Malware Analysis Report

2024-09-09 18:03

Sample ID 240618-pw1fxstepd
Target https://venomcheats.net/
Tags
evasion persistence privilege_escalation themida trojan
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file https://venomcheats.net/ was found to be: Likely malicious.

Malicious Activity Summary

evasion persistence privilege_escalation themida trojan

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Downloads MZ/PE file

Sets service image path in registry

Executes dropped EXE

Checks computer location settings

Themida packer

Event Triggered Execution: Component Object Model Hijacking

Checks BIOS information in registry

Loads dropped DLL

Checks whether UAC is enabled

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops desktop.ini file(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Checks SCSI registry key(s)

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: LoadsDriver

Modifies registry class

Uses Volume Shadow Copy service COM API

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Modifies system certificate store

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks processor information in registry

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 12:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 12:41

Reported

2024-06-18 12:48

Platform

win10v2004-20240611-en

Max time kernel

406s

Max time network

408s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://venomcheats.net/

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Downloads MZ/PE file

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\gAfuZonBwjDybFOkbKj\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\gAfuZonBwjDybFOkbKj" C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\JQxQfykekFOnExyKEjWStrl\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\JQxQfykekFOnExyKEjWStrl" C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x86.exe N/A
N/A N/A \??\f:\1654098dd47a0dde52d2d3d2a121ea\install.exe N/A
N/A N/A C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x64.exe N/A
N/A N/A \??\f:\865ff8f1971cac62de063df0fddbab\install.exe N/A
N/A N/A C:\Program Files (x86)\RivaTuner Statistics Server\Redist\dxwebsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\RTSSSetup733.exe N/A
N/A N/A C:\Users\Admin\Desktop\RTSSSetup733.exe N/A
N/A N/A C:\Users\Admin\Desktop\RTSSSetup733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
N/A N/A \??\f:\1654098dd47a0dde52d2d3d2a121ea\install.exe N/A
N/A N/A \??\f:\865ff8f1971cac62de063df0fddbab\install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Themida packer

themida
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Program Files (x86)\RivaTuner Statistics Server\Redist\dxwebsetup.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File created C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly\Desktop.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\DirectX\WebSetup\Nov2008_d3dx9_40_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2007_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2008_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\xactengine2_9.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET51E1.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\D3DX9_40.dll C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET5983.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2010_d3dcsx_43_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Mar2009_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\xinput1_3.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\xactengine3_1.dll C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\system32\SET504A.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2006_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\xactengine2_2.dll C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET46C0.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET48A9.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Dec2005_d3dx9_28_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Feb2006_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SET2E4B.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\d3dx9_24.dll C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\xactengine2_2.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET3BD8.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\SET4907.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_5.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET5396.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET5603.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2007_d3dx10_34_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET3B7B.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET4203.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET5BD3.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2010_d3dx9_43_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2009_xaudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx9_27.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SET3BF9.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET5136.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET5B37.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Feb2006_d3dx9_29_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET4AEB.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\system32\SET4C91.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx10_39.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\SET579C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET57CC.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_7.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\SET5D5A.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Apr2007_d3dx10_33_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Jun2007_d3dx9_34_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx9_30.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET3938.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\system32\SET3D5F.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\system32\SET3F15.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\system32\D3DCompiler_41.dll C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Nov2007_d3dx10_36_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\d3dx9_28.dll C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\SET3DE3.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET4974.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_6.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\SET5EFD.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Apr2007_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\SysWOW64\DirectX\WebSetup\Aug2007_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\system32\X3DAudio1_5.dll C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\xactengine3_3.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\system32\SET5BE4.tmp C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DX9_43.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\SysWOW64\XAudio2_7.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\DUT\Translation\Localization\ITA\Description C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\RUS\Help\PLACEHOLDER_OSD_WND C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\RUS\Help\TEXT_OSD_X C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\POL\Translation\RTSS.exe\StringTable C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\palemoon.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\SSEXP.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\RTSSHooksInterface.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\PTBR\Help\BUTTON_COLOR_BGND C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\OverlayEditorWnd.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\NVENC\NVENC.sln C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Help\BUTTON_FRAMETIME C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Help\Properties\General\FRAMETIME_CALC C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\RUS\Translation\SaveMedia.dll\Internal C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\BlueStacks.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\Dropbox.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\WoWClassic.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\ATIADLInterface.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\QSV\QSV.cpp C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\ITA\Help\TEXT_FRAMERATE_LIMIT C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\SPA\Translation\Localization\POL\Description C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\UKR\Translation\RTSS.exe\Dialogs C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Plugins64\VCEPreset2.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\HaloWars2_WinAppDX12Final.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\raptr.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\DynamicColor.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\NVENC\NVENC.clw C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\NVENC\NVENC.def C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\QSV\QSVConfigurationDlg.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\3DMark05.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\REResistance.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\OverlayLayersDlg.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\NVENC\NVENC.vcproj C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\FR\Help\BUTTON_MIN C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\PTBR\Help\PLACEHOLDER_OSD_WND C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\HotkeyHandler\BenchmarkDlg.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader.exe C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Help\Properties\User interface\LAYERED_WINDOW_MODE C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\HotkeyHandler\HotkeyListenerRawInput.cpp C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\DUT\Help\Properties\User interface\LANGUAGE_COMBO C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\FR\Help\BUTTON_ENABLE_STAT C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\RUS\Help\Properties\General\ENABLE_FRAMETIME_HISTORY C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\NVMixer.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\POL\Help\BUTTON_ENABLE_STEALTH C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\OverlayAttributesLibrary.cpp C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Plugins\Client\Overlays\classic.ovl C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Include\SaveMediaTypes.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Help\Properties\General\SYNC_LIMITER C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\POL\Help\BUTTON_SETUP C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\PTBR\Help\Properties\General\HIDE_PRECREATED_PROFILES C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\QSV\QSVEncoder.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\PTBR\Help\Properties\General\RESET_CACHE C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\playstv.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\RecentDynamicColorsWnd.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\FR\Help\BUTTON_ENABLE_OSD C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\GER\Help\Properties\General\ENABLE_ENCODER_SERVER C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\POL\Help\BUTTON_SPIN_RIGHT C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\HwInfoWrapper.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Plugins\Client\OverlayEditor\targetver.h C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File opened for modification C:\Program Files (x86)\RivaTuner Statistics Server\Profiles\Config C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\GER\Help\BUTTON_CLOSE C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\ITA\Help\Properties\User interface\SKINS_COMBO C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\Localization\GER\Help\BUTTON_ENABLE_STAT C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\SaveMedia.dll C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
File created C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\RocketDock.exe.cfg C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\assembly\tmp\EXYEUXLK\__AssemblyInfo__.ini C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5AB87A.tmp\Aug2007_d3dx10_35_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B5AD5.tmp\Jun2007_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B7216.tmp\Nov2007_x3daudio_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B8187.tmp\Mar2008_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B8EF4.tmp\Jun2008_x3daudio_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A8C69.tmp\Apr2006_xinput_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5AC2CB.tmp\Mar2008_d3dx9_37_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B3AC9.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A8ECA.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B6489.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B716A.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B859E.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\assembly C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B74F4.tmp\Mar2008_d3dx9_37_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5BD1AA.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\assembly\tmp\O32JTAQU\Microsoft.DirectX.Direct3DX.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5A935E.tmp\Feb2005_d3dx9_24_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5A9D51.tmp\Dec2005_d3dx9_28_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5AE1FB.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5AE9EA.tmp\Aug2009_d3dx9_42_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5AE9EA.tmp\Aug2009_d3dx9_42_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\assembly\tmp\PAHKZR8T\Microsoft.DirectX.Diagnostics.dll C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B3EF0.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B5AD5.tmp\Jun2007_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5BD341.tmp\Feb2010_xaudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5BF501.tmp\MDX_1.0.2905.0_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5BFA8F.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A95CF.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B3134.tmp\Aug2006_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B3134.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B3403.tmp\Oct2006_d3dx9_31_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5BF3D8.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A8D53.tmp\Apr2006_xinput_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5A8E1E.tmp\Aug2006_xinput_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B9CEE.tmp\Aug2008_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5BFEE5.tmp\Apr2006_MDX1_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B8E48.tmp\Jun2008_x3daudio_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5BB72D.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5AA715.tmp\Dec2006_d3dx9_32_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B0988.tmp\Feb2005_d3dx9_24_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B1530.tmp\Aug2005_d3dx9_27_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B2221.tmp\Feb2006_xact_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B4180.tmp\Dec2006_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5A91B8.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5AE6BE.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B69E8.tmp\Nov2007_d3dx9_36_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.xml C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5BDFA5.tmp\Jun2010_d3dcsx_43_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5A91B8.tmp\Apr2007_xinput_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5AD2D8.tmp\Aug2008_d3dx9_39_x86.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B0DBE.tmp\Apr2005_d3dx9_25_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File created C:\Windows\msdownld.tmp\AS5B2DBA.tmp\Apr2006_xact_x64.cab C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
File opened for modification C:\Windows\msdownld.tmp\AS5B4C9C.tmp C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004dd597242da055490000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004dd597240000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004dd59724000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4dd59724000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004dd5972400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2c C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631881023469608" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e00660074005a003f002800770035002b002e0034002c007e007b0044004700380037002b007800260000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\ = "XACT Engine" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{f4769300-b949-4df9-b333-00d33932e9a6} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\ = "AudioReverb" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_5.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_6.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\VC_RED_enu_x86_net_SETUP C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1138472b-d187-44e9-81f2-ae1b0e7785f1}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine2_3.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32\ = "C:\\Windows\\system32\\xactengine3_0.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{03219e78-5bc3-44d1-b92e-f63d89cc6526}\ = "XAudio2" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\ = "XACT Engine" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\Servicing_Key C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8bb7778b-645b-4475-9a73-1de3170bd3af}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e005500410049003f00470048002e007b005d0037006a005a003f0034005d0041006e0062002400420000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2139e6da-c341-4774-9ac3-b4e026347f64}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_5.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f5ca7b34-8055-42c0-b836-216129eb7e30}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_2.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c9b6dde-6809-46e6-a278-9b6a97588670}\ = "XAudio2" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c9b6dde-6809-46e6-a278-9b6a97588670}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.CRT,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004300520054005f007800360034003e002c007d0050004e002c00320065006e007a003300270070005b00550021006c004900720021006e0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\ = "XACT Engine" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{d06df0d0-8518-441e-822f-5451d5c595b8}\ = "AudioReverb" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9cab402c-1d37-44b4-886d-fa4f36170a4c}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f1b577e-5e5a-4e8a-ba73-c657ea8e8598}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8bb7778b-645b-4475-9a73-1de3170bd3af}\ = "AudioReverb" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bc3e0fc6-2e0d-4c45-bc61-d9c328319bd8}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{77c56bf4-18a1-42b0-88af-5072ce814949}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{bcc782bc-6492-4c22-8c35-f5d72fe73c6e}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{c60fae90-4183-4a3f-b2f7-ac1dc49b0e5c}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine2_2.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{b802058a-464a-42db-bc10-b650d6f2586a}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{e180344b-ac83-4483-959e-18a5c56a5e19}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_3.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_OpenMP_x86 = "VC_Redist_12222_x86_enu" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3a2495ce-31d0-435b-8ccf-e9f0843fd960}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3b80ee2a-b0f5-4780-9e30-90cb39685b03}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6f6ea3a9-2cf5-41cf-91c1-2170b1540063}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_0.dll" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{d3332f02-3dd0-4de9-9aec-20d85c4111b6}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{629cf0de-3ecc-41e7-9926-f7e43eebec51}\ = "AudioReverb" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54b68bc7-3a45-416b-a8c9-19bf19ec1df5}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{962f5027-99be-4692-a468-85802cf8de61}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4c5e637a-16c7-4de3-9c46-5ed22181962d} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{fac23f48-31f5-45a8-b49b-5225d61401aa}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57} C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{d3332f02-3dd0-4de9-9aec-20d85c4111b6}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Net\2 = "f:\\1654098dd47a0dde52d2d3d2a121ea\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{343e68e6-8f82-4a8d-a2da-6e9a944b378c}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{94c1affa-66e7-4961-9521-cfdef3128d4f}\ = "XACT Engine" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4c9b6dde-6809-46e6-a278-9b6a97588670}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\FT_VC_Redist_MFCLOC_x64 = "VC_Redist_12222_amd64_enu" C:\Windows\system32\msiexec.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\New folder\LoaderDownloader.exe N/A
N/A N/A C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe N/A
N/A N/A C:\Users\Admin\Desktop\RTSSSetup733.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe N/A
N/A N/A C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x86.exe N/A
N/A N/A \??\f:\1654098dd47a0dde52d2d3d2a121ea\install.exe N/A
N/A N/A C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x64.exe N/A
N/A N/A \??\f:\865ff8f1971cac62de063df0fddbab\install.exe N/A
N/A N/A C:\Program Files (x86)\RivaTuner Statistics Server\Redist\dxwebsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1432 wrote to memory of 1044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 1044 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 3980 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 2780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 2780 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1432 wrote to memory of 708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://venomcheats.net/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3162ab58,0x7ffb3162ab68,0x7ffb3162ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4380 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4544 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1776 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3108 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4584 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1568 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1680 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\New folder\LoaderDownloader.exe

