHA256 a1c61096019a6ae1a9f31e3fe67aa2bb7e9e451967959d7088344f3f20ab572e
SHA512 a85c03ccaa27adf3c75287529f18e84f526cf91785e0f4281db0eb86feba78522603e21def19bd2a33e03ceaedd9109b8af1dbda4a3fe93fe6eb95366b6df747

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2006_xact_x64.inf

MD5 d40e6c659cb7a757d8e751b050495927
SHA1 a9c515d786bc8f5c739fcf5ac1b6e15365f9e14e
SHA256 6fe310a67227203bbca3389dfe3403fa268cb424f4b525cca2d5407ed26670a5
SHA512 fb58acb95f1914da3c650168ed50fb6f75df68773daa8e8389db9c7c7c4d0e8bf93e46458fb76de676acc65132d781a7624f67289860a19e03520ecdbdb66896

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\oct2006_xact_x86.inf

MD5 6181c4b93bad5332b34180ac0bae5077
SHA1 259c8de2dff2a5dd8d4971fa1ab3fb0d193ae90b
SHA256 66998b21cbe6f05b12cdb4bb45549dcb1b4a92f8a1b910334150a8d767fa39e9
SHA512 8508ebc77b667907c5c2f587131f24cb25c5a67ab2f7d8b94216931457f486b37b9701397ed6ef527c9c6786f82a938a52d2b6cb0afddeff4101cb100e3ceca8

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\oct2006_d3dx9_31_x64.inf

MD5 e2a0e651573cffbf81578b864b50cfe7
SHA1 1c739f17f63ce7c5ba00638259628f7fc919cf74
SHA256 c031987e68e476365cd885e41a072f85fdfc9e480c93871d024a5ccf26d17118
SHA512 abfc6452d055bf6a3fadafb9562352bda90ee0edae5a0fec798951ef9d39701835212533a60eaab67c5c0fcf01ccb9115fcea3779b024ee1e11f217cb676e7f0

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\oct2006_xact_x64.inf

MD5 535ca39d61f752c3f1ba4956871fa27e
SHA1 4941efb676adedb9a46d7cc7415d8af03957b3fc
SHA256 4c388e9eaf3c39e75d003a58020e491b675b3a6054c702062a9c90e86f691d96
SHA512 f203958ca9c7d37daccd342a4deb125b60ef839b5b674a2a0220d7f0d770d5cfcd5c1f691470200bb4d8711f2f6a77d8b968e17020dbcec8c40b127a09f5f9de

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2006_xact_x86.inf

MD5 211700aaa53bda6894be85df3dbdc792
SHA1 4874325e984b4f0d884cc732da474b3bb59d3848
SHA256 4c0a40094228a51f567bec65c2cdf289d268812c1af579e3c6b76cd3adb77e12
SHA512 8f51d965cd1ee20cac11256afc5e422d94d43435729d653b25c5347e108fa50e59c3bba18fbd7fe4e2a1a6bd54da1622b80e029a5914e973f3faf5884a262baa

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2006_d3dx10_00_x86.inf

MD5 1b702c5bdf738a8abf4a3108097a6b7c
SHA1 c1d9c9d5e07117f273064bec36ac92b5ed624d38
SHA256 33291a47388edecc059f1825c1979142d7a9cd4a850716f9dce687deba1fa750
SHA512 498483dc823e76316e977dcaf7fbc557c3e60c67129a678701d5168105edc97f97479107330d5eb3989dc179273cc9b74d055827f036f2f3551a0a3d398f04f4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2006_xact_x64.inf

MD5 ca414f7196d9b2a7a9d4057ca0714fac
SHA1 7eae4a5bfcd42915adeff5377036ecb4bd656999
SHA256 f2f2040b8d13705f00d8e20a53f22093aa0f8c8d6aa6224992ba727ace7b75f6
SHA512 1efb725a49a8ea7125074436bfe988af360b1ac22629d34a754cabaf3c151855d08e826a0e244cdf9b624b531de14d23f32c1c16c82f6832c8604cbf52882e11

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2006_d3dx9_32_x64.inf

MD5 39929631df326b944470256c4f9cbbf3
SHA1 932de27abf59c889c02ed747f0ac04f5e494492a
SHA256 ff00313af4a90f426492d72969f5efc6c56a17f2dd91f20cb5c0a38d9f1f2b6b
SHA512 8dd2755a2b2fb90c6880cbbde65d127f55d12df2bab4560ddf86d6793b2cd4733929d97efef5fd8eeb417731a571888c893188df0361ee57eb4437fab331cb13

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2006_d3dx10_00_x64.inf

MD5 eec826f7141bedeeef38c5a3528b5034
SHA1 529081aedecb7b9fbc7d9707eeb6415f98bc128e
SHA256 2a43ac72ab9a6f4771c02b6e10884921b733b86dbd7ebdfc5502d011cd5c8d05
SHA512 62cbe09326cd04c891faa124c65554fd631382a2e078c70ef72a1a07d57239b3ce599b57be3fccc755075174df1d63ac3597dfb3aef9b4ea34ba4597d804d2c4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\dec2006_d3dx9_32_x86.inf

MD5 c28f4fd1644e2a20b1c897438e197e1a
SHA1 5178534444ed7dec8c63f02defe7bdb864c47123
SHA256 ef09d783bf5cff2cfba99946e5e71fda577b196a49c88bed1c51b5fd29cecf94
SHA512 7cf93260efb1d794a17ba25b1fa02ba03b0ceeed8131d274b805155072a9a2b92a899471a8b23add8bf46c6a5a3cda63499043eaa754001bb43cafd882c8e708

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\feb2007_xact_x64.inf

MD5 42161a1071084cb4f32b0d7d748d9b62
SHA1 e7e29605c21b7a2c370dcf979a40c50b93ceb298
SHA256 184c1684c57de07983edaaa1ae2751b263497673ee8418af023a63fa03553f53
SHA512 2aa8e864dc28ee5d0583d044e3d8a9399d8d49b9fb1c522c1c640eb7b079515ffb0bac5280a220c23e15ea4c7ad45c7f1722e05e9f9baa069f4a2670e4976358

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\feb2007_xact_x86.inf

MD5 5f1df74b0110f56ae0b6556dd2dbc14c
SHA1 c8c7d383f5e37c06015e1304b599568999bd4e09
SHA256 64b6020f43bbab7f7c2368fcfe7224165fef555b2bef813aa13b2d9f6295d46c
SHA512 06572fbaa625c85b05f5f4eaf880083607b6d010a8d4bfdb28cfbb1021b08e533f3491080faecb24055acb897b337d83caf9306fadebc1f1353763e8908850a5

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_d3dx9_33_x86.inf

MD5 044cae9c30c88bda73727243f5e5206d
SHA1 de744e349cf4ea458b10657d510966d21ad08d67
SHA256 349a09a2791d697bffffc61410a536cdcf258f0d7c86dda44a297e8aec4bdf00
SHA512 18e501142004afbcd28b41bdd3a9b19e2eebc047d7858ee11a9135f19759cfd8c643ff074a51e937bbcab7162888fd95effc146be21fe63dfc300ef03ed44056

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_d3dx9_33_x64.inf

MD5 e40a6f3215c3f1397eb18b3388f95032
SHA1 4845590abf12bb5725d94d7aeb953a5686918537
SHA256 2d87efca75d8b9aeab3262841d52a7c56bad34ac6b9691f4df2d89b14c950f8d
SHA512 942f54a3984a29e1973ec096709de890fe870a9dfc84a8c5597244251cbd69f84543cc5cffe620a076d0a16dea6e393c6790553d6d9e2fea1af1c0f00a12140d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_xact_x86.inf

MD5 99f23af200574f24c4c5d9ee12fd2cb8
SHA1 f0e50816ed808748f9379733921c9302551cd937
SHA256 008db10780aa8fb6f20b7aa5f5d513ca77efb36c8dddfb9ad89173ecaf700af5
SHA512 5e97d157ed8ad10f9cbb9490a16141fa52b2f32e09edc7e7f5e4b2d9c9bf38bbb85706d76543ca4ffe9b54d5fbc4b763b7df0893f1e7e56ae4c8ac1a720dbaf2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_d3dx10_33_x64.inf

MD5 00ad98b94609033c2819745587b0eed5
SHA1 2a07dda60a97dc2b4a7cf3cfc6245e72cea0efb0
SHA256 3e61c4d723d282c36c5493d82644ea96715b7b548e50494d22b4a83d4e2b8237
SHA512 e7fea5f9186c324423c0b129dc3e8594df49dc84c61400f4635ccf688075b256d7923ca8f4483bf7b2fe43862e71aa134cf2c9545a23c622d0cc04dc7d6dac1b

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_d3dx10_33_x86.inf

MD5 fda5776cc944ebf6d84fb45c8a1a35f5
SHA1 f3b603dcdcfd6a310c2b0945f1a3b97276041ecf
SHA256 3286ba521fda888b1808f12955a58d7da4df7d2fdb472c7837a1e0e1a6317a06
SHA512 b051b04ce06ad21d08ace3a28d490214556f4b5be060ee05f8a4ff872d1cc72df05624021a9a0cc1efa4e63772f55cc61f11edf03537831a44ddd6ab409e83b1

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_xinput_x64.inf

MD5 94563a3b9affb41d2bfd41a94b81e08d
SHA1 17cad981ef428e132aa1d571e0c77091e750e0dd
SHA256 0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8
SHA512 53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_xinput_x86.inf

MD5 e188f534500688cec2e894d3533997b4
SHA1 f073f8515b94cb23b703ab5cdb3a5cfcc10b3333
SHA256 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5
SHA512 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\apr2007_xact_x64.inf

MD5 dcfa000ba60f73c2c02ab590faa1ae10
SHA1 154b9ff40cd92bfaa572b289662d0305fa2fa017
SHA256 bf6ca1165632efccb0292ae8b739ce68d78ebb95dd39b8e4c1717d78a026db10
SHA512 34f6cf1f3fbbdd79d04dd55315b0074abc21b9c26df6e2fc9d66c6d15f36ad35edea741000a84a25ea9a68a94d46f500398a27c8865a30746574741dffaadabf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2007_d3dx9_34_x64.inf

MD5 d203c1993f21a870871ebb0c99de313d
SHA1 e69a5bc70fe66f89fddd81330dc148a1e788a56c
SHA256 77f3fa1756181a90d2ee63c26cddfdaba0d720c9a49121db28746cd02b3e071d
SHA512 e03c341f2d8df6e8174447d32bccb56b096073a35a3d8193860bd4628d812d1fa381bd35a55e17b4f27c5c5fffddb25223d932e995736fc608030501954d45ba

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2007_xact_x64.inf

MD5 c8ca749e73883789faf6561a375d9b51
SHA1 fabee2ac65f1d4267da8df07cd3e4cf4eb19148f
SHA256 405d8cbe3c87b16afac2a9254497412a42de4ae2d8fb470a1234dc3260e0b90f
SHA512 56a0fd5b8f065b82f5f9b73dbcbf912045847180a6614dc48ed7b27fea3909839615aab0c8d0a122d9fca952e9591da5152b4c618e84a2d7aa409dea4fa4237f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2007_xact_x86.inf

MD5 757a5f0cceaf39b5c7c9bd61650fd12e
SHA1 a7b3dda77f0f2334466d324eefeb3e5f6809d880
SHA256 33b980fb973394d9d8cb4645914d4cf6793bf92bd311e0431ce9cacc59fdcbc5
SHA512 f4f969b017c9233bc4a2267118fe921689b3237d28fc2b251ea3b6227e0b17dee84dfb8df6491928791891dfcd265688069b92d8a88cb9dfdbfff07b24a4dfcf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2007_d3dx10_34_x64.inf

MD5 bf312732fe77f600a36f2a7b98a346dd
SHA1 5e9c70959111dbe60ad86258cb5bb20d0e9caa0b
SHA256 0f75b7ef71e183476ec938705024eb8a10a77d7602a336be876c7f5d17429725
SHA512 10f3d128da5180ecccda522164269e4940b69a7f55af9501de648e572ab5275f02c113be5342969c73e118fb7ec49209883c4a8d6c4648fb898289f77ce7a3d0

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2007_d3dx10_34_x86.inf

MD5 55e30750af2bf57321ad1097a512d725
SHA1 0af3c73afaae0e8a1fdabe25beeb96b32eafb9ad
SHA256 808983dfd3db7c3452589ea4e14ab4af8ef47dbad3b639f9a3c55685c9b73867
SHA512 0ad8b51a550243d3f24ec5934f2b5e53f1d8e0b87997a7cda38840b3160121f1e221e6cb09d3f5b384df74be2ed10d4dd92fb02aff98bd0ededab751ddaa7149

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2007_d3dx9_35_x64.inf

MD5 0b3f4e715a43024fd00f769e62cd8b9d
SHA1 ef6de20d95a920e3b69307737976bb243783160a
SHA256 e34ad9e49f31cb9211e0f350405c344d93fc65075e470c8fe09dd78af68f2c80
SHA512 336df101ab341c5f22d516089fd31fd9f0541a01d3ac4ab4e171b73452ba3bab3cad84af50f1e9da17c46bcfbe7a1b52284e2ef2af49c67c6d6cce2969e14ec9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2007_d3dx9_35_x86.inf

MD5 815d75e4264b1f9c0bbcc529ee7a290a
SHA1 cc956156066c87ce1bd2b7628453f1824a426412
SHA256 c0d87c1b079b54b75b86939199ca5ee1f796ae3de9c4ed0ae074a4fa01823c73
SHA512 bdaaca529cd52df20cf1e35b45e1824fe48d09442666b18faa3e948937026b09d880a27f1d915816bc6e1d98b0b486d590f867aeaa046317b7f48d6a0f949391

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\jun2007_d3dx9_34_x86.inf

MD5 b1d65a13b527d75ecdc30cabf407d103
SHA1 db6df8ce6c28cb4a0275aa134c2d42a0ed957fa2
SHA256 a568b7b8a0360ad94b1ed6388eca6ca9d8770937360a426a0fdadef9a4019bba
SHA512 7d80f772b36c408c258f7db1180bc09996620634e6304761f5c10659d0885bb8d0b19bcad50a13a5d99ee92dc8e15587534d966bd32c5a8910308eab623a7f86

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2007_d3dx10_35_x86.inf

MD5 741a5ce76295b86694cd7540870eeec2
SHA1 2c165af0047c98d2864379ea5fec33bb1507bbf9
SHA256 7987e2c475705bf8f049a15af946ec0cb5ccddf27c0b5c8126694421df601770
SHA512 b7d0a0bdcd060ee263860024abe5b054aeb2c8c8c7ccdff9cfa9886188d7177b1bb8799909b3c95aba181292b5bb9f9426ecab0a6a2689970afca5a1739fc4d3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2007_d3dx10_35_x64.inf

MD5 703b4ea6a182ee3b48026d01319579c0
SHA1 3184959599dcee4e74b251ff14dd2aac81e2ad68
SHA256 af4bdfeb4283f04e24475279931e042f17052224cf708f0c444fba2f2e221289
SHA512 a6e67befdb1d757bc08f6a726e6d79c4f51324edbd1f48730616e27079bfa60262b88b4c49cca046e3da3832e375dfc29b2ff48b7007443606da94793ef7ed84

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2007_xact_x64.inf

MD5 a78f12b4514614db269bf55faf383875
SHA1 0425c3e3ccb15f691d6f5d30b71856138063002b
SHA256 2fcc4bdc6516418d3b4935c301e14f30e3bbd0adfd264bc34067b27b0b266b8e
SHA512 9d1cc2704541b71b246c2cc8e6e1d667cd7e691e42865aa5b0a800cf26386cf00781ae7727b7f90711e987148e98f4253e05b6d3872d3f69b0584bcf97b3fbea

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_d3dx9_36_x64.inf

MD5 345ecd585eec22fb33a62e59c2758b6d
SHA1 2d6ed63996903c32b3e7ae24d86c924b11d53e7c
SHA256 d1b544b3912e73e5984cd759096120febe6f17e41a3cf920ef82431b9b569c1d
SHA512 6d88cd48bc32a008989ec4bb71afba0afeeaa12f17833fb4072c38b237bd006f192f4e4e7a65d8aebe5d6dac1d13098eea370b03ced343a5541e0ef23e813364

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_d3dx10_36_x86.inf

MD5 582814cd47564fe8e3424cb2eb090501
SHA1 87a2114434564bb0a5cb4ea337577dd405f5e42d
SHA256 96f48bb810055699d37e9e27a65947483a0b4df304870e3b5448d3051b3e4926
SHA512 203d522271aacc0200bdd684934a8478b54a258f55ecca49a178ccabf418a328cd02ebd2a9656bd9dcd40c33de21d33664c5b16c1e7877de424d37b4f9b3e7a8

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_d3dx10_36_x64.inf

MD5 60e353607750ae5e63cb8e56f443321a
SHA1 8f1b07f8cfbd66e9a7e3c15118bddd99b04d6871
SHA256 7a49ae818e199cf9f9bd831f94cb6d03a1e72a141d76546261979b30642757b7
SHA512 038aecc1264f608c6028ec2288f0d8de6c9202bb3d1e96fd247e889afa06f1ce592bc9e224f37e83f29c0984cca6c4e85ab11eb28570aafa20b076f2b2e5b6e8

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_x3daudio_x86.inf

MD5 4287ed3f6647fcd80ec6b0f7f2606964
SHA1 27b2e4212295478645a017a4df820af6bdb4dd0b
SHA256 f882bdbc8230d24b24e20f9d0db447586e9493801900a8ba381eb493bd41f5d5
SHA512 c816d7127fb7fadb971b757ba76d4b918fe18bb16e5d2249b4bd80b0b6c47208e7ba5e11b521d9cd0a23d464c392f98a3c617b91c0ae799f3aa10401b4e2bcd7

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_xact_x64.inf

MD5 bebd51d24aa338f6192e291d03684b6d
SHA1 cf2c0efb60f44748b0ef3f95276b0512719f130d
SHA256 841d579573afd51499c7cd8ee986a41db63cedb722e8fac351d3632ff470c161
SHA512 28fdc41091d761faad79c1af33da0372086689113df2f1cb40513d50727e5aefd652a977ad5c92bd62f1c5ef9cfc24c23bc6758ddd6a4d1ac5db0b5e401432ca

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_xact_x86.inf

MD5 7e2a5eadf9f1eaf90d5eac15b7a9f558
SHA1 907cf74056bf7ad91e47c98aaad9a092ab42fd02
SHA256 24714f229e479338ed89bdd6143140505fd63f517b7e71170ea6c072a1748b06
SHA512 63c2f438e6feaec2b9fce15617940c97862a54527d549fb6ea149e4d18199c1752e255c6cb167ff20b9cc1f74b87ffc97110b65652bc5c3883cd14894d21f8fc

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_d3dx9_36_x86.inf

MD5 08ffe480ee5e54fc19a2feea46adced6
SHA1 c939391c489bb321f70707183b0d3f4b5f13911b
SHA256 843764f70f56d430c0695e263c895a135a631f793213d1005fafcf9c210d1ac9
SHA512 c05aa34b860b5620c982731af15889da5571395fb35faa24d43ccbb1b42dcc756769a0b9153c28112d7347f28d4ba933d8b15fb36a3e511ac99eb148f848ed99

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\aug2007_xact_x86.inf

MD5 8898bbb8acc1b54b3b9b6a2f6b0e2cfb
SHA1 e5ace499d26e573544be76c8e45cc5278d15022e
SHA256 c246c38e41ed71bde4b3cce4fe337826173896a04c26f8b2a00b06bb0cec024d
SHA512 b0633c44541cdaa2d2c3174027d849ecdf5ccf2149da4a2932f59db600cafd8b959aa0382973e23fec7a76ed7555e96065a4d8aa077f50c2a14e5080673aef30

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_d3dx9_37_x86.inf

MD5 020d1260794d5780937f0f7a919cd62d
SHA1 511ecd1186deaf129a5532b79fc776a9ab8fa9be
SHA256 d55858e166a2fe00d4acc30da756f0ab2c4dd5a79a9874eab3100722c74a1b75
SHA512 201e24e51dd859c35fa9d0a403993cb0b2eba67effbc598ca4491f05bff4f0805731b1e7cf6026b7dff9fbc3167c16b43887f080fa40ac11c6ffe09297401f9f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\nov2007_x3daudio_x64.inf

MD5 55402001ac41f0bcd1f457a36d298848
SHA1 a18fbdc9631610f2550f05cc3aed5a665afee7a4
SHA256 1cc72ca78433fbb72ee6b654c908748ea846c87c80424816745f285ed3bc910b
SHA512 96cb7ff1d43a7c1642d8ce9cb3c23ba460f6c083a7927fe0ad7a3ebb85649c384ef0542ee3e7dff6b99413b95a2a333327cd28349665901f466782fe96ee491a

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_d3dx10_37_x86.inf

MD5 1242da12c637d5976af936f60f387c26
SHA1 a6890fa9d41f6785d54a7d3e1b229b64010089ab
SHA256 bae3bc2b7071d2d1c657a87a8c8af6c0fb5373f11c9aa5f61b406924717d0792
SHA512 7fcaf6ac1a8166e8c68d650dfea40bf329565d4ef92316ed0188a252736c9e288cc8f7d017b0de4af05245d1bf94a85b2dc72a93c618a1f2caeda45fd84a6a09

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_d3dx10_37_x64.inf

MD5 b21f653f707315be4c85ff4630af305b
SHA1 32b0d69a786a2cd37d2fdf541931d90ae8656944
SHA256 f37681f4d49f71d48b1960c3efac74f28af9fa764b29ed3a40b5f424fc8f60c9
SHA512 e68348c9413f77749218fa34e55e416c7bac95f234522bb6eccbed1185a3f3af2a393511d3b83dbfc64580e1725f9f53e7e586570d696a3fee76761e8b0902f4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_d3dx9_37_x64.inf

MD5 ec75fe979fd2c2372ea75c72a905c832
SHA1 954642c9087489285c8f0786b63aee108ec08d04
SHA256 a4fda3373241c2748a969ddeeb6ef41b3cc1bca6608362ba87db75f69023fe9c
SHA512 dcaa772d21d1be7fe59f1ad32d10e7cb454ed2a4d98b3add201f8bef03718c29f9915fb4cb779111a954a9d93d898393ac2ba593c2d4d378b88bd492b7b5381b

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_X3DAudio_x64.inf

MD5 2f7b3369825c6b74f4b645ebf52c8e98
SHA1 105972c77223b943df6533d517c698241ddee9b1
SHA256 b7dba312a71ed109c9c54cc5cc096096eb8cf0962396e8dc996f8fa28307547c
SHA512 88a47bc3520f9fbc082f1ddca7e083cff9bdbe5c4a0a851925ea14d8e0f327f2a9982e5b4ac457e4950acdcf6788299c4e13a15ff38bb76c8d212f1466cfcec2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_XAudio_x86.inf

MD5 35c6f6f109257f242cfb2ad2062d50c4
SHA1 222406bf52449ff0d5a7ca8ace6cbd3dd5f41708
SHA256 472bcfb54b5d63377da128596dfb30c8f200f79edaaf6d29de1afcdb71a3413d
SHA512 71180d47d8c177d84e68bcd6b9f948dc8c946f7a6c4091e20e04f1c8098b9ba92bde976194b06595834ba4b159a702c091d04ec823ac377b7ba7713f057f99ee

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_XAudio_x64.inf

MD5 8eab978252843c5c47a913e4eee460b5
SHA1 b5ac7e6a36157c41d56e1113d7768e67530640c0
SHA256 10a2db49dd3bea59133bbd82b3fc0f8a959b65b0c250c11a9a6f3123b961e6e9
SHA512 d1b7be4eaba7126f3f64d625cb9c9d16dd40dd1dec96b4d647f9a5e24d6b945faebb65f25348d9ffbe092b03b1a54414cea9a2e4d1eb1deb102ab5abdb34d810

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_d3dx9_38_x86.inf

MD5 c7fc0a82355bafed08a5597930b80263
SHA1 037419fc93581e053b4cd31c57222c8b8761e242
SHA256 06faf7f7ea5503dcece13d6537e57cd2581d5188a5d839fe7f118298a721b51a
SHA512 51829843dd7e2e501d6054f500fa523bf63f19382890880cac0e3f207a00dbc544195489de67c7dcf876d9061f2af12bd346513e1c98047b0c185669be5d8cc9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_XACT_x64.inf

MD5 d5debb90aee2d6a73bb448aaa99f985d
SHA1 950ff1a768bdabf14ca2cc6809431c3be8b19d9a
SHA256 1038a41e63ee8abbc8be85a86fafb2ac1d03defa6b88deb270f96a6ed1a97122
SHA512 dca65e91d4eb619fb34615a3c8683e04af84e843346b88bf4d52cae0c27e52b5a7a417c531eaf50cf45932e3fd6f5fff1bcfeeea4fe65efffbe791c8ac1a8101

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_XACT_x86.inf

MD5 e3ad8befca2528572d6c51a15e072c94
SHA1 9718337261b8b93b546a5c20bee8b44d26707053
SHA256 6b0cc0dc993e172855864fa078c4e5c8f2f46bfc3200bf2ccdf3292931ee3cb2
SHA512 de4915424d8a53ede76394fac14c4de46838f21afc8bf30f560d2d00df4f366dc9ab48bb343be3580087a7d5862a14c08f83b5d9cc8e78aa4cce4e6b71b70c59

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_d3dx9_38_x64.inf

MD5 df5538bc9e0494845a8e2d607e06e561
SHA1 a056a64230f03835dcf9bbc5d84edc2eb0c09484
SHA256 ddad68974990a21a8d4a91c47ef1034ddf0475551586f04e86b8cd2f0c990d6f
SHA512 4f19379034eb47e01de81a611facc2c8300c7b10306ebbabd232a249debb4acdcd3de42b71d851011be5b3abcae1ca232ae6891be79adfd754369dc0f16b249f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_X3DAudio_x86.inf

MD5 7949a4d37b517c39295f0d656cbde501
SHA1 27313949fe172d687e9faaaf91044ef56b7c973e
SHA256 0064b7db5bfe52b6f40f61d962901c7baa116abbc72328f50586b6fa65f894bd
SHA512 93d947c95b7ae357bd47a5a050437cb05192eb6c84e9222a46d70ecc7c54bc2a5cb1d3f65cb2a4db5fe18106ed9be5a7aefef08f9634b28cd5cf128bd00352fe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_X3DAudio_x64.inf

MD5 0225e16dbd17754f202f34cc1fdaa60e
SHA1 d8d7e02849d9594b346023e9e69a5b2a4fffc45a
SHA256 f4526ad18f081b84a139e6d98923569fc8ffc7644e20499e2f68abfb3e87753e
SHA512 2b308f4c4592a80d4215781ba7ace57f93a7449b2ce36a7c78203e1f16f1b7321dff6c32272180c9cbaee5d31afbdcd11f3d474004fe13c63752d3c0201d2033

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_XAudio_x86.inf

MD5 e82ee7f4d71ae8bf90378bb6dc107d57
SHA1 6fc8e3437dc9d87213064e69bf0769d20fa7a739
SHA256 e5e435c4536f987e1087218b025e6dc66c24c3e300e839391891f1b3bfd360dd
SHA512 baea9f4d6c744f26b55426c9666f135c07f3e8af15fee04cdf34c0af83567815dadd5a4ac8a6547a49d58e0c837a28fb18c4fe1f50fbed8da9991bd2aed8ab7e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_XACT_x64.inf

MD5 9b2753cd7967a014a6391b44900ce258
SHA1 d6d227999ad32de75e05ae7d7fc43640e8893ec4
SHA256 90577c4c3d5d0de80c805caf0cc713582698ef7224fecf4ff911ba6309c5c920
SHA512 31136e55f01d382cb20f7109d0369a3ab7c8997dde1b65e9214e410ab686add4ef6950241c0aa9fc93ea0cfe3134d98ae1f3f48b44e92a620715bf159d6f5914

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_d3dx9_39_x86.inf

MD5 b28ef6e3eebceb622d1431fedd9f545a
SHA1 c6ae73cbbdff4632911dc1759a9ccdd73056ac8b
SHA256 8a23d386626328f9519076f33d5c3b71c639f2347741442c3374974e6f61bd53
SHA512 4f2bfced9eedabd6ca807a1b88cc063d15a31ab0bd8e2b60c65d6daddac9a111c434a0fa7d7641813d9880612464351ea30368bf6f0ed9ffc69bfb4d51882d12

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_XAudio_x64.inf

MD5 c564c4dd81be3fe65783bca776be371e
SHA1 b60e1e1e34b8c56fac53dd7af79e1e05e04866bb
SHA256 9ce21064f2feed9bc9426a6e92e9c850aae31abeb80c7906ff917fbf4cc03913
SHA512 5b790aa1a6215ce8687cf3503267e31d1d7b41b5e4675bc634be957fbe14c53556989278017f2c97336df13d16eeaf975e0602a4cf9c8356598c392977df4dcc

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_XACT_x86.inf

MD5 59c4f83a7fa2a8dee4970d37a96c2b55
SHA1 75b42f58c61d8c8ae185cd8560dbfedb7c4d6d9c
SHA256 79cb10222e466d54908d30ee433830e9673d5a538fabc5f4568521c2aff66eb1
SHA512 9a9b7ea3b354cbb29d88797533332abd4d1ad195b28ee6af05a0c6f83343b1e2ae0ce172e9941eb5f0d7ed3fb0382c1319fe4808ea2bf8988a1dc63b78c8c095

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_d3dx10_38_x64.inf

MD5 e2b760696e2300b1c9b6c2531b39d029
SHA1 1c576840cf04b73de362b28b943bd69b09b3883e
SHA256 0de0ada970774620c0905227666fc30910e64f3cfa4b99e4c5481685d12e3ded
SHA512 94e4bd9834c21acc7709fd28dc557455929f940be0a4a794105188dceed7e023f87a489a1de44a9f93f3780f6f9088ab3d4e829a0089bec74a25ba4297a0dd73

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Jun2008_d3dx10_38_x86.inf

MD5 d12a6b9889eeb330b4a4e86e9bd175ae
SHA1 62a4a7cb8fcc0edc240caea13b2b487cd012fb00
SHA256 f5f54664ec67f6333a9f0607d891bd0dc2acfee8cce09ac4ee0372b5d0aa12fd
SHA512 86274606e76b98b71dc4eec5180b3a52cb6627ac5ecc8b008512b7bad404e03b834b7129ce326a3c9c1cfa8b19bd5e97467a9390bc8a0e749771ca06d9f73491

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2008_X3DAudio_x86.inf

MD5 9ab8a749708995453ee8a995a877af2b
SHA1 eb8a0ad7f7b38aa190e2fb8a4a2d11cc9fa9b493
SHA256 0b6e28f00364a9ff436c3d99f0d4e80bf615f1450f420122324853cc0b88b16c
SHA512 9b0ed586fed0ffe25d4076b202afcc7ad580dbb05593e392a12d64b639098f8b7687463f213e53dfbb85616c5a3781adaef8f1ffd293c082a84291472266480b