"C:\Users\Admin\Desktop\New folder\LoaderDownloader.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c CLS

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\Desktop\New folder/ERSsAfkWXW.exe

C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe

"C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=736 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" /C Get-Service -Name WpnUserService* | Restart-Service -Force

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://venomcheats.net/faq

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb1e1546f8,0x7ffb1e154708,0x7ffb1e154718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3369729197777864491,953520194963798801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Users\Admin\Desktop\RTSSSetup733.exe

"C:\Users\Admin\Desktop\RTSSSetup733.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_RivaTuner.zip\RTSSSetup733.exe"

C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x86.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x86.exe" /Q

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.exe

f:\1654098dd47a0dde52d2d3d2a121ea\.\install.exe /Q

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x64.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x64.exe" /Q

\??\f:\865ff8f1971cac62de063df0fddbab\install.exe

f:\865ff8f1971cac62de063df0fddbab\.\install.exe /Q

C:\Program Files (x86)\RivaTuner Statistics Server\Redist\dxwebsetup.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\Redist\dxwebsetup.exe" /Q

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe /windowsupdate

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_24_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_25_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_26_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_27_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_28_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_29_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_0.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_30_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_1.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe xinput1_1_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_2.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe xinput1_2_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_3.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_31_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_4.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_32_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_00_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_5.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_6.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_33_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_33_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_7.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_34_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_34_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_8_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_8.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_35_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_35_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_9_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_9.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx9_36_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_36_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe X3DAudio1_2_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT2_10_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_10.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DX9_37_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_37_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe X3DAudio1_3_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_0_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_0.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_0_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_0.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DX9_38_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_38_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe X3DAudio1_4_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_1.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_1_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_1.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DX9_39_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_39_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_2.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_2_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_2.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe X3DAudio1_5_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_3.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_3_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_3.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DX9_40_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_40_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe X3DAudio1_6_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_4.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_4_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_4.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DX9_41_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_41_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DX9_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx11_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dcsx_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DCompiler_42_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_5.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_5_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_5.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe X3DAudio1_7_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_6.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_6_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DX9_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx10_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dx11_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe d3dcsx_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe D3DCompiler_43_x64.inf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XACT3_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_7.dll

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe XAudio2_7_x64.inf

C:\Windows\system32\regsvr32.exe

C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll

C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe" /LANG

C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe" /I

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Program Files (x86)\RivaTuner Statistics Server\Doc\ReadMe.pdf"

C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe"

C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe" /i

C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe

"C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe" /i

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1884,i,17832547526402782138,10382981795077020032,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Temp1_NewLoader.zip\LoaderDownloader.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_NewLoader.zip\LoaderDownloader.exe"

C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe

"C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe"

C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe

"C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 venomcheats.net udp
US 172.67.74.88:443 venomcheats.net tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 184.2.17.104.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 104.17.2.184:443 challenges.cloudflare.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 cdn.venomcheats.net udp
GB 142.250.187.238:443 www.youtube.com tcp
US 104.18.42.227:443 cdn.venomcheats.net tcp
US 104.18.42.227:443 cdn.venomcheats.net tcp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 faq.venomcheats.net udp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 www.elitepvpers.com udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 216.58.212.214:443 i.ytimg.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.34:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.178.10:443 jnn-pa.googleapis.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
GB 142.250.178.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 214.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c66.gcp.gvt2.com udp
SA 34.166.9.70:443 e2c66.gcp.gvt2.com tcp
US 8.8.8.8:53 venomcheats.net udp
US 172.67.74.88:443 venomcheats.net tcp
US 8.8.8.8:53 3.69.250.142.in-addr.arpa udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
N/A 127.0.0.1:56056 tcp
N/A 127.0.0.1:56058 tcp
US 8.8.8.8:53 venom.nyc3.cdn.digitaloceanspaces.com udp
US 172.64.145.29:443 venom.nyc3.cdn.digitaloceanspaces.com tcp
US 8.8.8.8:53 70.9.166.34.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 172.67.74.88:443 venomcheats.net tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 108.177.122.94:443 beacons.gvt2.com tcp
US 8.8.8.8:53 94.122.177.108.in-addr.arpa udp
US 172.67.74.88:443 venomcheats.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 172.67.74.88:443 venomcheats.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 172.64.145.29:443 venom.nyc3.cdn.digitaloceanspaces.com tcp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 117.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 download.microsoft.com udp
SE 23.34.233.106:80 download.microsoft.com tcp
SE 23.34.233.106:443 download.microsoft.com tcp
US 8.8.8.8:53 106.233.34.23.in-addr.arpa udp
GB 142.250.187.238:443 www.youtube.com udp
US 142.250.69.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 rtss.guru3d.com udp
DE 62.141.36.213:443 rtss.guru3d.com tcp
US 8.8.8.8:53 213.36.141.62.in-addr.arpa udp
US 172.67.74.88:443 venomcheats.net tcp
US 8.8.8.8:53 venomcheats.net udp
US 172.67.74.88:443 venomcheats.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 172.64.145.29:443 venom.nyc3.cdn.digitaloceanspaces.com tcp
US 8.8.4.4:443 dns.google udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 172.67.74.88:443 venomcheats.net tcp
US 172.67.74.88:443 venomcheats.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 172.64.145.29:443 venom.nyc3.cdn.digitaloceanspaces.com tcp
US 8.8.4.4:443 dns.google udp
US 216.239.34.36:443 region1.google-analytics.com udp

Files

\??\pipe\crashpad_1432_EPFKFUTLHBFMDPOI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 14c64e30e1f0edb1de530b2643a89e79
SHA1 a18825a0ed82929968adf893ceb124004dc2b860
SHA256 90f01c24849a762e2ea58d90574953e9249ea5ddecf109a93efd7753ea3fcd57
SHA512 5cdecd9aa91eca5e513fea2edd64c3cf1d832f4ea053bf5aa9116274a6dc87383a5f3cdef8bf204ef882705130712c7c3744736b8910ae915a444df76b8d5763