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_d3dx9_39_x64.inf

MD5 9411bf36f2075b7e42468277e8020e40
SHA1 c38bb84e7381baf0d2720e5f1822781a639c04bc
SHA256 4cbb1c6804b9c76bba4e41f0d2a45f1daba7350af9da4ae6966651f7f4da041a
SHA512 c860da71a89c41e81c1c89b3e1f4e93e747d7dca1152a4ba063f53f899fc701fe24f14abecfe883571af518df4c2d766432ddbae2ccb2c52bd87d85f6ad015b3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_X3DAudio_x86.inf

MD5 e8adbd1e68258d5657a34ea722f3bd32
SHA1 ae4e88d17663889e841992436b524a35506ee534
SHA256 d0361ffe046b7a7a374a4938d419e4121365892e4f2138899f670619ab34ac6a
SHA512 62b132cbde7afebaf20a437b810ea42b7c782eff4fa1f83e2e586b2fd9303829ac90c54704e28f53010a8487e04bf92b791c85fff4c949a12cdff2132c2b09de

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_XACT_x86.inf

MD5 87c8d16c6db20854f9610bd5be6e5ae5
SHA1 c17d78456637cc2a67b35d48f9cb3c730526425a
SHA256 31680e7a90d24eda04c910e1f3e6c02774cfc5c36ae08e7ac043665264702f83
SHA512 061d80816e2e5a7a2df68cd91a95e5f17aae8610a18b254abb7d5929826b14da5755eb01912eb369d1fb5725f2a4c144ce92e0d08b61799903d83fc91f35413e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_XAudio_x86.inf

MD5 052b3294a9345385406ac2056e724804
SHA1 79372406f5cf40deefd8ada18ba238e80360ac70
SHA256 950b5aef596fc5048732f6cf263dfca5bcc25df7dc17df91efcbc3551751a3b3
SHA512 9b0cff2968acd2552609169a138d40fcc25ff2c35b70ba61cabf769f4e5b54774f32392508867b6ed9198b3da5a858b3a7079d7c4a4ddb31f63e4d4985efd2bd

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_d3dx9_40_x86.inf

MD5 d9f6cb1edf9f92a045f4b2b8ec17cdb9
SHA1 fb362c8de21847523211fa512cdbf73e5b49aa60
SHA256 955637638635025f01f82febab4a4977252a765439d90ce940fba752723b9db6
SHA512 e22fa0520dd3f905b5170e3ede4d9b9e40b0522c9b39308d150c01e5bc381949d70ce04818efa9eb2a08bcc3b26f2179db9a5aa1a5d14d757ee2dd2c5c3cfae5

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_d3dx9_40_x64.inf

MD5 4f4a9d3074a4ce8fa141a17b0c2e97c5
SHA1 e77b4e76ef70fb08befd69a03b9f5dcf02c81428
SHA256 d071b30f56763506da0c939b8d35b0540bef3ef0d51a5cfbc45816ca91f891a3
SHA512 7b961d3b9ed247e75047a5bac6d65ed741fb3c210fadfb23d4b77653af7001fd557fecbc2bfacac00188894374ec7ef3b0a5c1b1f6ddb0c9ad3ee3dcd1f32027

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_XAudio_x64.inf

MD5 318d70544da7620126540b0712200e7b
SHA1 707c4a04f02e10b08a16528b0da8b284cfa315c9
SHA256 ed20b160dd26a5ed3c220a1fd9b5fc880b3280ebf56c2f73e76b6d4da5ef82bd
SHA512 4acbf6b35043ffe9c740e3e48fd9320e10f5dbe317dd89dcb97b68495b60cc2cb2cd98e57fad030ed053636b710d344b96667b69bec4b7727ba2508f35f23aeb

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_XACT_x64.inf

MD5 d28248a55a7747733c0e4356c1a15d70
SHA1 befab66a5faf1889c6eb2208698874b00024b78c
SHA256 2d8a68e726728e4f4be05e35fca812b855046ce4bf697f0dea14094dbd7e1d79
SHA512 f7b89d96e287ddf8200462c4eb0415f2fec81b7a69e5fd4bd5bd33cfc805287d287dc403060b01639cdb67b14ebe65e42f75c3a1fabbcaf8692d315cd5bf45a7

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_X3DAudio_x64.inf

MD5 fe8f918218c40fcc007bf16e9cf0b76f
SHA1 2b66a5a714bc7a0ebdccb0029e179bb3f32009e5
SHA256 d04d052fa3065cdf00e96bcdd7dabf3583ef10b6d80fd67cb03c32f09f2e602d
SHA512 9845d8d2c0c0c618594e692abb382e4244d95f5a06c48d7ae694dd09ada670ff23bab07fbfd09310f60f6684267ed0709a1d146da6fbbecef4790b9373840b2b

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_XAudio_x64.inf

MD5 fe4812a5425f1b6d9562b9609db16ba8
SHA1 01a206feff15ead479848ddf056a560701960fc2
SHA256 311bd58ed7437a1cc79692ae360a02efbc8ec51194abcb80bad78b2208a94d58
SHA512 2a98b997af381504ec8e2c5b182c73717ab81a455ae77c57036aa904f87dc8fdfd16a7835cc1e631e9435257da8bc631946b32d8f3bb72d260d1114c4c3c4390

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_XAudio_x86.inf

MD5 e0947065f559b93eb93a7ceeaa8bfd44
SHA1 39bb647363b00924c7c0b3792f8017d7c7d9e3b4
SHA256 f211a7d99b3ffa0180bd91f68b2c285564227e075d499e950e76fde04e7707e3
SHA512 620810dcd56857b2d3d5f1271c5d4979cc90977acebfea81edb472d02da8e6104e89984816a91ab57a2469253a391bcc378093f1adaeea7c0d35f7f1b794969d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_XACT_x64.inf

MD5 f616331f6e6916d1d27fbcf357cf1478
SHA1 e5530aa845bca9b1c89abbbc189f65584008cedb
SHA256 cf09d632a4b2cc670d435f356f309dc58359735834baed10343fdfbf37eddaa1
SHA512 c39fd664f43c4cfad8e65d5d6b3ca845abc0b341cb663acc7e274a00c3218394d3d04cca850312074a294bcee4e5a0796a3c90d6263de63f8f83078d9c44c8ec

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_XACT_x86.inf

MD5 d2aedfbc8bd56092d658bd60b464dfa5
SHA1 54f8e1cd59f43cbe02767face39fa42f50ddd229
SHA256 f1daaa8d96108a4a338f62a4a1339143ddc566e194ca00dde5427136bfccb0af
SHA512 41d74bf9899e8d904bb0bfeed5e053ac3c453e0d591526aaf5305ba33128abfe29cea09bdc23e2131f91626a66f0ff58f6cc02fda9692e58fb2c476795e2b6d4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_d3dx10_39_x64.inf

MD5 b01ca47b1cffd13ec5d8a6a592ae8449
SHA1 e1b615488ba42c44922522dd47b2e99f1b5394e7
SHA256 a5eab981c313538afcd7abc7742854d251c736835ffc1f549a4768fdf49c3e71
SHA512 2609474f1ce19473ff8f5f4550f9eca077bcf063bff8ea7fe890493e1119e80e6b233141a8e9dbe7d9f1e167c4941fead6cafe506f98053e623728b7edcf4ea2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Aug2008_d3dx10_39_x86.inf

MD5 baa493c7a361f1ac0c5efc94f1568f97
SHA1 16dd101673b96b54bc5a38c20ec3ed785c6bf7bb
SHA256 e83f8d48323887af89648c5bd7af713b42d20ccb757be34675f1fa527e6cc33f
SHA512 2e8db3d1ce2830caa9a0f698bc31e2b907e39a233fb056fae44062b3ff732b3b62f12fcb2eb948c1728df9b64c4d8ee873c0f95e56c2ad1727140236ecc71095

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_d3dx10_40_x64.inf

MD5 f0769f57bd08036d669104f9bc942228
SHA1 18fd51cbdb46f1ffd47103dc026f1cabf4e4868c
SHA256 7f902d9ce6f6d71be1d16997ffc9661be2540522c73cc185516415a52dced2a5
SHA512 427acfacf52759a1ebd749022c375767fc283a625b6773e06f8965926e0b96a969a27a440bd661015b56eeffa6decce7322e43974172966520c9ea5f6164914e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Nov2008_d3dx10_40_x86.inf

MD5 7a3a4c3b7c9c979261ab1fe477809731
SHA1 545004e59315dea0bcee6bde61bde3c45f79d107
SHA256 a4eed39cf36adccac4317e5822b30aa37ac5b001bcf4a24f7b5ccac6b8b71e9d
SHA512 556cf8ff26de695e39aa42fbbfe0bb986fca9ecdc08209c28404aa1b285cba8bc4ba62659fd0d929d138c781446fdcf2a30c0e1aa1487f6f1d75c9f15145c7bd

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_XACT_x64.inf

MD5 eb9c537b01096960889de48d1a13725a
SHA1 205f797be95c576f2b15760a25440f532011332c
SHA256 9369fb0a9d3353627c097fc19780e5e7126af47766ef6a4a95ff3ddcca56691e
SHA512 c82ecd2c952b1df01e6c7f7858341c62b36330945dfd0c6bdc404d14bee5682ca06a19448961e03a2093ea00040fd38ce60c126b9f155607b7435b28f74055f6

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_XAudio_x86.inf

MD5 ce1394e17492dac92e0257482272617c
SHA1 f1babf395b608a9966cb5d89d85d131ce8263576
SHA256 1b66e4d80f9843fc73b0a6097fb8ed5f3d2cfd5cfb5c328904d2c370bd87bb3e
SHA512 c5b800c6d519d147e37b459b3c667d2e05b6e344ac38be69aee40dc1e20b232c9a123f0f6ec8fb5909ba8d76fbb24a626ffb2f76b08bb3d3984d6ad6541d6a9c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_XAudio_x64.inf

MD5 8d2a8bbe89cd936282ff828c10ae57ad
SHA1 acdedc9919abeead28ef07da56ea33f88c45c3a7
SHA256 4a554d09934581a87a4cc98749b525b6794947b64b8414d380edfd502713f9b6
SHA512 69ee567df6d9edf90a6a2a882b745597fe0720af3eaa0f23ae7241e7519aee5af435566bb1e0cd8b2f6bf6956b21f73d7af9d8e9511afe48a54f68f440aea2c1

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_XACT_x86.inf

MD5 25b4458970583bd63b3e21ca5eda19b4
SHA1 a41a7c318342365d64f94da5c2b9d0490895d684
SHA256 764c3caeb1725a11701ca7119fdc49b3219553b79f9a5c1a02b20991391e5a21
SHA512 4239e25d6701e28a58424361d2bbcd27abcd91308ee2b5abde611304b0c2caf3cd807c8aaf3665569a565664b12c53e17aca73703ece809b9f26487d9f9a3778

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_d3dx9_41_x86.inf

MD5 b37a5ff044eb65521a290c79ba1a3e00
SHA1 ed505464894bd3e52654834487f3821ae117edfe
SHA256 bd29711cc2ecd924990167ffa95f48842e24aeed3acef1023717040240b4bbb6
SHA512 eae4408cfa7f9c39b101489688cc570a184b8a57f3d20d3b0452a581fb80c4f485dc2f512a39669a92a5bde81fbf474e1585f566ff482e87610780c23126c21e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_X3DAudio_x64.inf

MD5 5e65d9cfe5f15381afe2016508800dca
SHA1 93a44fa2bd9559929c4ed459a336e1cc27738f90
SHA256 4da1a6bbcb7e84073dcd1898f854702ec32f5324478b2fa39c4a9868abeecd3b
SHA512 9ab50d72212f79f949679b7e7c19f698f2b1c6f1d695555d925b7cdcff800a14fc98535476150a15c563eab74d8a98316f44027b0e3ad2834735a6f94aa07646

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_X3DAudio_x86.inf

MD5 c1501e224e63e7c7fbdbfb7734a8e4f0
SHA1 c6aff4de1b44499d304649b782346b0a6decdbd8
SHA256 aabd029d75f25244bae4ca17dbf9c4feebec0d5f121fcd388c175c3360be1bac
SHA512 e29f985810029a43a987ba45c905aae84d0615330e6fcedf81806a403f59c8861fdbb31935b0c610378d8131d38ac6798c778f5c6fada9f51838cd8a8cfcaa99

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_d3dx10_41_x86.inf

MD5 6f64b88a71edf6070f48277cc7e22125
SHA1 1c77aace8a83ecb9a388bdee2aaf38e78af08ac5
SHA256 0170a4b551b58d92a753e86793bf3af762fe3f8d781512f710a4d661aec8d626
SHA512 4349bed85d5c42f921005ad6915571b680cbf178dc1c9fc8f218dbda7cc34b76647edfa324d3c529dfba18da800bc010623a6ee8b34a5ede0a447d1e7dc93827

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_d3dx9_41_x64.inf

MD5 d4a1295d35748a262f28c2d3ed7a116f
SHA1 f6794d7a852b3f56e93fcded600077220ebfef74
SHA256 12fe918aeb224a9bd4d2a8142f97c95d58a9a69e591e7e4f95014c155bb03519
SHA512 79a2c575482ebeb4157971c07df42c76b42fca1b00e213f3f311935977bc27c86ecee6b387d93e9dadee06bdbcd6d4edbd72ca0a66925eaee547f1bd195e7f02

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dx9_42_x64.inf

MD5 ecbefd1db4cb52d5089b1d4b20a08656
SHA1 85134f773bccff3e874d27d7e79dcd1e9485c903
SHA256 4887cbec8545b02152eb16f6296987a43a256b69b408330eaee362184f298d98
SHA512 a50afd834f0d892af5eb33b9c6ffbb330ddebcebd123fc7f706f05efac9491b49dfdcfe6196f3b6a3c9f7ffedf4fa723e0499f03417552404c0fb4f4fa3c046c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dx9_42_x86.inf

MD5 dff48361a5cb0dea034dc6f16de99477
SHA1 afa417acf7e9da37923255a623ef34c7f6446c80
SHA256 5989dc367a8f84815bcfa1c46ff756527c6250c62973220d1af354b70027eaf2
SHA512 750b69eee07e7d6e7fbdba722e2e1ce377729dca5fe52b4d57d23dd2b80b28b3af8403aa43c469a5042ad35eb09ba4dbefc40a014a137e1b5d87e0f2de203856

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\Mar2009_d3dx10_41_x64.inf

MD5 d9bc0224ff859db21a9f684ff138cbae
SHA1 dd4f2ecdc2a7801588166d92d6e6aaf769bb3627
SHA256 53dc284b87f5787804823977d2fbb528e393829367db5d2ac5dd79c581a27616
SHA512 29d5c1e3b54e79e322a966d954935a31aa7108aa31f04e711e36efbdabdbbd3282ff56df9d640fe48f8707d55a7af435c83b7f281177d4d5bf01364786596ff2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dx10_42_x86.inf

MD5 b3a2e761e5da007cc6036c5703e12eed
SHA1 447e852f9bdc357b00864d4dccc7486f1313918b
SHA256 a80a00464775da82c02f628c5bc13cab0d0643ec2a44b28d2acf7c77d467becf
SHA512 28a106886578fb38f144602d2b29c72a906bb24a50b16ea7d3f71f8bd7f194fc0d7c8451dd1c3e9ecc59be3a866c07a23dd394a17d39eb7b55cde7b347bed3a1

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dx11_42_x64.inf

MD5 520790b3b1eb8bb9ff00e4730d17e256
SHA1 51872475e3c31bb749f0bffaa42ab4ae362b2dea
SHA256 f9c13939779d4526107cf7d3554c122efb564cff02228d02b0b6ff211904f5dd
SHA512 da76b41ba262ac7adcb2b48b8e3845b7c57b1c45a664a1f0bc90d420cfeae1ee454c2089ca37ca5df264759f016c781ab1bf17c026d9733df7271e8ee3320dec