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 690f75e958f0907fb78f140b6fa59128
SHA1 55e002f18f86c8f8c7a3fd6fa3e3f08ccb2cfbd7
SHA256 45e3a0ffb058b16c55c1f6f19e1f509958ebf29730427bac7f1885b2cfa90977
SHA512 974ac159609fa6c5726cb3440ca57b48aef611404c0bbccbdc7181c9616b4a684f5acdc076a5d128ae8fcc61c27aa97aa783f1c6e1e37f777a990ba19d7c338b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d7eb9bf49a9e396c39f1f5eed8c9c4e3
SHA1 27779c933dec745991d65488de1e10ff72170988
SHA256 02aa427b084615200e73d89300f6ce68c172349c4dcb81e7d3f5bfa9ebdf0145
SHA512 83e51f092c67cdaadcce7f0ea2a3e534ae2e2d3dbcb170854e265a4763fce9fee8cb4983b6f6241114f9b48900ab15c6edbca110f2efb30a76844a6a8dcebae0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 94275bde03760c160b707ba8806ef545
SHA1 aad8d87b0796de7baca00ab000b2b12a26427859
SHA256 c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968
SHA512 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57fccf.TMP

MD5 4f40b1bbfb8647d98276efba47376475
SHA1 8b8309fe590ba29373b59acb94eec50729422406
SHA256 84be0de8bdb6b6012aa8e6ff2bc30a275963eedf79a1bc42557764d3441cd0d7
SHA512 aadb89f881327edf1eb5ac8935b361305ce3c238047d667dbdb75a258e140084abc1b5da0ec6fbcdb166289b1bd29ce09cb153c0dbee9653ec4eabfa21464338

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 87538c1a75e7545606692b778fe9c4af
SHA1 079e3bf3105a4a4d10a02fe08991fe0e4b3ab82f
SHA256 1a20e0ef969de5f8e878e668879570e5de1d1fcdd6d3ee214a2faa887e369ec9
SHA512 c6f95c0709c4a1c33aada2fb45c72e574507574f7557e57270751a1c3d043c269fba3e4d9115fda5d3a5b9fa5f03e1af716c9977ce0d3f130995b1e1071ed10a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d97b9c79f3196a3c8b891b89776bb9b6
SHA1 6c8ed716c1c727a4334ed173fe48f195d0fd380f
SHA256 7370946044eb9de83de1b381f0f3139fc200694d1f0088b22821422bd1d18916
SHA512 d96cd1dd506830fa8afaec0c5bc76daef2651ed2b680811e45ba235153e622f151e3554515189362aa37302a91c679e69a5aa949d606580be84e21ba153c4c60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582c3b.TMP

MD5 85fec8065ee60c4184b4b5dc12fb2292
SHA1 6e95ce92924edbd12c354f626c0fc4f1f3687ddf
SHA256 fc94134cbc46d5893fc5b402a0752107ef3b73e55756babf88cf016e2ca2fe70
SHA512 fa0c656e7e5d1dd91f38d6607ff7270fc2a487a85db0dda69bdc594b2fcd3120932614553d199c9695213d5fcd11b980bdfc4c118b16f735e185c55cfbcac353

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 604879f5240dfecb2ea577c26c020883
SHA1 2f348d25b6e5e28b62e1c66c7d713b5fbe05eee6
SHA256 1a17550aad7e8aad55704311835895b8acda6feef00e95161e48299f242806c2
SHA512 5801e0713c1945e0cd387c318a2080be409d486121764b75232a98a889ea9ad5daeef04e4373519630c317452a46027a81ca793903eaef8c8feb041101150dc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6fbf3960418a23a51b49d388ce0a46d2
SHA1 53029320b742621f5aeb5eafaf7c68ad81fa5acf
SHA256 a2c04ecc4db0400c1189f073e6483aa5fbee918c96c93d8bd82926a8f884cba5
SHA512 131c8486068ca4c61613031936ba80aae3b1fc55b6225bbea19f20e884fd0251e5acdd003a297846ef814fb90dc59b8e1bb2df3c195ba099d45044beac20a918

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d3eaf15970066b5a3a8ffef5b4e10e17
SHA1 04989dbaa28342c6b0d8b12a062668ae92409c03
SHA256 12f7531b6e7a3b52cf9136f3e04eded516cff6d3c7cccd71a0c5cf8595e36e88
SHA512 1e0f905d4af0f41a55be44482c24753f485aad9a021ea0e5a7e38bb4323dbe0beb7caa8dac76e657808d6c11fc85aeac36996e5e16b7cae9e96fbdda732b1724

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1b0c9ce057764650f4641426e80d4853
SHA1 3864b897b5f9a72e6ab13a074ac1a124100a0820
SHA256 d6abd43ee21371dfcb09da86d8830de580162bd0a333acbd0e206ce26d4f4fa9
SHA512 d37c9efcad7f96eb9fbea858003269f44d62b02aa778d05f76978f4b6d063c9882786ea9cff6015e27fe185d05b9f8c29103cba61dfde02a2c582d39c158e313

C:\Users\Admin\Desktop\New folder\ERSsAfkWXW.exe

MD5 aebd0b4b968cb7ccd75ca63eb0b649b3
SHA1 5951ab03ec6c8e40d1e1be25ad6fe30614a8f344
SHA256 d693c6a6b3eef397023f5d6dd0d59222c4d97aedbf313ef2769d5f7010cd5e7a
SHA512 110e305dc09f4b06d5f83e3b360708ac7c509e5defc9e81b44d69d06dc6c5c274cd16a4700a5183df544bbe6225d0179e030266813af1561e15db8b12a34724f

memory/3996-282-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-284-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-283-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-285-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-286-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-288-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-287-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-289-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

MD5 5ae8478af8dd6eec7ad4edf162dd3df1
SHA1 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a
SHA256 fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca
SHA512 a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

MD5 423d86b137775e7e6139a8b7798db0f2
SHA1 ada81412954aaaa0c1d293c5dab7b2f4992d2096
SHA256 22b795650808b66401b0cf68e59910a5ffaa9a54b4226880fab731e92f8e70de
SHA512 afd641afb05409efaaeb9e0a032d378a1904beb8c8d352d8f1d20de1c46c19a8ec286142dfac006ae84b546205bb8c6cf93f635353ad0f6c0c58318e59c46072

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 07ad8088e9d1d12e4b73a38e4bde31d7
SHA1 34a6244993bc63923f3fced04fcd105353c6e641
SHA256 1b4042e716e8f8eed87055d519e51195d888469e6eea2b4fc7ae409f44b9c6f2
SHA512 004bee6589d869745b8414e1d9d8d51da191b04ac624a49b609d1bd24eb1ab76856d6c8875e65973d82829e51a925ff2c5ee4fc6c22036fc3e5e9fd9741bf238

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_feijpy5n.rmb.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2104-304-0x00000197F1CE0000-0x00000197F1D02000-memory.dmp

memory/3996-311-0x000002AE47780000-0x000002AE47781000-memory.dmp

memory/3996-312-0x000002AE47890000-0x000002AE47891000-memory.dmp

memory/3996-322-0x000002AE48ED0000-0x000002AE48ED1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba0a66fce6e69e2b8b82676c56c8099d
SHA1 6a92f5eb24c3bd06c57b0e00290107ab44c3a89a
SHA256 d9a170e58b8e3154257af9a7d104f7006060ddd22e42a4ef51bb97405302bd28
SHA512 14fdf15c89e974f1bb282e1c2419a3c7599740d6308f0302b6ea10885f3882d3825e4ec09a5fbbbd38a3786ba103ce106cd27f7051f52abc8db571419ed84a54

memory/3996-391-0x000002AE49710000-0x000002AE49711000-memory.dmp

memory/3996-392-0x000002AE4ACD0000-0x000002AE4ACD1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 df119822b433f264239b8269dd7fc83f
SHA1 a6309dc1f47d9a2cc31acaa856dfe8433b98bcb8
SHA256 6cc0c290d152f85944eaa980b4bf2e06ab6f8a59911336926db0fd6b3b89ffb9
SHA512 82236cad08c97fcc35a9df87104098cb97d2d9a3aff2a7963c8b583b8e7b35f9368167807ba81021020e67e155e4b1e5968794176837a96238d22f44351992ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9daa46f21277717d93db5c572ce6be2
SHA1 089df2a6e9ed62923e978911a6ded55bc93da717
SHA256 9d08885f1dab3a20677912d3dc902dffec28f01685a17db654fd6682d9f9439f
SHA512 521af2a3a64a9c5efb9560576bec7a1e881e1a088ec632c4ae08d5e370cf9601a3281f1d19e451283ac40b63fce9abf4754eb08f56f330631818798c212dfa1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38fc5a40edbfeb9e8da14cc5da9672b8
SHA1 99c606771817b34dca5805264756c77c3b7bd245
SHA256 5f3c9e93162053396628a6d06edc0e1bca991d7b849ba6634cede7056889306a
SHA512 5bb478bd6bb7c2c6fe5360c27d2aa44b4a3900e0c2e8aac4621fbcf30ba97cb82ca9036856d36b69b2e6fcdde45824c74529e6657cc30b623f3881a849706a16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 006f3a43dc2208ba159df473bb2408cf
SHA1 012145dd6ca657a930cc9504d50f211bb0728e1b
SHA256 be74bcdca128eb7b30f3f3f1986fdcb604580019eaa8d1ccfa95f570c9eec767
SHA512 9260324b104965d960b20115d70dbaa47c2d459353dc40985bcab164da7930bc6604cc029787125937e873b42c5923fb99fa246583ec10933714557585fce2a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/3996-542-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-693-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/3996-859-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8d62363ad4080445dcbc34965e4a513d
SHA1 4f5bb8dd87295ab78db4b5b7ec998557e394714c
SHA256 f0208d5f94c3dd1e8cc487cf77d077ab789e16c5445c8a27f19fe53daa261c1c
SHA512 5e33737d9f450d54ce1a8fc3fcb868a5d4378392350681b1d06f6e77e341aeb9c5052ef2de0e1f51b5944d8b9b9ee2ec30014922b7eda5ebed552b6f08e35a4a

memory/3996-1503-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsy9A7.tmp\LangDLL.dll