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dx11_42_x86.inf

MD5 9deabc0af1186bc22a6feacaddc5839a
SHA1 2a1fbc0737777513390210fe7fa48fa8805b15b0
SHA256 edf6764083b47c04fda52b149f565587c6a07d4455357fe3c27c9e56cc57a94d
SHA512 8a3dc2b4d25a2a4ed94cb70e88b051d9df9985f3c6a8af0725bb521e029015755b415c23a44ae8318aea4a04ec9b9c1ffc895df41d28c384d78a465dbb29ed3f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dx10_42_x64.inf

MD5 8d272f58bf5ce42962d7d9835e9b489e
SHA1 7e0969289f839b5dfe606f6ce6ed106460f97682
SHA256 2bfdd3d3bf485439013045b3a08942f457385bb89ab76d9479fbdd85f09e9d96
SHA512 0554257a41df07860233f26330020a45e2dab2613a6028f79914aec7552d5c54525b137e450202db1283b602c3d95908acbf9f1eed20dd79c21fda5963fc2b5e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dcsx_42_x86.inf

MD5 a156f288883f2c1e867896c114509aaa
SHA1 02d7a136da0bc6c8cec933a880c62b90ea8d329c
SHA256 ff9da1b0328fd918cf9558ee57387a4865afe98db1410cc16b1e921c5a744c48
SHA512 632fd6b2940a851bc82c2d57a962dfced3b2cc61010e037ef9065b4a8da5a0f112bc2c66984cf76334556bcde35d49dece1841ffca9c149526a56d3824178b02

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_d3dcsx_42_x64.inf

MD5 32b0f585bed3e042371e125ebc7e0f80
SHA1 dc0f6d3a501cceb50a92848f045725f93182f150
SHA256 f7a5a84bb654837193e0f40b579777f5c6cc2c7341cf90503d6a6709d319797f
SHA512 ff7ebc445ead8c5109585ecdc58c7bb20f9cf9debebe587ace38c64f70277ee6a9c9359af0ff55a1d4bdd2d01b958efdce743f30cf5b20bc8656fe4124ec5670

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_XAudio_x64.inf

MD5 af52205973fa73d4227dd5e105f6a37a
SHA1 2e16e2914fcb65e55a117b24b992d6e8cbec8c55
SHA256 4348663aa7cfe22916fb13d93307e7384376fad9d6fa34c6196f80df42c61a33
SHA512 92b8ce27f01fec9c17c2677eb4e9e3f1dd592a94a3ea12e9580c8e206a8895c99b0498b2fac30323814c8da16a48555bf5a76eb72afcf5b99ee2e05c67cb4ef0

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_D3DCompiler_42_x64.inf

MD5 bf489f4a6f1c8772091caf9d3f96628e
SHA1 c0da8b93f1e17acd81e5664ff7f014cf470d12f8
SHA256 8977772e5392b8e79364b3b8d97300e97ad891f38d5a2dd306549401e46b05ff
SHA512 2e21de522c0be4b797262528399d7ec8604fbf466e8de49cc12b9c2e2daa3a8f0977e952bd36135ed4887516d31ff8c782273325d2afad48f8b3202f35b4ffbd

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_D3DCompiler_42_x86.inf

MD5 e7f9ca8ca804cc404f855be173f6ac61
SHA1 5cbe6a3e7cd65a66bb6ed17930ccfacb8c756fcd
SHA256 bb8834d2366f6899c507bae176a13dadbd44488451a263eac830be95f4bad43f
SHA512 cca663b914f6f6d1b86db83e4f2976b103af041ca171257b9815a689788018434228182bac943fcdc7770d43180d53f887ec987e9639edc26ecabc7d20dbc4e1

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_XAudio_x86.inf

MD5 6d9bf03bfc9465df08d17b18c431926b
SHA1 184ff4a21ae4756179fd179d1c3d007842a7ec2c
SHA256 842cc52100b5774bcda19e40837bd552b308e74829d5b35a505822c7436892e1
SHA512 35efd74761fce6b8c7371cbfc5c8c50a0142a3fa3492dda3e566b031bb1dfd58633960230985d899348073de38295e25f76d716b153640a9e0e8ce6d59954f5d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\FEB2010_X3DAudio_x86.inf

MD5 e84adf38d499ae39090ad60fd76d76e3
SHA1 6af4d58bc04aac2723e8b97649f1b35fb1aca84c
SHA256 d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a
SHA512 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\FEB2010_XACT_x64.inf

MD5 45f4f5d8439b3a33df8f1d9f39a162c6
SHA1 e09440edc243b072aa589ed139ab9fdeff3193d2
SHA256 c7efd1ec4e4d31644a5054d32cc1e6795464472c05439573ae93e1727a5eea4a
SHA512 f8b7ab66b7fd182efddc2a851c6468a311705267afd5fb81554713b338f24642c5e7b5d5000b85e417154c4285457f9fdcdcf9f42c155c801f7a295e6ae3ea34

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\FEB2010_XAudio_x86.inf

MD5 e6e942a2cfbb587bfcc4203b5bb34fd4
SHA1 2e0172ea1936911a98e11a6e98990703e24172c0
SHA256 74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca
SHA512 3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\FEB2010_XACT_x86.inf

MD5 82c10b720e33be099f69e4010d44ecd2
SHA1 e95a2eb23db3fd610d71089500aad523f93c9469
SHA256 e850fdb84bcac0f667927e53fee943efd3f43be6c6a0ae1e17f3fff83ddb2635
SHA512 853261c439b26cdc8991ac289b9f9925976452ed613481b0cf09e75444882805ffa15633eba441d8e1a04641f5f6378b68e2270a6a48d3911d7f9c2c0b1235bd

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dx9_43_x86.inf

MD5 a11deb327119b65bacce49735edc4605
SHA1 0be2d7fa6254b138aa53d9146cda8fedbba93764
SHA256 6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b
SHA512 b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\FEB2010_XAudio_x64.inf

MD5 1c4dc3c97e96135a784867d68d193bef
SHA1 5019f79ea9b624999fe58420daac619c5695994c
SHA256 da63330fd2a1538b714ee6cf2e09256446a04a55f866b3f70237d8a7165cb3e3
SHA512 d529d68ccdacd41a7bb688bf226a23f4d08639213d96e3e428c16176681c5f7d45ca8527291322b2a6d4dd14fea1cab3cf183006bca3b5a45fbf2e05c2ee1437

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\FEB2010_X3DAudio_x64.inf

MD5 49460e9297b0faab5a5d73e7aa2caa67
SHA1 a7e211f3d4ae808f67a798924c4d3314183df873
SHA256 68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf
SHA512 92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dx10_43_x64.inf

MD5 13c1907a2cd55e31b7d8fb03f48027ec
SHA1 ca37872b9372543f1dbe09b8aa4e0e211a8e2303
SHA256 a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377
SHA512 545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dx10_43_x86.inf

MD5 53a24faee760e18821ef0960c767ab04
SHA1 4548db4234dbacbfb726784b907d08d953496ff9
SHA256 4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862
SHA512 8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dx9_43_x64.inf

MD5 ce097963fc345e9baa1c3b42f4bfa449
SHA1 e7624afc3a7718b02533b44edfe4f90d1afda62a
SHA256 272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f
SHA512 f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_XACT_x64.inf

MD5 e8623d8be34f89b38932adebb2ab2df8
SHA1 f7d844b8c77bbf1bdbaf4c615be7591299185bb1
SHA256 5d57466af1801ff3a92b1540907f0e4b91d90189177d68c6b4c8833e5d57dec3
SHA512 a398b5057707743dc3077f04e3796fc231da56b54d58c826b13ec610bbdadb0513c56183156be2e45b47ae96971a9287097ffdcd709f496e96f8f7233375f1a0

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\AUG2009_XACT_x86.inf

MD5 5b6e899df58c5dd0201934027490278c
SHA1 8379d615b05654bdbdb6512b98abdb93a9179796
SHA256 1eb88b5460824fd32eec9b90e7ef5cb529f51215046e539d39fa27a409709766
SHA512 2326b2b5f046ea663bc8723155098ab58341ace400fed48933575dc55b1cd14ee8f8d67194303783a1d1f412e395eddd8952127eb35d8ec745208a6889dc63cf

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dx11_43_x64.inf

MD5 590fe1ea1837b4bfb80dc8cb09e7815f
SHA1 792b5b0521c34c6b723a379dd6b3acf82f8afb1f
SHA256 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b
SHA512 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dcsx_43_x86.inf

MD5 cf70b3dd13a8c636db00bd4332996d1a
SHA1 48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7
SHA256 d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1
SHA512 ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dx11_43_x86.inf

MD5 fb5d27c88b52dcbdbc226f66f0537573
SHA1 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a
SHA256 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0
SHA512 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_d3dcsx_43_x64.inf

MD5 e1f150f570b3fc5208f3020c815474c8
SHA1 7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c
SHA256 5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a
SHA512 a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_D3DCompiler_43_x86.inf

MD5 1a86443fc4e07e0945904da7efe2149d
SHA1 37a6627dbf3b43aca104eb55f9f37e14947838ce
SHA256 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf
SHA512 c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_XACT_x86.inf

MD5 dbef26a0b937dc1859e9582aa88bf928
SHA1 25f85650c6f62e59c11f7234be22d34e890793b3
SHA256 ca604ce9d2ee43a09b39b23a6a2a048b1a79d85c7d78679cc73aacc75cf7a62e
SHA512 4259193cd51168020b3b02ffaae89d7b4a972273b227cc3116c8cac3874b7c329e66c989ad200f93b05d1e4f90657b5391f37d6d128108db66ad7d6a758aa34c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_D3DCompiler_43_x64.inf

MD5 6494a3b568760c8248b42d2b6e4df657
SHA1 700f27ee4c74e9b9914f80b067079e09ec7c6a7f
SHA256 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216
SHA512 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_XACT_x64.inf

MD5 dc506eaa8bdc02b0918e8ce956b505ce
SHA1 9bfa75f2b2d7ba26a778623c8505e10428a1f6cc
SHA256 f3c288d84db29f7bc4d2c771341f765b5e1940a4827fcb55a65b48eec83c71d3
SHA512 9938b821370919a25e801cc19841e951ef4523fa62eeccade6825e74c43319e9bad2f76e5971ce5d26ec2fe55258f7c9390626bc3b934c84b70f7a2870976b89

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_XAudio_x64.inf

MD5 dd987135dcbe7f21c973077787b1f4f8
SHA1 ed8c2426c46c4516e37b5f9aac30549916360f7e
SHA256 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8
SHA512 f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\JUN2010_XAudio_x86.inf

MD5 31d8732ac2f0a5c053b279adc025619f
SHA1 c8d6d2e88b13581b6638002e6f7f0c3a165fff3c
SHA256 d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da
SHA512 abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 7af77d720c656d90a084e955e390b2e0
SHA1 84ea33ab52b8ebe9f53a68d04b66f2740e4d0912
SHA256 060d7712ba2cb6c7f6fa19fd021cdc3be553febfe6c847e159832c10a310565e
SHA512 169f0edf3f6f92dab2bc4263667da7eb9c215861e655b56acbcc809260f5e1ec7c2bb62d825df02d9550a025719f687bd35920cf107ad0982cdc89fc32717a16

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\microsoft.directx.direct3dx.xml

MD5 d2ecbcc04f7e087d738df9329d47c30f
SHA1 0f2d7c485020928227b668a148b0a60d99bd6695
SHA256 7b38e6dd8c567d17d94f595c33fb234284abe884a1148025f59c8e426ec30c03
SHA512 5662bbb30d7a601efac49f0e090cf05112565ac40dd998787e40d4ee6988f985ad8513b0d5f80e17f8ec9e7784af1c50a70137c0ec22b0c72107b601503bcbeb

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 6e1b02239eece97f8db53be215e5ea12
SHA1 6558a98cb0fb954b38a3c047e394f5cdfc3115de
SHA256 3ace8314db64216d9b523119c81499991344e5d7ec813f0be956a95f52a78973
SHA512 4ebcbf6b196a8cafdbd15008ea4c161f9ada883f8013f94a11f9a91cb85c075b4c6f973f4b9f475bb92ac16d0e256572a6016f8e9318be2bb81154b764ed996a

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 53e7ce9d1b5438f926102ed9ba79f48f
SHA1 db3c14828e92f95c1b19d53fb096da16a60870f4
SHA256 3619984368fc0ee1431fe4b3338efc1fb6f0a22e70ae001343c7379dacc600e0
SHA512 6593ec9956b9baa2ad9642f3c586e87194956ac99aae2ff12bdd7f2eaea34d3a49296deccc1a104948d57f8302ba0b648e9b0a618541e4e64e22f3d44999ad7d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\microsoft.directx.direct3dx.xml

MD5 0734fed8ac5f5beded89df51ec6f3e80
SHA1 5ead1b32981763fee7552e5903551e4f34390b53
SHA256 6a217307e5ea54aff712a39420d1dd48f355747fb32f04e1fd2e92ad197c382d
SHA512 e83dcb0a9ebe8521ad254c352908d3640734a6597999b9733d7d55c6fec775475b0fb45e02203c5b25e605c820323e04cd2d0d7c4b080dfa72c1a21997345d88

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 8d37394dd823771958edf4c31607a1bf
SHA1 e15785fb7b2f3681fafb1ebacd050e33e1a45fa2
SHA256 072732ada804cc089d2db0fd7657accd55da52c4379ae1090b2f2f967afeb030
SHA512 41d189a909b4f58c45724c8d865dfd73d4a319983538216f0c6aabb41bc02d76fc8870f41a1b0c7ed5673f4a006398f5effd4f39e1bc652ad193584c4d2c701c

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 02c446292151cba86a22431d2e32b48f
SHA1 7ced511858ef9c8707c2fffc376694e50a8103e6
SHA256 ff577577b311a2578844cec68448ef42b3bdbc8a135d51919a5a99a17cff9440
SHA512 cb356623984c538bbc6576f04f6f2203b203102c7d32dc3900f0b5d0905d1eb6764d2b66c5455b5d68a401e8630891c4426fd6039af859db91b57f8e18fd60e8

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 c0ce93172ef26a5d0caf6b77340f39d0
SHA1 e7ca20bb60260097325985997f9323c7098b2fae
SHA256 46fd29302ef043546bec0693499b85610395d2109a1fecfec34dedabc4cd7f2c
SHA512 13250acbe624028a76bce13d140a2272da61903171c89149b37161f76a18360c6ecea79201d865d1d711c5b68bcaa01d238c04dc56fd90ebf054211f5e600e03

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 d3f1922325be8e7e1c72bfd8179454ce
SHA1 89134f43ce2af4adfbc4087392aee6fe56be7ff4
SHA256 8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12
SHA512 d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 ad285630e528e0fcbd437cf3a3b518de
SHA1 b95a639ee7b578c02ed9ca1fbdda26d445713292
SHA256 c6076514f8c5e526e17f2e26a2cb78f630dfecdd482d3eb290b417c035885370
SHA512 bf0fccf9dddb53c95742ddf575664222bd65ffe9a49aaf69aaf12217f6a54a40843de7a52292f0c0136f56cbc4ef60d7c2c4ea2a560d361d77b39eea0ce0b906

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 ccd53738df4fa27849b6bb05dd67d10d
SHA1 28126653a3d1b4574fcb0c09176f5fa0ff28ef78
SHA256 c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62
SHA512 aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 cea6907a8ac638ee689989dc1d915a78
SHA1 f2768bddfb8168950ed4c5b3cef8fa6cd0112033
SHA256 aab7157eedc37b1fd17fd287b43881ee042f5dc764e0410789ba543a211384e1
SHA512 209d68c4e9093d1f2dd895961cb6e4a392c099e8b64c2580244c3dfa09d11e5d5cd5fdc28a94827e1bdc3f9f61a64ad51fb2ea4d8a40a93640d25d364e4440c3