MD5 08de81a4584f5201086f57a7a93ed83b
SHA1 266a6ecc8fb7dca115e6915cd75e2595816841a8
SHA256 4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6
SHA512 b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

C:\Users\Admin\AppData\Local\Temp\nsy9A7.tmp\nsDialogs.dll

MD5 ca5bb0ee2b698869c41c087c9854487c
SHA1 4a8abbb2544f1a9555e57a142a147dfeb40c4ca4
SHA256 c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324
SHA512 363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

C:\Users\Admin\AppData\Local\Temp\nsy9A7.tmp\System.dll

MD5 6e55a6e7c3fdbd244042eb15cb1ec739
SHA1 070ea80e2192abc42f358d47b276990b5fa285a9
SHA256 acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506
SHA512 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

C:\Users\Admin\AppData\Local\Temp\nsy9A7.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Users\Admin\AppData\Local\Temp\nse25E9.tmp\StartMenu.dll

MD5 6581c243481c0ba91ec1bd9fd93f1c30
SHA1 b00b7fe38b0dbf5576239a8f62f01df7fb993e5d
SHA256 72fa1a91185fda8b68a49b9ebb8d5ddf00f899f590d1e657a58c229f9bd0a700
SHA512 c882c15e1222929369753addb023fe028dd95345c0b29a5a8c0ba00cbdee45f3a7aacafd9d4cdc5fe86e3676ba958abf841801d73361c4630e7f48ab63725055

C:\Program Files (x86)\RivaTuner Statistics Server\Localization\POL\Translation\Localization\PTBR\Description

MD5 c4c8a93acc52d8a8c98fca0ad3c23ed7
SHA1 c85da95a906594cfa9526c1a851381d53065c413
SHA256 bf9b5f5dd80f73b363e5268b021a5f76bbceb7108016e994f52a1f191f7c0b19
SHA512 7e55d0ac4a2a34dcf592659d694159799d8d7cb364f7bb8dae2ebb8b3b61b080ef5e5f091d761b247a620d055d6853813156c17a202511919b62de3770b1069d

C:\Program Files (x86)\RivaTuner Statistics Server\Plugins64\VCEPreset1.cfg

MD5 7f612668e40535ea775445ba7e0eeac5
SHA1 3dd2e17ae337cad59ed88a1bb7c290e39b05385d
SHA256 0cc65c63271576a770a3ace6376afd16869302353d8eb76130f32a917f6b998e
SHA512 9f192db6832a895a18b263c4c071ab927011c30ad1962fdac0d293c0fef19a01c372774cd5e4ae263326ab82596b3abedc7e4d15f7b7f22d450242595055ed09

C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\Action_x64.bin.cfg

MD5 14c57b5bd3c8168436aac8858dcf0fce
SHA1 db461e9d3144eb0693bbc91326a1c0082fc7879e
SHA256 1f2f4205cf22284c2dd1c6ecce54513c65182a28cbfc43a3657f7842f2049a88
SHA512 e3e27fbf254d9c69f8957e2771e8b8a8f106dbbe12323cb2cf2756262c56e9f9bde4c02f052355f6a28aefdca5ce9283b3f01cece79457ced5376ce088334980

C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\GPU_Caps_Viewer.exe.cfg

MD5 22c251c52ccbb145c93c86d6d1df6341
SHA1 38276d560ea6218defbb2a4fa8c51e46178b40f7
SHA256 978d73049c82289f60b71b155f523b60176f6dd64b3b7e8b28d82af0fca55e35
SHA512 86723291f2815ad675a3c95251639599ea7430a27ee0a1eca15cc358490e6a463a0bd8184c02956b430adab501a1b2aee18f6072c91c682aa0798e093eec747a

C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\JustCause3.exe.cfg

MD5 040735b8b5036531720299750ea5d45b
SHA1 c14627639ce436128ab75befe2d233843fe4bb40
SHA256 4192ea6193c53a0a09b29c0255d34eb2f4348a1264339f5e941726fc29140961
SHA512 27fd6e2312e4ddbd175b485d4f0582839075e241752d3e2fc43c9493ba976da73263dca4aeb3cbb8fd2ca5d32591a13e7cba58bce6ecc002e0f73f9c7d8a34b1

C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\PCMark05.exe.cfg

MD5 8a6c911254141cc2f227445349a8f9d8
SHA1 34f07136f8e8432105fabbec69b8b414f78d7d0d
SHA256 40bee212e852ec5734e137fe4e0d40c02291437399b13e9c6540633472ad78d9
SHA512 92c18029fab25a3dc231f6d6c4daa5b3fab6721574a6c77001dd057a9adf9f17831a1f56fcfa9bb20c6279bd35e4d1bfb947eb7e0ec895cc1f72645295c45800

C:\Program Files (x86)\RivaTuner Statistics Server\ProfileTemplates\quake2.exe.cfg

MD5 3b8bac476b8e3aa6d839194f6d2bca5f
SHA1 bd5de8f8631d9a14a8d8aee584b7816334ba1175
SHA256 b151f91aefff3311e4be2d9c501069f845d47d232f2571ad68840d9cefd760d9
SHA512 accf80bb558c6566f756d0d772d29316ac484b587b61df1117d5ea8f4e9ac2ae3f4961344e54d9a4e0abde2a54632b6245a13b4753e3c5dfbe7619d7b71c90a0

C:\Program Files (x86)\RivaTuner Statistics Server\SDK\Localization\Installer\RTSSPOL.lic

MD5 0a6da3727bee074787811812b17ed34b
SHA1 86a0395eb3c6f3806b09573362e825a2a2ac14ad
SHA256 b50217d51a74fc3d2e79c351b8e21d611e4aa3c3b63668106201f3cfda9d6470
SHA512 7df77d81785ad2aad97f9b7f7805a00d00af1df58111caaef6803f37bacbbe05fa9091373bf7aac16a821d136ed55570b8a383d046f60e70b80f9d3a00ee5ebb

C:\Program Files (x86)\RivaTuner Statistics Server\Fonts\unispace bd.ttf

MD5 df1fce94ea2bf0b9b1676b90c3590554
SHA1 139f64158932b409be28e56acf4111d7d35aa7a5
SHA256 0f66724f9dfa48d31b293c03c66359df6c03571855bd456b18c363e10c26f4d1
SHA512 d261fd321fb8b027f0e72a2fa63aba41501519fb638d4d468a1267f3fc9ddfa4bb08e1c379dc793b3f75a6d25ba96d658e8886b0a13ae15c9697afadbae4295d

C:\Program Files (x86)\RivaTuner Statistics Server\Redist\vcredist_x86.exe

MD5 35da2bf2befd998980a495b6f4f55e60
SHA1 470640aa4bb7db8e69196b5edb0010933569e98d
SHA256 6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6
SHA512 bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2

F:\1654098dd47a0dde52d2d3d2a121ea\install.exe

MD5 4138c31964fbcb3b7418e086933324c3
SHA1 97cc6f58fb064ab6c4a2f02fb665fef77d30532f
SHA256 b72056fc3df6f46069294c243fe5006879bf4a9d8eef388369a590ca41745f29
SHA512 40cf2f35c3a944fca93d58d66465f0308197f5485381ff07d3065e0f59e94fc3834313068e4e5e5da395413ff2d3d1c3ff6fa050f2256e118972bf21a5643557

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.ini

MD5 f8f6c0e030cb622f065fe47d61da91d7
SHA1 cf6fa99747de8f35c6aea52df234c9c57583baa3
SHA256 c16727881c47a40077dc5a1f1ea71cbb28e3f4e156c0ae7074c6d7f5ecece21d
SHA512 b70c6d67dac5e6a0dbd17e3bcf570a95914482abad20d0304c02da22231070b4bc887720dbae972bc5066457e1273b68fde0805f1c1791e9466a5ca343485cde

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1033.dll

MD5 ff6003014eefc9c30abe20e3e1f5fbe8
SHA1 4a5bd05f94545f01efc10232385b8fecad300678
SHA256 a522c5ea3250cdd538a9ce7b4a06dfd5123e7eb05eef67509f2b975a8e1d3067
SHA512 3adc5c705bab7fa7b50517a5eb3301491f5150b56e1088ed436590458e963da204cd1875af75db89742403476a56a94c3f425c05327767bdb4bbee4859667ac2

\??\f:\1654098dd47a0dde52d2d3d2a121ea\globdata.ini

MD5 0a6b586fabd072bd7382b5e24194eac7
SHA1 60e3c7215c1a40fbfb3016d52c2de44592f8ca95
SHA256 7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951
SHA512 b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4

\??\f:\1654098dd47a0dde52d2d3d2a121ea\vc_red.msi

MD5 7e641e6a0b456271745c20c3bb8a18f9
SHA1 ae6cedcb81dc443611a310140ae4671789dbbf3a
SHA256 34c5e7d7ea270ee67f92d34843d89603d6d3b6d9ef5247b43ae3c59c909d380d
SHA512 f67d6bf69d094edcc93541332f31b326131ff89672edb30fd349def6952ad8bfd07dc2f0ca5967b48a7589eee5b7a14b9a2c1ebe0cba4ae2324f7957090ea903

C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI771B.txt

MD5 cf5387f7893f586d93ed44b279713d53
SHA1 3d7586cd9cb469b1008a532b108de5b20124f8ce
SHA256 e3ff4de7fea7b4935ec68a930d5531723f270d91d405dbff0e530386389e7e47
SHA512 a6c7b466fbd950f42b33a5a52b05ed7519db40f05f29ada353c7ae4337b32b8a7591c31962fea821114e533758820d8c6cc9310edbc64150121b36df1316807f