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 43c280c3b15ceb2472ab560d09629664
SHA1 e3a897d7608d03c93b5c2b8aef52703452cf6696
SHA256 bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c
SHA512 5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 d5935a8e4eec31ef914df83c8608b91d
SHA1 e545b4d5efcc04f3e56044cbe394ed380577aff7
SHA256 0762e73de40aee41076ce2bf57a57666f3233b9927a70b706e08ab108bafff2e
SHA512 7a64de7a49b38f979b339e9c3ba142327c07ac5a996e3deb119ae17641ceafb38ce86df67dfa50627e51f605c8c68a558d938d609d222cab69b1ffd6fe56a0d7

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 490807c150b7d8be44bde871f4df8c56
SHA1 69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e
SHA256 36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77
SHA512 9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 3949d48b1c6a28604e02101cd2178013
SHA1 e0c1f064b20bccd2edfcb7749fa7dbee9a96aadf
SHA256 bac1e53edd3c2149c901e53ac93198e3df0a7f2300d0c26b01262a4067330b43
SHA512 7350e075e1e9e09b167ce3e376bbd961f0bee1b3e9fdf0fffe1636791bf6f8187a164ea8c627c64d88d67b29953a4f7bf3c457e9466d3228c9d275a0697a211c

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 933085360527de1b4947289ca468184e
SHA1 d5ee5e1e3c992c7518b5ce510c627c1564131b12
SHA256 78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d
SHA512 2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_24.dll

MD5 bc831661963763ac4d504c5cabb1fdd9
SHA1 51b323ea377f9dcd52946f5fe77ceb5673d1592c
SHA256 94ec67763f67932dd4273ef5cc12889a5cef090ffea3ee78a80c7b530272b1b5
SHA512 fe97241d5d9ce298f62ae3295eb9f4091430c8c2c53e967b76e0aed76c3579f8bb07338a0de48e4547c63ab381b3b3d0989a183447b8e47496f35493541295e3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_25.dll

MD5 3736e0a4afae06cc88a7268fcf43163e
SHA1 66f4d16b38c00c5678c3b80ee665667182ebad12
SHA256 e4385fb308d13fd1e53e1e86d85fd9e9242d141b3f19a7b8ee66a4ea8454910a
SHA512 840ec0dc6a7aca036eff816239b6f86bb74ea737ac1fbe8a9ce5a16f3d28650807c5ec88e4bfde3179ba15030b0a326120c8f7d92d099141351eda86be1e71e5

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_26.dll

MD5 29161ab5461da7b7daf68a67891bf5e1
SHA1 78be0a6eed3aceed36a15c23a0e97a2e0099954e
SHA256 17d4dc7b94d25b21de158ccc9b36df133addd6326d219feaddbf97b0ece92a5c
SHA512 d71f879557689b7011576562e76adc099f331b8acf228dd1cd647b2d751931502885f3c30d96b299962f565dc38070f71fbee2d2849dda80cfca407765082183

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_27.dll

MD5 852edc778a7a50077694f84d8e601234
SHA1 14705b638e1af81ddda5dc52f68c61ebfce5e9e3
SHA256 a70d571cd675c97c9eeb4a234dba1d667ffb54ec3bb14defb36b3e2f605ae257
SHA512 51c4031d98bfe3251a81ea9f4434ce38f077645a40d0ca413e31b6951c384a1635cb040c24ccf1baeef3d5a47d0d18d8b47fef3bcb28570d6e936fcea6f912c2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_28.dll

MD5 be19b603dfbaa829ee5b7749b3ba97db
SHA1 3d42825b3e7fe5744f67ef145ed47bb524496305
SHA256 f3e391b5f1c1f9637cabf2b812b6f5d65e4776c89d779f506f6b643cc563176d
SHA512 095e8357911c1a06000f5df291bc3cbd80aa3a9672f485fd1f2b9bdb1172d1c7235449485948bee26fcec630d6b80fc927454f9b32cb31c823494c780e0e3df6

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_29.dll

MD5 57a5a2307cfd142aa19a1074f72d1157
SHA1 46cd936cfb5789d11aae55d863c2d474a5f91cdc
SHA256 22ca8e51a0976aa9394f36637c86484af403fc3d4c091a95c095ef019fac3c92
SHA512 12529e5f1bef89806133e2e15e15d94120b7d6a6d4261ca650d60eff25d5f1b0f76a1eba32b85adf94b272a9738ad09ac6bf318b6a1e388c2b67eaca9e9e7c30

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_0.dll

MD5 2112fe0c46662d429347a7d7b49e3ece
SHA1 8cf607547e9c5a10f129a3a8f8f32bd295c0d5b4
SHA256 cfd1c2d34feb7d94f282e97bf762a99bfa7309dc7353d96dfe4aadc187d26c67
SHA512 77f77add8411d418798d643d783752896d3fcac002f15696caeaf45b5396d2d42fe53bfb409d66ad505cdaac0ef0a20a62aa45b50aebe65237d2c44af36bbc34

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_30.dll

MD5 e415862612e65f10d7d888443ecd7594
SHA1 aa8440ec3b5bac6594fd58d97c10c2ab7d419b2d
SHA256 5edeed79f2359527a55b8189cfa8b9b121cd608d44eead905a0f3436938ad532
SHA512 f5de2f9e045c3d579d98b25fbbb7b90aa9ddcada0c6bc4e103e5257394f3cbb7c968d89db61e15b10605561cefdd63456912aa428af5a62cb769ac8c4e5eecba

C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

MD5 0c453970e89db1c1eb9de087e6eab5ba
SHA1 c4c7e034773a240909332814f499730575a1cd71
SHA256 942e98f142373547493f13b14e1603b2420851aff013d3085bada7b6b2214d9c
SHA512 ef3b2cc2598b4ea58f00f93155319674450c8c35b706108ce3bbb5c2502efa179046d9d50e12725e6dc7a555f4880404ed03de15a0753606f20a1654799886fb

C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 33806c4ad230619f6767ffe70406c7f5
SHA1 bf03048062ee58ec0f9dfaf55b33587d4321594a
SHA256 d8e25ffd3c56a1fc3d4cecc183f01dba915e87dec9ee9b31b45d37f0be0cff5b
SHA512 395c39911e74843d5a56975c5abc9168386d5517bf3d42502020a5b855af38fe980da600af9ce889e98a88494998480bd14c5741f6ad159f6816f8543af3082d

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 2c848466374f1be79e8f8df4928e4d8c
SHA1 25360b9d76dc45244926cb8f31b3f6c9d7d9cb73
SHA256 c9bf4de78f92b06d83c3cc1e9665021e1786bc19356124d243950e1889f881ca
SHA512 271f73506a20b14d65303569c61fbe8573e3c081ed21d53566fac8e36a5c33bd7312b8aa0a29167ccbc8a713de50ef490cdcd71ef0b3db1328ba20d8a71a5d03

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

MD5 7ad4d9fabd109432eed91b359ceae430
SHA1 c1dcddd86f9fc630cc0231acd7b732fd55dc5f63
SHA256 f3359d5e41b1d4fec7230579a593e40fe44f6afdfacd1e2bbe52ee06d84686fb
SHA512 bfeaba581a7aeff86bac0c184da823e4a26516a3c4f39af6b6b1bfced73117f3816c567b182f4da0df1935a6e97b6d0520cf02f518736b52fd27d37750e863fb

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 14d093b6c1d1b98294112fae55715351
SHA1 23034ca28e3ad4566c289292bc32a74ca7de69eb
SHA256 076d2ac24d03ff21ed146d3849c67850ba28e40f0e599f3aac1340d860bf4309
SHA512 3e9499e79bfc4db82212111b20c39479a657e0fcec5a17d10cc5bfa125f7018b4ce23735eff0a94955a4733cd55fb839a8c3ee0267dc51fdc92b141493ea995f

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

MD5 cebd995ddeab2c525a5c4e95789bc961
SHA1 1c98da39d7eea36d73b361ddb24054038c2b8331
SHA256 0ee2a2c371a918cabc85143202864d0c3a4abf1b93a5029081a622e0acf17ab7
SHA512 158b3fe6e6605eb56a99b2135df529226f9af4b001ed0c2e1fd201a60054e2201dc22245ee5a02c6e7778337f1974ee21fa088e94b13a7402e61f64658de49a1

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 c52d49a06e98f4b92b3e30ba20ee50a8
SHA1 14600d369ffaca716c9327686fde33e266090fd8
SHA256 c3e2abdd064dc217d7726fd574e04319f95c4ad4f90911e6b07b1d014c027eb9
SHA512 90e4e61cc8d3d8cda4071038fd954943bf1f1c700db4e228fec847da80d30f033e5443907c2c37df92fee56aebebf3427619be12abd204d89129054d2762a61f

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

MD5 46f26e2bafd44960e7f13b2ef80aa0bc
SHA1 2277bc8980e0f6c3672c2348b0494f0cc0ad611a
SHA256 489f65e1e00534835486e9255eec92b83edae4dade6dff867a380859ae53006a
SHA512 5b5147940803bccd0184b46e60560f967831541e707b5ef19781103e31235f1ba05d00e44a6f2ed061ebf5dd7013d9c696131a3edaa77d3aabb85b3255ba5489

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 6f0d855a63f4e90dfeb7be4b35c48cbe
SHA1 41e578f45d5391e24376bc1a0c806ba9122f8bb8
SHA256 c7ae3a224ae769f6b77a91a767aebc742a8135cd8ee60a5543fc94beb863b43c
SHA512 fa3a36d888726b0097a0892a827e70891efe1f858aa3f86bdb9ce071958ea9235c74e3cf457afa89534b5218a9cc8835e53ed106da89b8a3ea24d603467a2a6d

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

MD5 d9824a9dd107e598575112b4ff897292
SHA1 adcc54d159f1eeead01dbd2fbc73c808ce519920
SHA256 ff4c03bbeb292317a77c86c1c81ae9564acb984b352fbef36d66e2d8bcbd79a8
SHA512 caa1f0411e0470a315ee8c7a62defa972ff17557bcfcf74016c64ad11b0f6fa46a126131a18e275e59e025814545e1d7ffe145377f6a0bcdb8cc93471e4c9bd4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_1.dll

MD5 7c9952111f4c743b9f0d8b68b6ed93c9
SHA1 75dc863ed10e4e4a18fa06dc32789cf16c738c38
SHA256 666cef7d27a38f709063c9c581fd95e6b3fa27167bff4beff484dba2dc922a2b
SHA512 aaa3396fa9081f25b2eff6682ea26afbd297c8a61cee4540f9a947c1a96ad51f114a9985bbc69ea7d0251f6e4b1e835c92daf0f8c5fd66e477e3243ced3c9bef

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 82b8562298f9f1826ea412f5030dbbe0
SHA1 c0ea1ba59db20c0c9412bda71e2cbc91c290b3d7
SHA256 d3095bcc79ca543e2bb05e68970c333cb0fdc45b26d9abd45d3899515d0bd58d
SHA512 b49bd55bb67e6e503e2588e7a33535072ae04c89310f1f1de3e7129c64257a5834aa9f79d2fd8dbe4e890760869d8c97b25283dc3b349613cde17876ca713897

C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

MD5 d035348ec8968861af585b7132fe4c7b
SHA1 877ffdf77b9cdc1be14135cff0b756a231401617
SHA256 2e28c8fb8b87b5ffd1e0ea27710a2e785ef4741a89e4b3c3af726ec63d15a1fa
SHA512 94358b581510c68049ac92990674a6cb495cb8ff005f7fc03696c57ba8b4cb384c5035d9332d0ea39093ba5fa5c8082143896cd2fc7ac24a192520789c707458

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\x3daudio1_0.dll

MD5 f77d5ab654881e683cff6650916c424e
SHA1 56d8f090755f1ec60b13e748b040069ea8759b5b
SHA256 77cc09cea6de69f12106e6dd9df1c0446a525a54c3953d69d64711b9394cc38f
SHA512 dcd1273673f4088e854057e47484bb363e1e7ce094bc2c98ad7cc9112877892c1d6fd591dd9cfb325d6c451f2d03a4cdcc238af1ffb5382b7153f079cbe13abd

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 5dd801f5d6c465fc68084414494c4649
SHA1 4aabdba4c7b89a88e4b36c90ba69867ae55fa948
SHA256 d0024010f624dfa7ad6f909e1d91602aeb9f47e0810f79a5e152828de9eb6fb0
SHA512 05c68ea18f5dec21ac443713c858cfba5bafb7cac4ec71b698af0f10645f56845624e06a59c433d7cd59ed3d1af7ce9a0eb226a0dc1e3ce58e22917e6c498416

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 25c76c1e29d3e8e7398f0901f558a629
SHA1 2e907c9688a025538f1b2d0cf1860a2ae49fd2e9
SHA256 2ee41d4d591a39d648e90db4d47d0fa0557fd68197756ee2ee94fcde4d820cfa
SHA512 7308fd91859d00debf446bd6b594f3ea196dbe46a3583858c76d2cbb008a8698207f1ce7746afe3de4efb9a27980f5f813c77cc88e273fa82b2695d8f3d15039

C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

MD5 c0843f0f45edeef233b1e581ae75e3bb
SHA1 04569c78868eaa8927ba64f93312720117152843
SHA256 8c9685959706750091b0094522cec8644de1d1c6309e7a2fe02cef130d3a2b9c
SHA512 8fc293f5c5de65893d92c54f921c84f8a3f44fc733445dda7907ee09d062371ef05c11d014ba2017fd15908b911d0185a14b89d0a311a870fa33650c3176e442

C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 1b39fa686799b60bf0c58345bc01a44d
SHA1 1a9687733a3eef1d5fe49cf8f598d4dfb5e86385
SHA256 5326544e87c63700015917ff4f1efa60330a5c234f4a3c7fa83620b4d35e26b1
SHA512 659ec7c23065b418580f0e8cd25e97489a6b57b07b15e854d976519b0e6c59374d283151dae5965532d90dd11a04826d82a1e4f1d8d71b3feab229228df7ae63

C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

MD5 75933586afd94ea24c5acd3dbc89a272
SHA1 970fd4b49d1368330c10279798991b901a233c2a
SHA256 406f473429573e9f0084aae125ef8f19f59291aa4c33cf7d40e7d996995a3238
SHA512 c096f0f11fb306c6a84886826306fe9c2862c3c79b14a8991a174224b41c2a68b76e5be506494d23d354384c715c5d82a1cacffff9644de9d6b93e9478087a1d

C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 1739ae652eb8dfa010970339d9ed55a2
SHA1 dae0a809ecab01167acf1b90b2371878f4217f14
SHA256 396b200da4047b5f6d3ec81f1ba437e530fefb4d485c448e1ae612736672d766
SHA512 258bc6dde6528a02dce346798e60e1ec44c55f121141dbe152d3d8584b5daddf0ee7ea5cf335870c67a17be543b94ef01e7763bacd285b852a04ec236810d5a3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xinput1_1.dll

MD5 f1726346e583442541fe73429f8e9c10
SHA1 a1b7a4edd7d1164197f734218fb485165c075d0a
SHA256 69cd725c53e0302e75db20e9a3e4b33f58dceaa2e6ea4938b2733df8bc289a71
SHA512 ba17740271ea92c917db85c64d4ef63a8f2036fb1398abdcbedf9d49c09a53e34ea04e8b3f5a2ee41c2b2ecea6196ed7f9866ee48a9f3528c3b4c1f19dc167d8

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 fd1b55b856bcad2230f4338f72f9cf9f
SHA1 3d1bcaae1f2f2a759486bbf4dd543eadc7efbe91
SHA256 300ed1a4ef37c8d5f13d67a5daabd46bcdd9ad9da4fe6283f20d7d38f72caaf5
SHA512 dc73dab5f5384a01bf66197ebc9b74a24c146e8f17571c98edf1d7d1dbc33b0f4075d46150b782891397d8a4875a8cf375a111855eb689f2a8e6ed0aa3ee0091

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_2.dll

MD5 5c4d3843b491c047b7a619901fbd2ec1
SHA1 e02dd40f54e7dde0bcbd648e4fc6f723ac438bee
SHA256 4f996edb65022e33ae9c9f7acf7232c8d444f75c50c72894f6d3173b55404ebe
SHA512 474105b213bc067e0822ee22c769f0caa7a02f2d74a0422b676675fc45482db3a8a3dcb2744339a4c7fa029a2f58a2aef5db500c65cf646106d8ed096b17d062

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xinput1_2.dll

MD5 33b62be226934e1b01f5043870c70427
SHA1 ad96f837accd277da2933d07aa86ffe3ef803b5c
SHA256 9714d146a785d458f0de8fef387d82c9f8e101c02407a0cbeb06f02a69518eec
SHA512 41f859fa59145ef6cdd6cfc4a14f90bb932d2c6aa339bda1763d8e315e6a78bde561010152460e6f996c9ac9ffe6650ccdf6ded34656081a0ed9ab1270773710

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_3.dll

MD5 69d841744b2bae38fbb2d40a230a549c
SHA1 2a6429b1b1758bffe3366ab72212fb9b02152d77
SHA256 ca20cf8e4034719a46bf67c6009486c2c1cfc2da10ffed3a67dcae677b4f6793
SHA512 d5e26da74fc84da90b0f60451479524f1d03946076d009328aa7f9939456762633006d11970dc4c849101728ca32350c125005eb4e3f75114d4528cb17a35b44

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_31.dll

MD5 797e24743937d67d69f28f2cf5052ee8
SHA1 7d39afbf94675487a9ff7e41d2dbb8daedf7ad00
SHA256 e2065619fe6eb0034833b1dc0369deb4a6edc3110e38a1132eeafcf430c578a5
SHA512 8804d0d95688a932c7bf7e1a023179de8df3a5436e356b36d803cb9781f3a378adb9fe69d03b28362755b808cbeb2cc718ab920672270de0b954996996328f5e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_4.dll

MD5 6550e1a0a7be611592c31222fcb981fb
SHA1 2197a951ecac85f7144fb925f6daff9ae7811e5e
SHA256 1e0e09fc077bdeee3de065c663b83f6717d39d56778833f030955077d490d000
SHA512 4013fba5e4211e66ebd9f733ff35635cca82875d6af71dcfeb481a436efeab608fe41310bae63d55c7fdd64a5c5f64068ec1eeb997160c8ae27f21f28e2bade9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\x3daudio1_1.dll

MD5 121b131eaa369d8f58dacc5c39a77d80
SHA1 d8fe20cb6f28bc5334ae64a8df3563d1985beb9b
SHA256 ff15f14174a5543f028fa49cca745582fe4cacf3bbe490749cf43444690ab359
SHA512 ffe19ffea137603e5401f133d461b30af6fc25b3affb8a8ce20b98e3270de398b9ecc83a6cd904ff42c5885d3806c7e175957bf4a5827dc2f067756a51bc40db

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_32.dll

MD5 26af232140c88b42d92a88f2198edf6a
SHA1 b62aed3f71d8963227e5021c2222192873ce753b
SHA256 e96693794daa05a75a83c11df2e7b42f2de61567c6ad0b69e353b50f6c88119f
SHA512 54a6a235af4dc3f3c693fba5ac2d487d96c9d7a2bb7deeab35d5a252e723e597226ec84e953625c8808546f91fbcfc42add85076846a63925fd9eabc09dbf935

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10.dll

MD5 6f34f7405807dcbf0b9bf6811c94c6d9
SHA1 2de04a49825acf76a6a7aa02108337142d30b6ff
SHA256 fd2caa28493ea76021b93641958238b7a933f4f6db1a2070be03cc81d87d8307
SHA512 df623daace6702d25365697b62a4ab7d03d944306521022c6e65e94cf1970b5057da811f10e675c952d93a37abd1b862b8ce8648429780aeb99a4d55fda6aaad

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_5.dll

MD5 86c93789e9006f1ac47ed9dd47d4c8a1
SHA1 e9de46eb68271018aa31c71ef89d1ddef19edf7b
SHA256 ec68b5163cbb5f15e2fbe37fdf5fcb0d01dffbe53a460cb2cf668f31f0127ad5
SHA512 5a86661171f039946fa0568c6a9c655026c0a74c04a7789fadcb4acfd6a4faa5179d14149321920ceca9a1214910abec3e67e356898d5bdd044ffeefaeb57df3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 bce73adcf5fcfac42ce15c6691275ea8
SHA1 484355fcbc55357c2f576fbdd64d33c8ec8ffa5b
SHA256 76eed293cdcdf17942acc313366b22b55ad78ee0389989438e63ab7ae145167d
SHA512 5e53f89142918eca969e005d006f0a106862877ee6e5d317ffa1b7c017730fd1d3d98e5e75f603183d0371da39c11022cf62232a2b614a9bc5e055f52d6da65e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\x3daudio1_1.dll

MD5 489e5b8bb1bd1028ff1c798eaaec65e4
SHA1 da9c385c48a6f590347581c5c3dea67502b99837
SHA256 fac23787e7c199c1969806850b5a9652f66f6dcac86f48f6f834abc253848a55
SHA512 33e3c28d60c7063d76c6959ef18dbb0227466766c4be9ce920911e192b75c18d11943a2eb0bef2caa920a6efa29162acf9f6c9c07ed5ddf5858420b240e0c0cc

C:\Windows\DirectX.log

MD5 f8459893a5ad3f314843d1b418361f31
SHA1 dd6a5996de37e4e58d92f411c8a59e0ceb1c8a89
SHA256 991d680eae6d2fb122e9a0c33090c8519461bec729695e45d1529b68e0dfe136
SHA512 99eea9c4012820b147d0a0dabd2f6688562df302f09ad05f4d85aa4cb0fe05832d7861bebfa1f7cfc41a0e56abc5833e812f32f9e9389fdd1775337b7bf56614

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_6.dll

MD5 39000e033d39d19ccce21aeafcce2476
SHA1 6e7823e689a9b720a049a260380805a235ddbf75
SHA256 be45aef0889b03e2243282a912f41580e8566db666a782c26a1d4d7988799d03
SHA512 65047afe28308ce69e3b410b3b52b5fa4f615c95802019cb9b78ac69694e9987076af4bddb2ed7e47b0fbe73729c91b94c525e5b7644a42658663ed044b384e6

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_33.dll

MD5 3f29f1e5d5d3cd2a78c9522bbe3057c5
SHA1 422f2b8173b7a90426e649a078090d74352918ef
SHA256 63856a8ade00f39ca3ed250121d59030517152946cd91ead3bc0a6ca7a086104
SHA512 e39bea57b2a14a7262cea15d146e76ac29fe99dac5fe3e98c1b6652aad05f833eaf96c2d1493afa2ec30dea3433316eab098e8237ed3292e09a8da191857174e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dcompiler_33.dll

MD5 fae7e1d578c42a7c3d9d61a99d178bd5
SHA1 8ac88ff2bc5f616ed284a04ddcbaeb72fb1f304a
SHA256 12e238af4b4edc1f774213709a87a91b77b2c9d2d18fe475b027872923b6fa17
SHA512 75107c64acfb6d84e1b05ba78377dc4699ba83b694b7ace474665c85f3e5843db6d06348fefed539c6c2b233775c7ef81d7bfd81937207e04e637043633cd0b9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_33.dll

MD5 37a8171accf46a9c196054066c28827f
SHA1 886264510372602c2ee0193c5a185d719a61316a
SHA256 b04e2b089656eae01a0071359f9d7fb040dea804c1b9d2379431864174259c2d
SHA512 713b843a35dcfc32caa67c52ce0a32af6f54dfc4c11615d32613017aeeb257fb3f9168443a4288c71209e5d40f2e1b281febcbae6da076d2b57cf01aa3cd78b2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_7.dll

MD5 7febb8ce2233cbae738b16d42ed29674
SHA1 fdc5682d6aa0ec57b8f3c742fe736d74b3c649cb
SHA256 a43c92af3fbe91dfe2a1d415342631fe64e18c7dd3e16e93b6c78947b68e7bd6
SHA512 73a3c07b13b31d2df1cece720a0268cfdb7ae2a066b9e613f7c4ff0fc37b94bd4f32207149d56e1bcaa5656fd4501b1d136d94e18e97c07a8e793906dbc7927e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 45d4dac07aa361bcd77aa815d1724a16
SHA1 3bbdf7da5d51211ae269572961b5ebf508ada28d
SHA256 34ab99536ea59ad60ba6efda3ea6d18291ef096a0bab3664248d6045805da0ec
SHA512 d940002a8e0112a3b56a909008403b447e9cbb80e38b9bbd508f40aa68224f7e5d9681e1039e747ae939e0829a25be2319b9f9d0862cebb042e4c525ccbc20be

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_34.dll

MD5 1ca939918ed1b930059b3a882de6f648
SHA1 0c388397620ce0edbb362bb3ab2d4a9f31a56b6d
SHA256 b6f77f06518d35345fb61172b6a13159125ed60c469d28b1a2e07970e9ddf81d
SHA512 d1e09da8551e588b8d5d5837a79da9ae4ddd6a372457d3c341e68e3da07c0c1e84decadea9534cc87ef9ef38c094171004f836e6f74831fd6531ce72aaefeb5e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dcompiler_34.dll

MD5 75f206c195bbaca6ef28565b1c0cd75c
SHA1 4687454c58f64f2154f0e99bf5a323f73ca1790c
SHA256 5044a5810fd931339933a8d0c56115a5a5c27d8c0d8e348977e2724a032accf0
SHA512 84c0a8fd3e4293d85e919940f6f24d88fc6fd68f39cffefc34014656fee54256ce581ba408eebf5bf9dac3da9de19f2bf8403521c55881d3877dd64a8e50120f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_34.dll

MD5 5aa9987f2e62b56d7661b6901901f927
SHA1 2cd4e3e70c3b37da134ecfeeedd377d1726d9759
SHA256 330e120d745e1132252df81800362a7ae0b61a9060afc800165ba8a1d55d3fb3
SHA512 af9e39f368b47b1500e5d68a6f234361fdfc29ea31c32f614c5887f124d6097be0b2d8f37287d0cd0b094d3a12e3f5881ea822542a1c85f10566604fd6228988

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\x3daudio1_2.dll

MD5 9e4efe7cc29ece294f3506fe0d8090bd
SHA1 b5d0e9cf45ac3b05fe21aed3ba41dd94b1ad1fa7
SHA256 7c06bb70d12cf78de9c6a12a53c95f9dba41c140a48bccd500483e5b87795a8c
SHA512 998d3034cf21bb9aafe0821a96c64ab0c38f770cf9c6a6820a2292b569510dbcd0e71ce56dae813614d9a148c146e095245e963905e71679c3cfca1ad98f5e16

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_8.dll

MD5 499210c45afeaadee8cf4dcf7d5e570b
SHA1 de5ca60de47c8f54d531b88ea80d9a24a8e87a98
SHA256 15d82e89bea30bf82de6ba0cfbe97eeaf05d1e06bc0133f0d1ee8d0cc41f51f6
SHA512 f76f69bc3b6cb4f92e675eeedbd10a80f0b970d75ea04392484d477a4d02dec670cdadcb90be9eb215c4ad48a90d28347c9104f0835e93b5a9803fd62670536e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 98b1369d38333fe9143259687edfb25d
SHA1 3536573ce844dc1441b91e1124b6689b93add430
SHA256 d4e57566914f1d36f4ebfb6e164ce2170f1d5e6392189d0ad6de3ef3b0a9aad3
SHA512 3544088b8436ae6e48d22a7638d59f3c14fb914caeba17a87d1af469b82f818a1a71c5faacd52f69b5bff190b44fd91f893d07b7e05c2e9a9dd363bd75722057

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_35.dll

MD5 3ef18b78d17c962f2b71ac1cb7757684
SHA1 2380329c17c7a530075c7572d17592bb3a00c4c2
SHA256 2198022938156b790e9cfb0f7997494b66a11a1ad49b395be58251d635b66b26
SHA512 93e9bff79630ee5897bfb3bc496f778aba160312edcff9f0b8cdb8e8af3d5c7b73a8d95d54ab26cc638a2ff7cfa27153629f9fa8a4a687ae3c83e1178471e720

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dcompiler_35.dll

MD5 5b441670a4f5f8bcce76741902b8af56
SHA1 b98df0c54483664ecdc92eccdcdee09d082972d8
SHA256 5a866cdf74f981e783624dafb0e72f133ad9f9b293856d7a18c7558fa357beb1
SHA512 0243deac1124425b65cfbc7d6465bfb09a4849e6c5be3645b808cd3fa487c3044c5b45e9943ee31542a7a47803c02f0b92c05c1e4bee18cf6076641e1c0794f6

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_35.dll

MD5 f3764552e45880dc49b82f38699aa87c
SHA1 25e347799bb3f36bdee30aa78cd9e59c7faa5add
SHA256 db775655fd923e29509402556f86002dd9aea062cdcdba7073e1057a67b5ce50
SHA512 7e52bbfb4f309b9f5a9632efd3dc28a0509b7d5edf471267f7e794ce8479dd8cefcb29535327a7384bcc25b5331ff87c223fb70fbb5da22fea3c919ba4c5444a

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_9.dll

MD5 46ee68f04a75a1ccf40235ea6f1cba05
SHA1 43a30e195b8d894c69bd857ee377ce7fa6170fa0
SHA256 93a0d8fc38e4e9a301d9e721afbeedc5af40becc0b11a6e7e8e38f08f366ff6e
SHA512 16e4c624e4e74d8c1fd7652ae745a87de3698567faf0cf03651ad87f1f730405fc0d2eca68e4b0ff3c5c526c254aac232f9bd359ddb6563313a8f02db3603fa9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\x3daudio1_2.dll

MD5 ac49e8536bf510251611a77e2a6cb8dc
SHA1 8b1f64007fa777fa2aca1e456735ab872cbabeb9
SHA256 1ae37d90d39c36c142a51ab9fef7230788ff95080f2bc47734737bf82d3c2c9b
SHA512 2c33ba362315ab102e4898ae92f7bc71e7c0c7fda8cd79f896cfe76e5a2a4129bf6a1e48d75b82ed7d915c0ced819e81c0f89640677b6bfa388962ce19bde2a7

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 ffc75edfaca60d28b6e6c1da8488f0bd
SHA1 358ae6e2680666b994e721db5fac0105a86a9c6f
SHA256 fbe2e9cf7e400537a4871218113df178f70501ffeea59a8f0f721927124d6d46
SHA512 dadf216d9e92b349179b27cf436483dd5a52bfdc1db659f3d99b6d1bcc5f1fdf3b0fa4bc8bd08f89439ca1f07f5dc66625043f8065c0cc75e8b3627e59eb8d0d

C:\Windows\Temp\OLDD1F4.tmp

MD5 87d52a3ce4936f6c93ac092c3cc2780a
SHA1 3be34b222d022cd4dbe28f0668c14af716f1025e
SHA256 9566e346fbf72928e9b48b3408c8336a9e77b331bbc729e8ced9f0670c51c699
SHA512 d7809bf29599e86a5c164d6cdf83e9b8a29ae08972c998bed5bb8a93a11742a5905867d2bc7118498985c4f1f4e6223cb0659e8d9784a2ec05b12bebf339983e