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1042.dll

MD5 ba91e387d54b94689644ebd23ff264ba
SHA1 267b0af1774b6440cac00fad6524f277fde09457
SHA256 16fed8f279b0240f63dd90925150cd37782e9395af32a2693bdc0533c0809767
SHA512 79e818ffc57880a9881d771c0ea607d64a2cbdad29b28a270138d4d03edb8b026e7536e89396968c8454c56c740d198e67a75cac3e2447ca120b7cffefa4c0bd

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1049.dll

MD5 9aac6ce2ad6c7aee5481e46ddb0ad0dd
SHA1 dabd5e299a4595b1341f47313ac26c663d79a7c4
SHA256 3de25f7b3fd91a8d5b7f7dd8eccf44e24b33b66133fc89519d21a426b489374e
SHA512 97e00a50d3e8c8954854cc44f36049d63d8f1860e547a511feccf4214ff0560079b5512053aea4c2a40769d58738934d69c1a45186092ff11af1b907395dd126

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1031.dll

MD5 6f22a8ecc5a917c61f1478ef4ad53949
SHA1 180c370698091e53f203d23eb6c839467deebfb9
SHA256 2c5fa53e6eb07bddc22c7c5203ff7bbe707c4cf8803f144ceb031384b59831aa
SHA512 8513f09da143983d436368c6067a62f1829d5d66776a168026f7562f8337d8e1bc8df2ff9ab421f4cc7d75757a0e9b8a75f3761c9e8aba7d0785d2fcb1b00a93

\??\f:\1654098dd47a0dde52d2d3d2a121ea\eula.1040.txt

MD5 04b833156f39fcc4cee4ae7a0e7224a1
SHA1 2ffa9577a21962532c26819f9f1e8cd71ab396bd
SHA256 ebafaeb37464ed00e579dab5b573908e026cd0e3444079f398aada13fa9a6f66
SHA512 8d3f6a900ebd63a3af74ab41ac54d3041de5fe47331a5e0d442d1707f72a8f557d93d2f527bbb857fb1c67dd8332961fd69acc87de81ba4f2006c37b575f9608

\??\f:\1654098dd47a0dde52d2d3d2a121ea\eula.1049.txt

MD5 bc3a8865b60ec692293679e3e400fd58
SHA1 2b43b69e6158f307fb60c47a70a606cd7e295341
SHA256 f82bca639841fa7387ae9bbf9eca33295fab20fade57496e458152068c06f8a3
SHA512 0d9820416802623e7cd5539d75871447f665481b81758c08f392f412bc0fd2ef12008be0960c108d1c1ce6f26422f1b16161705104d7a582df6a1006b0d1b610

\??\f:\1654098dd47a0dde52d2d3d2a121ea\eula.1041.txt

MD5 031fab3fb14a85334e7e49d62a5179fe
SHA1 12370185ef938a791609602245372e3e70db31be
SHA256 467773ddffdb3f31027595313b70d1ea934c828b124d1063a4aa4dbe90f15961
SHA512 7424a52bbb18a006816ee544d47f660e086557d13bb587d765631307da96aba56d8b9cd3d4e7d50c2a791815273910cef95ebe928bc03dd9c540b97ac7a86447

\??\f:\1654098dd47a0dde52d2d3d2a121ea\eula.1042.txt

MD5 6fcd6b5ef928a75655d6be51555288c7
SHA1 eafdcc178343780b83f1280dad9d517aaedab9e4
SHA256 3d45f022996cd6d9ebb659a202fbfd099795f9a39ed4e6bbd62ac6f6ed5f8c7b
SHA512 635ba44d8d8ecfbdb83a88688126f68c9c607e452e67d19247dfe7c307c341dad9b1d2dc3eae56311c4b3e9617ab1ee2bd2a908570df632af6de1e1fa08bf905

\??\f:\1654098dd47a0dde52d2d3d2a121ea\eula.1033.txt

MD5 162fc8231b1bd62f1d24024bb70140d5
SHA1 7fa4601390f1a69b4824ee1334bee772c2941a24
SHA256 c68a0fd93e8c64139a42af4fcd4670c6faea3a5d5d1e9dd35b197f7d5268d92b
SHA512 a707b5ef0e914ba61e815be5224831441922ed8d933f7a2ffe8aecf41f5a1790a1e45981f19d86aa5eab5ea73d03b0c8e2ab6b9f398ab0154d1c828da6f6beda

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.2052.dll

MD5 208f1260b7145b19434a8c95ff7c0474
SHA1 6a0a74affdc8f988873841b7073f428056a8aa5d
SHA256 f6d949f493cb9b1ba5ee053acc7363bc9675b9e8b3f25258080092001036e6f4
SHA512 2e9cf1ed7944a6246a2f3febee99d0a36759191664e83aee3c14424b64785a134fe9c50e9e5deaaab1095ae298a2f49aac2037f64a127d250af973a077a7e03a

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1028.dll

MD5 8c2c1df03574e935277addc6e151bdbe
SHA1 33f7eae718d6704ea99d7c7803207dbe0d1ea3a0
SHA256 1074252f76e72e59a9da9d7e109c80ab131d53554c49cb3d69a180729bffc18e
SHA512 735c438da7fd3e4e0e4738ac11c87a73ce3cacbaa24b21994ec76868e70fc485469337eb6e067e20bb92210995ffb3c385677fcc986c4c34f24bfde6b91ba0c8

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.3082.dll

MD5 dbbe392a7536c76ec60a21e211eb3210
SHA1 e1cead8b1e0fd41e9ed79f4921c5e40c2d739dda
SHA256 8de447ae460de91144ec92381c8315a125b25020ac7601bbb721d56a92d0fd0f
SHA512 f725bc786076947874cc58b9591445064b3f133c75865bb1d661e95f29f1a9556447ee3f385a38f9438561e35e6cfa8208dbc938d3304c415cc25ed85c29f15d

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1036.dll

MD5 4d431f94a7d0945f4a7f13b7988632aa
SHA1 61461b14b57382eebb3bf4621b7dadb0cb2475b3
SHA256 cb38381c0afdcb3465f71699addad7534ffd72702907b017708eba463dbc68b6
SHA512 e4197801c20dfce7dc14d5d74aa572de18954dceaaca77a75bf989427c6ff7d5889085e5c325376a993ad290ee43ab25e0f6bea074fed3d5158e0fd4c785aeca

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1040.dll

MD5 ef1ccfe8572cdaaefb1940efbbff6d80
SHA1 b1d587c8fdb3ca82c320d08379ca7bd781253e3f
SHA256 709ab0139c643b78c2dace7a35b9801e1a4b4e4c4e176c0d00f1b55a2a71d7a8
SHA512 98538c82d56b6e0e9f0ca7cf47a6ce57e0acd18b2a64b90304a95a3c7270920efb835731272200afa16e45dfd461df94f95da04f39c2436915dc6969a4a0ebce

\??\f:\1654098dd47a0dde52d2d3d2a121ea\install.res.1041.dll

MD5 6bfb58958d58bf38e9242b2056392b8c
SHA1 f4c4653e061eb903ddae29f0d6a798db6ab5bdf4
SHA256 f74006aaa2a19777fb0c3b81321aabf00d87107dc23ba0d2282092502e5cd332
SHA512 672727552812c7d7b775896096d556851d6990b2d9c24c0e2c728f6c720b47c156d2ec2ce7ef23126fd222178969aff848f06568f695d154d6f7836ecf222d88

C:\Config.Msi\e5a6303.rbs

MD5 3091292ffa8b373f8bac84f39753f3a2
SHA1 09046690b348fea39240756503499d15cbbf7bfc
SHA256 5327ec2d5cd5d93a77496453bbaa14492054338bbc2a672d635b1ddfea42b9e8
SHA512 8626167a079e574bbe62aab1586b73bdf5807a768d536fd26c8a01ec6567e6709c15289d7ebe18dd70a7bbff7975a07398ab37bd578900f8d79bd852c95c382f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f7370d0f9dbac66347d6a9d2e578bcfb
SHA1 9d1da6cb5916bf66b32fe0f7137453f18b366615
SHA256 0c12b36a0685744bc7e263c2ad0653d61372e1af0c57eb9292ea9fb1dd8e5509
SHA512 0a6f2472ac9692627b583ae644b9dedf78c18d42501e5ebe96b0233483fcf890ab9ff7f3ee6b69d92af0530c635f370441d9d715a6c130ab1779644ce8c9140e

C:\Config.Msi\e5a6307.rbs

MD5 be2c227e918934e4da59ec2a7572eb78
SHA1 f54cd41fe9ba5fc70907d3393ac6278888ebf12a
SHA256 3f21e0e9daa2a0f32754ab1a5d42dd6a5f4cac7e2ded4307a2fcdd091c97e134
SHA512 6746bcb555036f6a6935f77a7c6f9c66e3566042d64317be0fb63556ccac49379c86fca5dacb82f81df6533162f8770c796f4e62db4a35d9bda7458842c73680

C:\Users\Admin\AppData\Local\Temp\VWL7214.tmp

MD5 a3babe68d707487fd2939a1722aa272f
SHA1 05bbd9968a5fd31e855ddcb9c89ded0b5704cd9e
SHA256 d5b4a971c8f7327044cda92fd932e3c8a3aab83e75658081c64e48635451bb41
SHA512 24eac6871de1d1336f95c3e7a04178429aeddc13a1efa02b9f1b14f881d45c03f2e297be57e8c097c01439b33713dd1b3a963fdad57a58bc269ece79e50510f1