C:\Windows\System32\x3daudio1_2.dll

MD5 9355a1169ac104a3670c2a77d060ff60
SHA1 6935990e213c432e4fe3cd667148d95c0a33bd02
SHA256 b822d7de1253c52676f4e20f9c715e92759b43b69978dfef2527b6101e420ee6
SHA512 9897bf3ab16e869b47840b72e0d8166e0f6cfebe0b3254e278d7cb046a5d50fdd2d8624da788b9afbcf58fc95024ccd2e5b9b010de074e8d9500669f349061af

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_36.dll

MD5 44bfec5c9c82a2ee9871d88fd3b9a0e2
SHA1 e2aeb78330d0815cffedfe88438a71024577d4b6
SHA256 c12f0ab0338eb5031d3d04beaf7208ac848f7e037d21ff963d2af90221cbe935
SHA512 35c42ce3afeeb3710d3d96d2cf9ffa2828fe17f8d749fd149e3797e87e154508c77f637de0e424d38bb3fa56bca959cf9da7787323950ec8261b144c09ae306d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dcompiler_36.dll

MD5 fb4299688a0d3a37687c015ac2b9922d
SHA1 a4898d246afbb0ed399e77fa5ff29c99caf912a0
SHA256 f15efcab1780fe7d784a3cd3798f147fa249e81b7ef9a494b85dc7fdab084734
SHA512 664b139754d587dc32820354c1333fe6a5528b07b8bbfaf27374a5da7e86a4c3e7904250976ef3cf8620fd0568c34fa75704a8b1585c382b99d4ee46518617ae

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_36.dll

MD5 d9158e78a368b08d9133043eb3058c12
SHA1 d71d6f103bf7433f442f55c355dc74fd4b8a736c
SHA256 aee0248f18dfef8194451a22c69adda1cca38c03ae9aa776114da9d8851d4c38
SHA512 8bcf2da86f708ae84141089f80131244d957e64c6fed0fc39dc688201659cffa7005bfd4cbbb315ee0a60c61e38ead3b4e4fcb3d2f0ecd0386a6fbe486d82bd9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\x3daudio1_2.dll

MD5 f6a9fc2ad2f9111372b5ab3bba3707ec
SHA1 bc7afb780d42a332497139b5236b809433d86009
SHA256 4c448c7f77e3b4385d2cd35d0c470589cdf0524e532f9cf7ae084a8f88aa949a
SHA512 6cb44bb174ef28cee3e3a6ac51897b5cceb3f2d06d08c556cf6476a285de3e3b03a624ca92fc11b95f29694629457fa39747e3041736f9b76e84f19a052ecba6

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 c92c92060d535cc9800b6ce231276852
SHA1 79281861482c717e61fe9bae300e0fba310485fb
SHA256 e0838d8d562ed4683bc06ecdbc46fe19dcddf711a0c7909dabf62da572035dcf
SHA512 7c8893c92c005c7c21f829912da4b9e5a843e842826d5e362a9828710486240aa109f26e38a84cfc03617f4abaeda25f0ce215b8f6a1f9a65c58ef5606814d13

C:\Windows\System32\SETD4F1.tmp

MD5 bc78d5328541410510dde06b9fa92024
SHA1 f6123294896cc3c3d3cf5a9e0e03319f58da7cf3
SHA256 7a34a7a8af47c6b2cf890ecb56bad2454ba5eb1ef2df6fad9ee53c4770e941cc
SHA512 5284d695216aa4f70abafdea130326d8ee3c6d9a9858dfa3f5b184c6b8b185adebcbc92adb8a7530f9127ae1de30561986bf9c85bfb8b474a9812151a7843c59

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine2_10.dll

MD5 73e055af78a64f9b2779d44407ca2ab6
SHA1 d771ef11d22a79dba7deccb9b3efedcbe74532d9
SHA256 113640ae8cf78caa7cface2f906f9e6b60809906f5c26e08b2e90fc48430f3b7
SHA512 a8d979297ecce24a29459e7ff814e53c649a6c969869279dbf0f29edea4d73883441519a27e5e46bb1e4b5b942cb26907cea9a488de0067e589632687b25b5be

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_37.dll

MD5 b4ea87677480704360cabc131e9de968
SHA1 897735ca97e808638851d303b6f0a254fb53a1db
SHA256 7d2728a4bc45e4c0d6aaa302ad6bc8859133aaa3979630b8eeff6490f28097bc
SHA512 4a6b3a58b6d7dbfcaec905fd97eac724f11c2758607e4eae61a64ee083d9a36762331811db108972ec4192ee047cb6a94a7e05ba91d64176d783ca11f747b520

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\D3DCompiler_37.dll

MD5 ea752dbce35045d3c830dc16578cc8ab
SHA1 0a9bdf391ccdd113fde4d10f0afc80d54df01259
SHA256 715876d15b590936e4d32602a764d810650eec134922b32eea742e2fa71791c1
SHA512 3cf5e79062203d39fdb74e789e22405b93de126deda3d698963682d51f264cafe9a91d433312bb7976fa9b50a4798060fcb97b6de7f0dd422eecac2a922e31dd

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_37.dll

MD5 4a43e9a2b17e4cafa9cb5fec0b5b686b
SHA1 9e28d3d197958e65ab8dcaac91fa55cd1991c3f5
SHA256 61aaf973712f848b24c3e769e3252248ece96db63f206de0ca7ff43d9ed87a51
SHA512 8411bbd130427b690332d222233465bf79426670f565ac3b01a71929dadcfdd18002c54d60981dc1f202e6625f99ab73451805d64518fad9b5a9793407df2d71

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 edbb7730845fe5ed4717b06f84c1cb2b
SHA1 d9bc196e34d69ca0ec91a5a835b444ac3e8aea42
SHA256 de817d92db706f329d50567221c42110ae781d679ef853cc684aec779ab51ccf
SHA512 cb7c5db143087a470d7ca7f5d4200ae62513ffc27b864528d851c310d0f6f68d55b6fa45b7d3e0b81043ada5f7f6468447e9a877b6c6e06099c38690a6c07d10

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\X3DAudio1_3.dll

MD5 c593fd0a96ee4b6390b653c4c641313f
SHA1 60d71ca2eed9ff8afa5561cf1dccca03607134b0
SHA256 74ec3e6b253af1b68252e62a5c08479453b3341d49c606adcf36913fe9ed9717
SHA512 1bb328d1a68dd7b7657d033bc2bcb8e2c096bc591e435b5691a4ad4f0f49cfad70d4e48af48d10eaf4ad13d479a3f4fef66b09a0852f8c61ff33937c7ea22190

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_0.dll

MD5 8a83673f0ab001870583fde2b004fa59
SHA1 be8d312b359a9b8f9f184d78c93c762cbc46e321
SHA256 887329745c479ce8d3023c969adf66780dd7e51ab536f0a08550ba4c77066c20
SHA512 583c73590d4b90576955783e24149125615b135f5bf5a815674e2546b93a8f89f6c3a286df09257e547bcfa8c0bc399abba59fb64158b411a83f28a4a4feabca

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_0.dll

MD5 418cdc57e55ee79c3f86c13a19b3d5e3
SHA1 cac2b8396b1c82a6f7ee2a3e3ec3d2e4c2f869fe
SHA256 e435b73193bdf651f7ae564eba05266595ac672db45e0e22dce92d0bcb3c6513
SHA512 1ba5a49d9102911d13d86ac4f0e4ecb44069c93a58e2e3225d9464755c14f8d57f230eb32049c2747385f7cbaa9c0da0f6001f27b685eebfcd94f3f5b8fa3250

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_38.dll

MD5 8f3eb548ac4ed90252394f60c77e3196
SHA1 e40bb2e3c99c55f2df9def2765bb014e01389622
SHA256 743e77a228e7d75442263ad70051e44534f7972c6326fd34b505a9c2c245894b
SHA512 bad441c93d37269a9d49edc39ded933e43baf2a563c425ea2db222a9859ecd1f076c2255c077a5afd07922b50adfda2bbb731ff6f292623b353a3dfbde4ce4e5

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\D3DCompiler_38.dll

MD5 103cbfc5591008ad33046e20e8e1eebe
SHA1 4a8bd29d7cbe5652ba58cd6754318a03497d841a
SHA256 ddcaadbdd47bcba02c8d1880d456acc20732d21554977338ae507987ed04046e
SHA512 ddab1a2ab33b224ac3f9ed396415bbbdf96bd59bc6794fe26796ee87691154d5e1ca2abf8bb85e7a9fb6793446bf17f6f6f53b74e69443270f50ce0b85e06b6f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_38.dll

MD5 a2650b27472c21cdd817eeede65648e1
SHA1 c0e5f70386bb229e289a476f2a95965699ba53fd
SHA256 bf463b7ee2235f351309b5fd790f514acf2b55a4a1f90222f7479024cc28fc34
SHA512 85320f262c10d80e889258a8584648dc20283d1af0467924e8745555c94a8fc056ac609b31d36a898829ad418c9df06047ecfcc644693bd136ccb50ecbd6fe91

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\X3DAudio1_4.dll

MD5 e3832514bd21236067b7227f6165ef95
SHA1 bdde126bfa7e3133f33e3d3e7b4618422c61acac
SHA256 799b38139523a3b30d26e21798ee705375c61eed8ae2434fddb52fde51f4bb78
SHA512 e60bb2b8cea5864f3311dbc0ad8f7813764bd55153bc0554e2842b6973fe24a1ce9e4381fc6fb05792d97799fb247d591e15b7dc41eec2bf563bd4f7ca797d85

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 6f05a242d0253e19d67978780bc06528
SHA1 ed8c623b0e462e92185d498552a11be01723861f
SHA256 ea31341129f7558d34fc2fcae9e715343aaadfc57f06a33a6da18448bd71b77d
SHA512 2bafde8afa6918956f745b34397a4f6ac479d3696a363184ea75cb9e05c5d83796527ea6cf343004544173e5370bca0258d5636e3cc5cec16701d68d82cd97f3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_1.dll

MD5 2e0e25252e1d41752876e9fe12ade175
SHA1 d9de3a83235166a4bbc4bc356419c07aaf3e3f8c
SHA256 088999560171c60129c95f9b541852392602561dce43e4c61a453d48065f52ca
SHA512 a4555cbbde372893c564e1fcd707525c92fbcfb6915354b0062474cc47fe36ef66a3af212c08da117f2f2121698e556633f8c399199344354ce0d4cea4d0a2ca

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_1.dll

MD5 e34ff0115b1ee3b4e03d22ae9840ee03
SHA1 746e6e84ff7f630643ff9381b9dff1f40a49ca16
SHA256 32a7c6a4edef46f025a4a5c64b892e29baaae948e86d9ed49e82014eec1441de
SHA512 7448bb3ebb8815e13e14514c8580dfb7f6de1a96c90f6611f6766dfb48ae7bc4a06efdc493060c054f222e7d9b308e062e1cabb19a60f50ff9e20f06905df58d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAPOFX1_0.dll

MD5 dd165760f1b95200a3da2d9dfdb84234
SHA1 0724300a1cbaa32e03a234cf6080a67967c335d3
SHA256 8b396d275de2550af8ada6a1ff71f0f4870b51c8407e44044c2dde7ad6b754cc
SHA512 eb130afda1481dd0e27a19330a8be8045b3172e46edcc5a0cb089e191fe415c41cfbdf3af8f084a6ff58f89cf8d7d4d0879a3bae8f93a52ffc84da2d4fec5ccc

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_39.dll

MD5 8cb3defb8887c4f0846db1fc1304d6d2
SHA1 5fbe058848db16117ce7cfdabea1f178ba229a6b
SHA256 5d29988cad858f754ecc62c3d30de555f82cc21b5b26c448b890295e9b7bee82
SHA512 4cb675b179d05ead18d2e42329e0d10cd1d520cf9c8c0681b89aca79ac9c814e82941b0086135bd57721b66b55b6feae00bd29af804f59a486e935fda413fc43

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\D3DCompiler_39.dll

MD5 c4f1972497fe2ceb7d900938c97fcf91
SHA1 27c1886e7823813ac61c35ea0cd5b72ea0ea7dbc
SHA256 b99b655abc4ec45851cc2acdb7a348e739687200a4fe3be9c35d6738dd61112f
SHA512 8d35dd4000e1d632d0924b594d6ef13454159f8c3b85636f180486ff794b76f8a84d7977e340ef08217f0f68747b593eae0b44824a20c12494007f4a40cc3d00

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_39.dll

MD5 e6c2f1d8b667ddc04cb55b9f0159ef97
SHA1 9dc5c2d54397aeb56deafb63ee34b641f7030ee7
SHA256 613afdb8b44bb3bed945279229d9604a3cd553f8c2b9b091235cbab8cd00de61
SHA512 5cc39f19b6de99bad0be00fcbde9d498e23f29303c6ed4ba79c2b2bc63f259f9b617ecf6ac67beee8a71c03a0e80c29412e0159a5014a43a6168c37835bb0e00

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_2.dll

MD5 f3c6be26949caadb11dbf0086082fac9
SHA1 6b7a2475aacaf63f30964e9958713bec331c82ba
SHA256 e6a34c1f068f89d6515cb460eed3b4dbb53522c5579e6c75741482f0d40d9f99
SHA512 167afd32d847088d4973437f8b89badce194211f8fb1a14cf30df11848e4d4dd8d5243765edb1ed09df0f9b674cd7de764f1dae9fcac91f0ec98ecd259181d3b

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAPOFX1_1.dll

MD5 d95eaabf5d277ef91d9ca70151209e56
SHA1 3d47ebbd6236045309d2222a696b7141c0957379
SHA256 5ab63c0f040fdf65e681eba4daa55ed83e89ea10c426dc2fc763da0fc94f3ace
SHA512 6d2e73468485fee2b4007f1fdf16381cdd6c77edbe5530f63cbf8696646b14d06100fdf54a48547f29ea5775f29226b16808a5a1bd4c0778413855f80e5b8259

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_2.dll

MD5 50f4a0d5e6a0bafefa78f353533b8e06
SHA1 d370434eea3a557ed77b2363dfac720a5ed98666
SHA256 9c7897b4ee1bcd190b1c0b7b77e64ee731d234764683a1e2286af70d86b62753
SHA512 7686b893996b76a25ca7da971ca3a10400dcc682a05e8317a9d159a9317537de0bc20dfdef643e85e6ee548d7893138497fc156f77534124a8eb3e3ce47f0cb0

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\X3DAudio1_5.dll

MD5 350fefe18b86bd4d9ab2a96d00215a49
SHA1 be4ddfa0edc3a463471fc170e9706abac0a672fc
SHA256 315944bb2a1959c8a4bd2677ed415363e1611c7351ce55319dc98fd2aac83f87
SHA512 490bdd66920e36aaba2a4d12bfe4aacbead7403b1a623bead0d9ab5f68d80f46fa530c5f7de9e747eb8acbfbec8c635aea32655dddcb6a9d8e006339e1e8857f

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_3.dll

MD5 8ba296419af3417d1e9806b83166e472
SHA1 a2a8a64aedcbda68149a2726b094f1710cba71d1
SHA256 ef052bc9b7fde596fff3ea2d9c8fc994f3282953dead1b7f5477e7154af67245
SHA512 877e89553cbfb6afc6dfb22a590a468f035dccffecf842cb26010d5e62e33fe10e477d5cb157d321de3ecc59112ba616b80e767028eedeb4e70a591f1b81b902

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_3.dll

MD5 47ed15dc87ae334c13c4dacd1be2cced
SHA1 54f94839c4e4d798a1f4f1fb6ee240957a738cb0
SHA256 04dec9d7c68962e01efec0aac0ef7a3499bc4c16e8a41bd61fe6641da48d7dcc
SHA512 da0707a153172c48036d885404035829ea251b7df5a9246fc05dd164ceae9604cb0cc931b85d77151bc613cd5e7e4d0430a4fd92697c8bbc8faf5fcfd1c140c4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAPOFX1_2.dll

MD5 295e47a75f278580f9441041eaaea3d2
SHA1 0716ca729ca3d84e9dfb4bd97c1e12466cc68625
SHA256 d1a55061bcb42f69b7cf35e2985d48e30c7a90f0bc668e90390f465b36bd0161
SHA512 a3cee1d45759fe3323fe8c3c49600856a86b61b3174c4d9c71e58a95db4848683c71605f5bd8c04bec591da02d96b79c68c1135410930ca63d17f7a929f2dc4c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 44442b56a318475a3e7acb055ca79d29
SHA1 9ffe16ecdacd79269344643ca160d940e88e7292
SHA256 4c8befaece0c58eb75c38e2347db04557c1bd2a4a269282c3769d6bcccf50395
SHA512 d64ab17f7e1baaeb5aafa4e7eb100257d7a29b1f5caed394b2d3b656c4c9ae56a0f9b952f60573e3ebffa090740f95b0f173eaf2642d6245eb8c2bc6c619b096

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_40.dll

MD5 eea5e428ce63804f9b12d21c97b5968f
SHA1 77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d
SHA256 16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b
SHA512 545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_40.dll

MD5 91b4aad4412bb223b466f3dfb43e86da
SHA1 850aeb2b3ca15158be00faa5c161312cf4a876f0
SHA256 c05787cbf3aa4527baae96a425ceac910090ef48809990a450c33f3cda0e4767
SHA512 413f68d1ad36aa51389da62eb2fe89969e4460ab166ce44943e382fd2d1cad0953979eebb20af58dd51def3fefa1100ea9fe95c05714c36d5322e281cea1a1a2

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\D3DCompiler_40.dll

MD5 3384134eeb8f223178c2eb8323003ec0
SHA1 c8eaef8cbc91f4386e42904dee70abb6ab7304f2
SHA256 f0a6f156d13150de6ebb094233e5ff78581fbdb77bd0ff8d083698c42bc8e13b
SHA512 dafcf4c116d994c17d47d36b1dbc2ba8ca61cadeefa5d770adc391713d2c13ed2b6eb8d2464f4811cb472c8e1eef384ba21d7ad8203ba4e9ef07f33781feaaf9

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\X3DAudio1_6.dll

MD5 e763798cad2a90b6ab61854f50cd47dd
SHA1 419f2c98d2a3f419db1b1e9b5f4f7c3b9b636c1d
SHA256 574d14ab9a641c6cbadd78f2cd6c088b64b59c3646057952e63cad7d2778e1c3
SHA512 b455b0078786b7ff8362f7404095037a5332603383707a6dd493f381eae3e28135696fb4863e1915ea01c0f12ce10d021a18ab91cbab06b4d20142e0b38833fd

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_4.dll

MD5 686f8d1b4926d48227a06acd4d41cd1e
SHA1 324fd1d21a42f0c30bb071beb2cd5db9abbf3138
SHA256 d3bad7995b998f2c95dbb33020a198ef5a248825321032f051619f353d46182b
SHA512 6ed69ab933492870b7fbf4e178999b835846075fe103e65f9a0f9b1ad8d47c9277f31a7a0fb53f3620b591b103b02bfa8efec530d7372680f585b82e128edcc4

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_4.dll

MD5 e684c5fa18adf9ea14737757413bf727
SHA1 1dd454144e8c0f3aaf24db0b77f03737914d9a72
SHA256 bcde4317debd0052b1436a6fda60e1dcb1e308979498117fa0cb50061f38101c
SHA512 9686f92745a30fd9e442ff6a24dd89410aa483ccd46edbefce0fe378645292255a323e1aae146180e8a4ecd15765a996df959a302d5cdbc6dfa4c5fcb8252e4d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAPOFX1_3.dll

MD5 c4479a4547390e3c5ef28d453abde4f5
SHA1 9b3af3d2ffcf52cc6628cb486372be2870771637
SHA256 c6956ac2ee59f71e86784138b5443de6970a1274ac161945b8a44dc1d535db84
SHA512 94a55bbff8a285d6b91ae72b70664b2c1a067890db175e20265be2d57a4b29deec52f08f0aba8ae07ed30dfcf96889ab835b971d2bf567758d3f7b881a7e5324

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 d001b26aaa9bec255c0b697732e571da
SHA1 adce71afb93cf04a86c1b9d2f80144ca35742d2a
SHA256 1707a6644d66406a9ac149b8fc959d964dce5c028ca3e1d0d5052e70f80515e2
SHA512 af39d48e90cd2cd575a8d039642985e25ead1fa51528a082d91c9bcaf9d1ec97afd0f66c0bebb53043221ef13dda69000ebbdaea87605efbe873f471e16a6f90

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_41.dll

MD5 3fa06cf5079b84155d18b05c08f7131b
SHA1 fafe52876151a08f39dbb6b4aa137dd85558ba5f
SHA256 6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6
SHA512 24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_41.dll

MD5 1aa571774936717ee776dbed51e9edf4
SHA1 98eac7257ab3350504c0a70342b6b24658411f55
SHA256 9f4c15e1f68795727eded4737acc5a1aa85f896cd9e6924fddc9128b48f1bbd6
SHA512 bb47d95d594b249608e323c8ff383c0655a56e9192e1a2f3157e9c18dc7b9baabcf8e6b09d30fef570e0718edf673c56a23df5b5d5c6ec3242ad3d887669127d

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\D3DCompiler_41.dll

MD5 781e8b5b6fdb3c9b4e4a4a9fb019960d
SHA1 292b9f02bc2377c6f89b505554394ace161c68c0
SHA256 69ddadf8f5be24f10382706480b55e2492008d102001779f976608e880c65aab
SHA512 718955c983708f3ce5b6796de28658603bb61270ca6f1b3ee01d73ca9a789db326a7998df38cbd6330e69bfe3d9504b0fd351fb7bb18566be6af03fa36b7573a

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_42.dll

MD5 c6a44fc3cf2f5801561804272217b14d
SHA1 a173e7007e0f522d47eb97068df0ca43563b22bc
SHA256 f8b9cfab7fffbc8f98e41aa439d72921dc180634a1febca2a9d41a0df35d3472
SHA512 2371844bc86cdce2d1933625b921b982c4d1b84a39698b51180b09a2d45732407d721fa01d294ca92a88777607a1bb00283f6bcdd4231137a388216d0b09dd5a

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_42.dll

MD5 501ac862517c5445742bee8a2b88414e
SHA1 49f3f2df66d357aa84a5e7a0eb368ea595b7d95a
SHA256 46429c4affe041b08a7acfda0e9162ba42de966acb2cbcaf09ef976232073b51
SHA512 08dc13d5ad0a0d2aaca9d3dbfb53304216111da73bf48810df2982650d580757c10c8b9bf80ae5191e06ebaa44b2bf9c244ae141308748c3e7fb9ef6088900ad

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx11_42.dll

MD5 d09ac80a4b5312239852836c84df3392
SHA1 ba838d90a1e74d6b9a57abfc9729dd3b2e7fb192
SHA256 8c8fa8dce19e2f43e82cecd73a268e831a5ce0a16023845f7fa7fcb597772e85
SHA512 69232a47c80f01433716f3a9202af25e1b9a298a2b7b7d23b959e59d9c4ebf329cbe9a9a5bde41c06e978fda062225447114f9ae736920e7bbce8587a9390613

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 7d8f5afb77c3ada97a83f3fc253d6392
SHA1 e5424d020c6de84ccf72253834c545024161f682
SHA256 3a07c2436d3fd2473e15518a53262d4f0fb7f2a05589437cc5668f929063e782
SHA512 52f4bd961febfe6f691d7dd1e826f689319656393756e0c5c9e3d9729ad47e072071b204f63a3b37b67204fcdffd4539db08cbf190605dd9652ace51627e8845

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dcsx_42.dll

MD5 373377cf06f5f81954b5474553f0be71
SHA1 063fd179b92724847d1a4a9a2d845ee3a6ad060c
SHA256 b835cc2297e103f9fdd2e98d21893055fbf27501e725a7b4461b35585336d396
SHA512 9cfafdc66067998e36ffea42066b2fe09a30023312638fa6ea8396dda1b4f31c0ca60c5044ef881c9248dc48412e1b980f2b30a8f723a55fc283418d4b5c317c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\D3DCompiler_42.dll

MD5 97c7c3047fed6b814d1fdc2bd3977465
SHA1 8309e117a41cefebe48b4bb2663a4fcd8e6d7a04
SHA256 81080603d0395bf6081d14db041c523e8b31f5e242641b2db903a0d48cb9cd4e
SHA512 ed9dd51076574cfbe9e5f6077e791ed96b485d57dcea3392aace2e117d9e05a09a0ccf8e7f8a8fcc5740e08c4b18a276418e3181290a50e22e0f03585c18e485

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_5.dll

MD5 db3c93e87452b8dab4f58ed1fd2b1998
SHA1 fbcc3c80c74e98e8554260b8a08e14dd1670075a
SHA256 1d37ab9b90372eaaafb5055401449dc3184428fed559baaf36fbcccd2479611a
SHA512 af693d7d326dd7874e0eba5b4163c21aad86270f8e54058c637f1cd200e45eafb75f79a2d579c477c06082ace44f3318bcef71698089808690ff88443ddf348b

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_5.dll

MD5 8b01fb723f3b30ab3debddbf97cfe577
SHA1 e379c3b7d0a66da06b6a381deea19bc541ee0689
SHA256 c596de2ab8394fb62538fef0b4657317f4ead50a6d798c5d066e25e334576c27
SHA512 ba8c5bf7eb657bce6e2c937e082b97bd6169d1cf3daa5800e5112d62596bdea47e5c1f23146f3f696cd68e8def4df92e3fb24a9aa8b9a08320738b66fa6dfe2e

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAPOFX1_3.dll

MD5 30686ece80545e06d78d156eb9f7d463
SHA1 b257ba4ffad8003fb7d12e9babd3cf4e88bd52f9
SHA256 b05ad9417028b9777f69422caa01ae9fd22c7bfe542bc6e7de2649e28a4ea643
SHA512 ca03bb01d8e2608517462597076bfa96f4b2595c33b2635d80e4348ac3926e17c93e5db30d7e43c30277cf8ac07f982a0c729f83a00df8965993d4f0758eca13

C:\Windows\Temp\OLDF858.tmp

MD5 db6c0400a5e2e4f68c7eb75912443296
SHA1 f8c937c62774502960df9321ad1f1d7d0999cddd
SHA256 5f03017d3b51c1dc413952d21bf35ac660693c6f7539e8f8930ddd41d197a495
SHA512 2f950f06ac7806eb1e5e2d0de9b91efe938b0e7cdb85c5838de1bb98ca693be2046c94f7824b084b4bd31e956bd9ba90f891145fcb26cbf47911c925fd07f3db

C:\Windows\System32\XAPOFX1_3.dll

MD5 37b348a79c4c9b8ab925b18ffd241e96
SHA1 a0b030e5652eafca2cc5d741dbbaac203781ed1d
SHA256 787e10d48d90db50dc155fca53fe8c5c1a383ca24d468733d4b8fe3acf2d0a34
SHA512 20ad359ed0a1fbfacbbba2749eaac9be4e9f416e24cb7ac9dda55c6d2d372fd290781607e5f806b4da3a9d01abef58b979153bc144a8cc8c6d7115166178fe85

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_6.dll

MD5 f81c4678a55ffee585ac75825faf5582
SHA1 8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc
SHA256 8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f
SHA512 8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_6.dll

MD5 4976243bd70fae3d1d24e49739ab2710
SHA1 6ef27b10bcf4e697fe77c3e964b326be11e4444f
SHA256 61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7
SHA512 af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAPOFX1_4.dll

MD5 e4ce2af32f501a7f7dddd908704a0ee6
SHA1 9dc2976efb15b6fba08bebdeb98929b6961063a5
SHA256 0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06
SHA512 ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 730e5493910e5693499485e352381c6a
SHA1 2871488c24d069e677868e0a590e7e74f1f19b12
SHA256 d808bb408a4bd695a9793e70b1c61637e008ac11174dbe1373481e2bdb0c9299
SHA512 62fb2a2ddfd62d48ca8a709426c07e1cda0e66df5b977c3bfdc3b191d15c3a139a5c6180ed7a66b2418a5436273d713f2af1cb21f7dc77df78e0743d6a18e176

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx9_43.dll

MD5 86e39e9161c3d930d93822f1563c280d
SHA1 f5944df4142983714a6d9955e6e393d9876c1e11
SHA256 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
SHA512 0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx10_43.dll

MD5 20c835843fcec4dedfcd7bffa3b91641
SHA1 5dd1d5b42a0b58d708d112694394a9a23691c283
SHA256 56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf
SHA512 561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dx11_43.dll

MD5 8e0bb968ff41d80e5f2c747c04db79ae
SHA1 69b332d78020177a9b3f60cb672ec47578003c0d
SHA256 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d
SHA512 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\infinst.exe

MD5 a7ba8b723b327985ded1152113970819
SHA1 50be557a29f3d2d7300b71ab0ed4831669edd848
SHA256 8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff
SHA512 60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\d3dcsx_43.dll

MD5 83eba442f07aab8d6375d2eec945c46c
SHA1 c29c20da6bb30be7d9dda40241ca48f069123bd9
SHA256 b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca
SHA512 288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\D3DCompiler_43.dll

MD5 1c9b45e87528b8bb8cfa884ea0099a85
SHA1 98be17e1d324790a5b206e1ea1cc4e64fbe21240
SHA256 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
SHA512 b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\xactengine3_7.dll

MD5 4fd7bcb9d8af6a165e9ba0c2eb702e7c
SHA1 a90863632c2d54dd06e01537744a7b65bb3d0db2
SHA256 d7b1cf58898046c430d49cf8f778e4898280f4709340c3938d3139894166fe8d
SHA512 7fcc435d07c434ec392bb9bfa98aee20b0b1cd2ad6a31f073af80f6f37639336349728c9b0fcd967c4c395fc40c0efad1e36142fe7632512b0f26aca1b1c4bea

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAudio2_7.dll

MD5 81dfddfb401d663ba7e6ad1c80364216
SHA1 c32d682767df128cd8e819cb5571ed89ab734961
SHA256 d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69
SHA512 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

C:\Users\Admin\AppData\Local\Temp\DX89A1.tmp\XAPOFX1_5.dll

MD5 8a4cebf34370d689e198e6673c1f2c40
SHA1 b7e3d60f62d8655a68e2faf26c0c04394c214f20
SHA256 becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197
SHA512 d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cb292fc0e22ae7653b1ec81101a760ee
SHA1 be70cdd6a66e919f0384bff9a66b319a95b565fd
SHA256 2be1aadf7b4ad8fc694c86866c0b7f835beefde80db9a74c1831188c884f396c
SHA512 9c8e4d81b2117aed117353061cfff8c80b6410794fc3e722ae8f54d2c5200c1977d4dd2d5f428fcddd331bb24b2140c50730e618275a0ab194a0f982fb931198

C:\Users\Admin\AppData\Local\Temp\OfficeRuntime.exe

MD5 c37fdf09627709384b5d7f6cd092eed4
SHA1 b098112c1fdbf7582285e4cbe7cffebde481904c
SHA256 b4ea9a5a63b1aac6f1ff60311e433a217b88709f99daaa3f0b0c0e8933342303
SHA512 a44dfe94f10c0d277bfa0e716c2c18602022609f645a371158c4a3f063820550ee879523321bc88c89e047ae0af23c4dcbd13f6c4d3d4b60d7d45e8d2bc92ec5

C:\Users\Admin\AppData\Local\Temp\_MEI52842\setuptools-56.0.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1