C:\Windows\SysWOW64\directx\websetup\SET72B1.tmp

MD5 984cad22fa542a08c5d22941b888d8dc
SHA1 3e3522e7f3af329f2235b0f0850d664d5377b3cd
SHA256 57bc22850bb8e0bcc511a9b54cd3da18eec61f3088940c07d63b9b74e7fe2308
SHA512 8ef171218b331f0591a4b2a5e68dcbae98f5891518ce877f1d8d1769c59c0f4ddae43cc43da6606975078f889c832f0666484db9e047782e7a0ae4a2d41f5bef

C:\Windows\SysWOW64\directx\websetup\dsetup32.dll

MD5 a5412a144f63d639b47fcc1ba68cb029
SHA1 81bd5f1c99b22c0266f3f59959dfb4ea023be47e
SHA256 8a011da043a4b81e2b3d41a332e0ff23a65d546bd7636e8bc74885e8746927d6
SHA512 2679a4cb690e8d709cb5e57b59315d22f69f91efa6c4ee841943751c882b0c0457fd4a3376ac3832c757c6dfaffb7d844909c5665b86a95339af586097ee0405

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 d6f81567baaf05b557d9bc6c348cb5f1
SHA1 0c840165fcd34d996c85b6b44b00c7206bf772b6
SHA256 e60413bec64775bf1933ef4f9673c8bcfbe0ce71e950fd589bbd14c0f9a00359
SHA512 09b84cc9199592821d7de38cbe24332097b276bb25b6d09f7dcdc3a6b17369ee944a6f8120f13ea6a5c15eb759a90d7ce29cc845a5c0680ff2fa53e2623171e2

C:\Windows\SysWOW64\directx\websetup\dxupdate.cab

MD5 4afd7f5c0574a0efd163740ecb142011
SHA1 3ebca5343804fe94d50026da91647442da084302
SHA256 6e39b3fdb6722ea8aa0dc8f46ae0d8bd6496dd0f5f56bac618a0a7dd22d6cfb2
SHA512 6f974acec7d6c1b6a423b28810b0840e77a9f9c1f9632c5cba875bd895e076c7e03112285635cf633c2fa9a4d4e2f4a57437ae8df88a7882184ff6685ee15f3f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.cif

MD5 2c4d9e4773084f33092ced15678a2c46
SHA1 bad603d543470157effd4876a684b9cfd5075524
SHA256 ed710d035ccaab0914810becf2f5db2816dba3a351f3666a38a903c80c16997a
SHA512 d2e34cac195cfede8bc64bdc92721c574963ff522618eda4d7172f664aeb4c8675fd3d4f3658391ee5eaa398bcd2ce5d8f80deecf51af176f5c4bb2d2695e04e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.cif

MD5 b36d3f105d18e55534ad605cbf061a92
SHA1 788ef2de1dea6c8fe1d23a2e1007542f7321ed79
SHA256 c6c5e877e92d387e977c135765075b7610df2500e21c16e106a225216e6442ae
SHA512 35ae00da025fd578205337a018b35176095a876cd3c3cf67a3e8a8e69cd750a4ccc34ce240f11fae3418e5e93caf5082c987f0c63f9d953ed7cb8d9271e03b62

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 cec960807fa5bec11ad4a31c3512da4d
SHA1 a3ac60a3518747d3bbead5edfd17e155cf7ce9f7
SHA256 f960075a7b1c2590e18700f3230f7baea9aced3e6ba5dc93dac193027b5cec48
SHA512 2da2d935f9b96bd36536f3a7a494775c8ed9bfef6538ffe66307b73cd5c82210fc43bbe6706d74d99dd5b924fb78a0d1beceee8c0e22d91e17b1346dd85690ec

C:\Windows\Logs\DirectX.log

MD5 17f41f793e22da649fce49887d013260
SHA1 05523da18d08f7565f06adc2da20cd5edcef935d
SHA256 ce2ea90eb52c7b1c67cd69393f06ad84de60a72efef449e80e6c62027d1baa1b
SHA512 26fa17953f827dda78ba3adf43f1026a71b4cf2832ef64765570ee326a9460188ebf4f4771f08f9c5c10c974e43257aed943fbbf2e27bc3a01b7752484175af5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxupdate.dll

MD5 7ed554b08e5b69578f9de012822c39c9
SHA1 036d04513e134786b4758def5aff83d19bf50c6e
SHA256 fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2
SHA512 7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 135f36c496de6829050cc982ad175858
SHA1 8ff30ef9fe31963f07fa256d83ee13252238da18
SHA256 c9ebd0c038382084726724ee5203e547bb79c34a99e95bb4e1e9b4bfd8def35d
SHA512 357d286aff5b36796ef3f22148e334ae48cf473541954c8b25730ec8853a839b82419876bb53b2bb6455aab8b270bb83153bd4f8689fa9f89d865d7697f6b085

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 72c4b844b58739d4beea0cfe989aac93
SHA1 ea101cfec6a65a8214c93693ed9927555fdb785f
SHA256 df533eb9e0dbc2d1822963a5de20a7fecf8539e7308eb542653e6dcae9c82bb9
SHA512 52697de937dcef3ff261c4b32c840263221af51939b95094ab3996dd0d9b3a55eac3449ca23b78116086c50e0e0f58bc07c291a12cd8762e0033d735f5d66983

C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x86.cab

MD5 e207fb904e641246f3f7234db74121fc
SHA1 1be8c50c074699bdd9184714e9022b7a2f8bf928
SHA256 3fdf63211b0dd38069a9c1df74d7bc42742de003cef72ad1486aaa92d74546fa
SHA512 ed95d53bc351c98c0322753265b0a21c98df97d0e2fbbc58a6836bff374b7540b0cea21371cd4a7ead654210a42e1f9809cac6e4eae2ecf0ef2b88e220dc37f7

C:\Windows\SysWOW64\directx\websetup\Apr2006_xinput_x64.cab

MD5 b0669f7d395078bee0087b089f0b45c5
SHA1 30506fc3dce9532ef0a8cb3973347ec9c3c9875f
SHA256 e63a67783ef7624559f95ab697bf8afbdab7ace31200283ef840e6b94aa16e5a
SHA512 d7efcfd85b3cb6cb9b1936b701a9d7d91a6094aa08d8c933edf8493c6ad57be05a579980a404b35e9721f71b45f4cae28399fca3ff5df20a9a3138b90f86b94c

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 a2f81d61adb271cf23e42c94e7aad855
SHA1 c5565b10b6292a73905902caf2d6b4e1e2f77569
SHA256 97d97b1c7f27857c71ad255d8127d6aee07ac9d9ff89cf26122d2b67725245dd
SHA512 017d88238780208ad5b449dd33410fcf00786e9c36190cbdb411f2859937dadb7739071a3f5a11787a18a20076f43bdc407586f39714ba902c6fb438e22fa811

C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x86.cab

MD5 16b968ca0c435ee45e77a84c2d0364a9
SHA1 90b17a60a34f6335787a6b2d489cbcd3a4ea98c8
SHA256 6dd7c0abe37d3df7aa6db7bb352260f4a15dc965ff9d30aa32fe9595c1a18300
SHA512 3bbbfdf8b5673641ec066c3fb52e6b0d5ce0bc6ed6bff17ab4ac3fa69a8628b09e5ec8322fc39d2a206974b54d297caaff9410197e26d090fe74f963cd535045

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 84e7f66b5ed338ed3eaeca26cd1e6660
SHA1 f682429a9c2061bf8615744c0ceb69ccd15c4c6d
SHA256 2cc62335a6f4c282413540cee8933bf2ddc862a320901031a5f380848540c794
SHA512 ed9f91ed7cc5e99efeaf087cc1dd07475af6ada26fc03b8ea49bcdcdca09ebc3ec97cbddd5b4eba42274de4506d8d6682ddf2550ff06cb74acf5e1d2131b91a4

C:\Windows\SysWOW64\directx\websetup\Aug2006_xinput_x64.cab

MD5 a9d582e44e46e36f37edb7cbc761179d
SHA1 ed1bef64385e94ce89afa704d38408e23b31fa79
SHA256 c26633d38e0a91b9be70382e916a83d50e219609f7e05cfb2d27dfafbe480b43
SHA512 20011bfb547dedce8e6fceda22c3a3a83db140e8a20844f3b0e8741b4474c1fea73d84708b801e83eae3cd2d8a2d6c851c3f7cd0154c0382a78bc2c2df6b01e5

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x86.cab

MD5 75c33157d8a1b123d01b2eac91573c98
SHA1 e3e65896ce0520413979c0143c3aa9bd3a6a27d3
SHA256 02daa8b5ac3752f76c3bfd9a505ebf22b1b4b41e44eb92ce2799033b2330d186
SHA512 f0f1f1dea5938e1c7ff2adf7c8d421c2e68e6d3a8cdf18d0f2f3fe1c6837a4f37b367d2d974c35832d1d85a619948dd0f250c7d6dc4ae39f618f5a2893eac7dd

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 3109026ab67d6498a40ee6b9476e3dbd
SHA1 c3001686c01c5f3faa0217496a281e958507d7ec
SHA256 f3b914fc3e918ae6f11f166cc1b4f9612d92d4dfc92603e617204b0a7feafc63
SHA512 faa693d6c1a92e3eb7f19b93b1a06d36aa6128a5001cb79cc961bd624751bd6d079b17a7f9ed3e2083a95f6af265e140e182221c5c70ae08ebc0fd1c736a2671

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx10_00_x64.cab

MD5 681407075e9b19e5ef2218832f6fad71
SHA1 e4f4d292a36cd9a3034007ef9d2005694307eb52
SHA256 f9bd5bb083bd55d1d2a690bc66d6d9da0b1a8b49f09e811e788c030669121118
SHA512 e983e7dd3f40510816ff3ae836600a186dba827b484b0c346c20e43e229189a86d4cb5cf219c1fc35b77ab0668866446f6e9206b279931c927d4ed66ad3625f1

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 0f0030a1de7a8f8363f090938f1efc48
SHA1 d3f37f3c419e8705a96d3d37dde643d92a46cb3f
SHA256 9190532c4c161017909da814751fe14ba1b750529c055e8db2d5630554c0e596
SHA512 0a1ae601f55578447773ea440f6622ca04d4d9ca1eb4a244bc6cd379e21cefb8f407fb851a770c1afc043ab63e36f06a6c427db6da71036a8e163e2df399a807

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 7a9625b0e33a333bff78111d87f3551c
SHA1 72b5e84cdf1ca79273c534d131678faabcae92b1
SHA256 54105c40e60d076517bc71a5594ce0adb7ad155c3eb9ea4baef272c3daf414fa
SHA512 8b1e1f261bd82c611fff8d543a5a913fe7b6e5d70d1b5ee36a6ba868e432ea4fbd20cf8fd5bf5d86e9876fcc16cd684fe2e082db8dcf8f17709e865a32f05fdb

C:\Windows\SysWOW64\directx\websetup\Apr2007_xinput_x86.cab

MD5 b362ec93463d8b6381a864d35d38c512
SHA1 7ce47ebceda117d8b9748b5b2d3a6ae99fc239df
SHA256 b6c1166c57d91afeeeaa745238d0d6465ff2084f0606fd29faf1bfa9e008a6c5
SHA512 cc57733912e2a296a11cd078372c3b43f1256a93ec5becd0d1b520eb210fce60938aa1caa6dbbca03292a05495b5ecd212ee5f77e3ebabb11ef31f1975b2d09e

C:\Windows\msdownld.tmp\AS5A9264.tmp\Apr2007_xinput_x64.cab

MD5 fae84e0773a74f367124c6d871516b7b
SHA1 caf8b9d7d4af965bf445d052d1e835b680d6bbc3
SHA256 86ee073c199b5080fe4f5be6ac24bb1117fea42e4bbcd828b4f0ec26c669b22c
SHA512 caf1381cae7417b57faef56d0023bf90c90406748f8813ab85c687ddb81e2498d2f1d5f4bc154903fd5a19836e6f245cd6f5d3927a383f1acc3bcc41b58fd09b

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 b0541cdacafbeae33fa61fd7b1be7bc7
SHA1 6e6f6f6ad736edb3ad9623ce1c352e2b62c25344
SHA256 99527df08e095d24c5084c338dd09bde81d383c395ba1bd0f6d1ca7a0ea96454
SHA512 504348805e70ee5d7f75fbfbe1237b45f8beec420ad9e4a96e80f2395a245fb87a1c0eb137757cb1f57496d1fb7f6f974913a6dded275600415a21ba54962fd8

C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x86.cab

MD5 7029866ba46ec477449510beee74f473
SHA1 d2f2c21eab1c277c930a0d2839903ecc55a9b3e8
SHA256 3d4e48874bddcd739cf79bf2b3fd195d7c3e861f738dc2eab19f347545f83068
SHA512 b8d709775c8d7ca246d0e52ff33017ee9a718b6c97c008181cd0c43db7e60023d30d2f99a4930eba124af2f80452cbf27836d5b87e2968fb0f594eca1ebf78dd

C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x86.cab

MD5 9c5dca423d9d68349d290df291ddbeef
SHA1 d9f1cae586470ea309ce9f115525b0504fffaea4
SHA256 5487ed4e969a822e5c481cefb1d4da3066b1d5ec8c55798b246915ecb58a8665
SHA512 9f50599321f45fb7451b0a1c0f1dcbd6b4a4e60ee27b0ef5aa29168c1bce5b08f34329916ea2ea655cd632d0a19c81953c2a5f1277f6a96fb63afc098236509d

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 18b6813f1219a60d1964765f8f74d5ea
SHA1 2b42ab30711bade49e5e6dc1bcf0ba5912484add
SHA256 7c079edb82fb33dbb50e014099db55afb1f338a31b5ee39ac5bc77297195daae
SHA512 46752cb9512a6eeb4a70e1f03f8bb1ad52d9cdae9f1f5a440bbdbcf11de84851390e5634a59bb75463dd7a25fd3ba181c30fb7dc27b087ed1f7c2e5fa4976109

C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x86.cab

MD5 029359ebca4ba5945282e0c021b26102
SHA1 6107919f51e1b952ca600f832a6f86cbbed064b5
SHA256 c44eabf5be3b87cd845950670c27f6a1e5d92b7758ba7c39c7849b1ee1c649c0
SHA512 fa007f257f5267119b247ec4ed368e51fd73e6aea3097e2fc4e78078c063af34d161fd1bdcaf3097bb575d2614dba226a624d060009ee4f7beda697efcf42bb7

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 04160ac95ebefb785d2f251b99d34d1f
SHA1 66aad4137987399fe894886c1848fc26e491744a
SHA256 101654a7dcc364b91670353a4cd396204207866229ab9be7a648b5f66f9d9fff
SHA512 7199b7f9d6bec65215788d14919d0610e67f98cae58f99cf91044bf42b86a9c7579a400322d19bf0b30b983e46e48e4e8ad0ce2d65ade0312f3ef6d488094106

C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x86.cab

MD5 3e91448a7481a78318dce123790ee31a
SHA1 ae5fe894790624bad3e59234577e5cb009196fdf
SHA256 8c062b22dc2814d4f426827b4bf8cfd95989fd986fb3aaa23438a485ee748d6d
SHA512 f8318bd7ca4271fc328d19428e4688da898b6d7fb56cc185ad661d4a18c8169392c63515d7dd2d0b65cbd1f23892d7a0a5d3d77a4cda6230ba03b3b917e5c39a

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 d55dd0f19164f6590f3c2b2175ea076e
SHA1 e847a31ff947ab2011587b32bd10e159feb66fa4
SHA256 ebf31697329a1e22e6ab4cc3c97d140fa76366072c518477425779a9288df983
SHA512 7cffd63923efc25684d22292019390a2110149f377d02d2a1928d834c023f5f970bd6fba34b5e1c55d09a82cfa2491cd4f740d7fa65c90fec7c087ad84c241ee

C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x86.cab

MD5 b1ccaaff46fe022439f7de5eb9ec226f
SHA1 8bb7225df13e6b449d318e2649aeb45a5f24daf7
SHA256 645f8d90b07c69330a8c7c8912d70538411c9a6b2813048da8ad3c3119487f93
SHA512 2b59c07584d45705273a975a0223e4443db190675558ab89d92e1572de4843be3d0d1267818b19185e4e438a8bcfa2af5fb5ef2a119da270be4540576fd78c77

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 cefad1d9ba03e58bf925bc6adae2760c
SHA1 5ea7fe9f5249492f00273865688b33208255f0a0
SHA256 a8ba9fc4f5967350e09e26c5d6c6940c9c447d24954ef102efd1fd11dc7456b0
SHA512 a5e887a493d413dac47f368eff39fde14e194199c9958354f8262eeb8a77569a6dcc00f6f0e62ab5ffea9923dd22cfcafe3991356251f72b0ef2eb17b42db40d

C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x86.cab

MD5 f6cc1c08d0f569b5f59108d39ce3508b
SHA1 e9cf7edc8c9c4b57a9badd8386a2117ec5785aab
SHA256 4114e76799af3da9db3dae51305dad70a05b757e506e4a327092d536cca7ee75
SHA512 86df72d5b15396acb504c1ac9de7ff5c0cc9c95a90fdd82daedc55baad490cc47a71cb511571d37e25dd9bc1ee9652b9723e33879bc1756a7881a8e61ebc59ed

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 28d3ba5f0153356d02dfa96e21c59d60
SHA1 2185b73098c6733325b89719d08d0992e41e5d80
SHA256 4b2c282cd66821c6622f9f0f563e34a7c865db59f79c993c62347bda84427a35
SHA512 3ded31a85cdb6ba3fa1be00e051231344abe22e83387006d55e81403f7c92c78e2e3784232798d9827edbf4d6a0ad137cad2ea3ca3990fa347e0bed377a2a5e8

C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x86.cab

MD5 b3d644a116c54afda42a61b0058be112
SHA1 9af7ddc29eef98810a1a2f85db0b19b2ec771437
SHA256 ca7b9c6a49e986c350147f00a6c95c5b577847b5667b75681a1ee15e3a189106
SHA512 a2d2f12b7b37bd8f5c8465dd13ad31942df11ee5ed5423deeeb178e6b594587706d2c5116258be1562caa5eca691358af3cb83b77898d1012ff521017d199165

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 eb7ec90198bca9379dfe61238e3ee3ef
SHA1 f1306037f93e46233fea7fc931b50ead1109b974
SHA256 830f7d089d575cbfc227a0db375196a7d8d5078af42884e4582660bb2a4bb767
SHA512 1400655e709aaed964be9824fee4b6c4802c107295b377e92f8fa383ab35dba4251927672d35c0c8eeaff1bd595aa41c2157de604531a2603e485bf86866f498

C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x86.cab

MD5 f778928c9eb950ef493857f76a5811ad
SHA1 ea82d97077534751297ae0848fb1672e8f21e51e
SHA256 4891e2dea9d1798f6a89308e58c61a38e612f8433301ea2376ae14c3dfcb3021
SHA512 1f382a287fc6763b8e8d66825e8256dfb7d0dead6b6a6b51dd7c4a5c86d536cc7ef4128be0ce495fe17c859018750072dc7b43e3476d1ba435f209cc4eb6d43f

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 df7aaa2082cae0042f101ebcf91e50db
SHA1 678a1b45628af7b8209a42a74f97fc71278373ec
SHA256 36a9f0b234a4b274ad23d470224dcdab49a81a7f54bea7df9f0247a33a3ebf87
SHA512 cd9d8c227a2f046df3d1abf6a11d9c0780dcf0275dfb9451ee55b527a55d322918ae148ff1a685261ae6bab5d906b58dc2584ff77f1bb19783bb97b3160f4f0f

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x86.cab

MD5 a5bead938afdc63adfecc1daf5049d7f
SHA1 b3d5bf56f6b9bf87c33009a088ba7785b6363b4e
SHA256 a1cc7603302ee53d54f4353c223d95e223706924d99b864220b13814ef93eefb
SHA512 c9244bbcfe60f347ec8785b1a41b6e243153624ea73b16db4d624239a69fa76d2df2e54039d8f4d2c495890ac17b676e390f796118b4e16d9f03683247190362

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 1867f3d1b1ecc40fd4dfb919e6886171
SHA1 8986290180ab8b0591ded70c8d9fd7f517418281
SHA256 6086fba7481b45b503e2d892ff5dad13f5fb347374919a2764371b1efef49099
SHA512 c0fd728362abe97fca294e43988a64d51fc22ab216814c34a626946a4b69ca2f40f5f6431b3e35509cc0dd9b0e219524209eff2f01907ade98289aa19ac21ef8

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x86.cab

MD5 a5915ec0be93d7eebe8800ce761ee6dc
SHA1 e8bbc21c2b5f0e5801286f07e3da09dbc67c3961
SHA256 efa2e6de548401376a575e83a79de019aa38f191d63fdef3bd2b07d8cb33e3d7
SHA512 02259ff3c8478cba134a8f8408aa624b7165ced97c0aed8c9626034599dd5439f84d1af9eefc4191898b0a524e5ffafb9875ec00e740cebe97eac4c2dd0e31aa

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 66f8bab0d42590d51e5aed1ca6dfdca6
SHA1 47ff83321ea2c4218330a3f5a3c876c6a9a35b2a
SHA256 58fad17da80f0ab474f029b87f3b02d33876d4f098a9aa4f0923af347493c457
SHA512 e5eaeb30d1f32defbdc2e4794289be97d34b38c3b896f9c99c995a33a9d6d65fe7a300acc1ff2794ac0f315e5f7c366f023241d29264ba4b5b2c7f4bc445df1c

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x86.cab

MD5 f784b8a0fd84c8ac3f218a9842d8da56
SHA1 fb7b4b0f81cd5f1c6a900c71bfd4524af9a79ece
SHA256 949068035ce57bbb3658217ec04f8de7a122c6e7857b6f8b0ca002eb573df553
SHA512 01b818aa5188cde3504e289aedca2d31a6c5aed479b18a2c78271828ae04bebcd4082051b7f4eeca8a31e8ee5adba158420ecdcb21371c735e4781ee5f661dbf

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 4974f9e6020cd08ff20e80e177c973d8
SHA1 ee476af6c3ba5c94e12aa2a022b87aa57eabaf45
SHA256 6ecf76467882fca643e9792821c18df630b16b0e4f446ee50c8d7b8a62e50e64
SHA512 ccb985c8d7d9ffe9f0d62284cb8d824b14df54104c238a9687d5967b56e77591017038079bdd3dcbad4d9fcde04a52cb46930e90425342641c89c0a305a4d956

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x86.cab

MD5 fe8feb215fae59866dcd68c1604d97aa
SHA1 cedaca678d15e78aa458b965abb467e8964a1fab
SHA256 1c1e1c6f68ba556a0af09a38c32eb421c543a4848c4b42d25867c98dab3b3a50
SHA512 9955336b561e4fd3ba3da7fc086643e811048a25a7e68344d2cc5cab091980baae1c04ce41328b59c896662e2875886b78ec869852b2d1daaa46af38c894a3f2

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 13a5aad608d219f8642cb691238a0a8e
SHA1 13de21481dfb1e5f40dde426f5eec9cc4b4a7471
SHA256 f19333bf7528ed3ba989e5275f57d2b606689aeb748efdcdca218753044415fe
SHA512 3d85dc688663ecffcf98cb4fe5c6f158a76d3eed82727ff0421bb4b715f32589f699be70cd857b311870312f888cb57a6e7149d9ebd5319fc0a5280bed58b38f

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x86.cab

MD5 19383cbada5df3662303271cc9882314
SHA1 123c97c33f7ef2ba345b220450f181d440412e6b
SHA256 8ec971c91040618338ac2369188f3e5d7c85a5b1e3b9fc8e752dd845d295cdba
SHA512 a4c6acc9ff656e05d75ae0081c65c200b584209c99fd001494c4d206f2ce8a78d2dd3644e51018574928f3b9e9373bf7ec8c5147a3590b54d1c6d50e61342853

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 470705fd47fb6cc7fccd65e4cb8382f6
SHA1 d2966f90572a01b49ab314aea0beebd2395c5765
SHA256 35b2248915becaea7f1fea2fdde13aa5d71d6e762a7eed1d275f88f8b34449b5
SHA512 76486623db3452fa6ca37f1f5e8cfb718c58e15c9a93fa21f34730d49f021fc818d08fe363a5e0e546cd55ed1e6d7cf488d91fe7d97b040fa3769a8c24ab6adb

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x86.cab

MD5 3ed592e6cdae66b1c0671d9ec417a738
SHA1 9f083ffe00a8e5eabf282130cd16044b488b6e0d
SHA256 4914d2b5c3251b00c0cc236f51afe469728d92b50c953c66d213f079ac928eac
SHA512 0144dd9a83f953eabaaff3c41f17a363100c9a2ccd932321a4afe990d8fcb5a430e842de9146c983409b6366cd974e318a535e6475b10839a6679844cb7d23b7

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 2b821c74d2e062c62994d7c95b079ddd
SHA1 63187467c9079b80cc4a052ef2d163e6884642d7
SHA256 8e781f69d16f7836dfadd36f83c68c601580bec6de797d4ee64a48737d31e5ae
SHA512 f8cc702053f37298302fe5829e55ac9186de318a873451cb80a5455c1eaa98798bb8a76b43fb2a5740addfd51957f25e87f33386b364dc5125cc36c43df01083

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 ca0f547f93a1ecf1d4649534ed5066c0
SHA1 cfe67c10e709ab816b75d9542a687744957683d8
SHA256 d3a15b921d27ceb8d84477506f951082fbbd796e0fde794aedf2211628cfa955
SHA512 061605059d113145b39cf72dc810f42de9b28dd28c4f3e904937a43b8d584e570501563973a37ed5137c9ad810c30d162de2850b15a61bbc3127854c4347e13d

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x86.cab

MD5 ddc4af0d53b477e5af77942e7118b66e
SHA1 81ad8201dcf653a6e977c4506a274d0bac12643c
SHA256 9536166ee7cc1100cfe24e01532e8e4deed6baa838b4c025581f2ca046a25915
SHA512 1e082d7e7855bc0af6ec09d4a69fd4a1b0a3a31e4de8faa52fa0bdcd601c501ada6216dddb83058f37ab4a371068e0f344bdf42f2551943be19bd719d99ba93c

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x86.cab

MD5 c5e127067ee6cacdd2f8962e6005542e
SHA1 22c571e4da75a6e5dfe02e3e3587f40c2939c745
SHA256 f52cc1304b533083b3fc5553c49433c0e4e46d66d567b9de0b558ca518db1544
SHA512 e70df11af8cb5d51c3111b8327371ea40292580f06d7d265f2449b89a4941c4740bde904367fbcb4158512939bbd7c7a3dc20d3642475789fc075a2ae8e27860

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 a84f2239c4f5d1179ffc05a09a6945b6
SHA1 ea6ab540ad81b6e30cd349d1884d53a96b3789cd
SHA256 5d455aec145c442f759e0b4464ba5eb8b10b2df1cc4801d0ec134c77a2a9295c
SHA512 9be16704682e7eb84b3a666c04900a55c32d6cbdec87363993d8702954dae97539f338108724247ae6095289269ddc25f4dab8501f51d751600ec86249a5214c

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x86.cab

MD5 3d9a0c59156d03da0f19c2440e695637
SHA1 55b050991cb17410c75adc3913066baedb482ed0
SHA256 bdf7fb01c02783a4f8c9f5e7911f5cae3e2a7cbc425b90b36f9ea6eef2c27de3
SHA512 e9a662498c43865e917f0778b772d6964517e41289cbf5a0b8a4e44d8c4b4e9a5049c76f2ecbe4acc7e9cfcc3f1d87a75c3f8703e66804ce758969814ba14fda

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 cfea96998303761e9a9b20a726ffa079
SHA1 0995eb14bfd245b795d1157ad539c8c511ebd506
SHA256 5f31262fbc7876338e63845e7dbbac366dbd1e2d9efdd062f07dba4c1f225239
SHA512 e04010f1a06620ef8783bdd041446a9462c008457302795602730df8fc4cdb1f1c113fb8218c85822a3c2aeacebc27d49bc93b266419f55c42a190ecd230d943

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x86.cab

MD5 8ed75e3205c2b989ff2b5a7d2f0ba2df
SHA1 88846203588464c0ba19907c126c72f7d683b793
SHA256 91a50d9efcdfbcdf22a91d6fbb0f50d3c2aa75f926d05cc166020bf7aaf30e28
SHA512 d0cf0e3aad9c8c43a927d1bbbd253b9fe4c97b638ad9a56f671ebeda68fc9bc17cc980d93095fbb248dd61dc11b7e46c22d72cee848b150f7a13ead9e08a7891

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 1eed8e201bb4daee24328f2166ef217d
SHA1 d292bf2c78ca085a51e5278a216af4baa71ab712
SHA256 696b358cad689b95026aedf733f462fdf565e21bb41b23652fba21216ed78d43
SHA512 a1a5a8a0a484c5f80a9b1c5ec6ffe7fc3218c84a66915ee4efd4c06018dbf17f1f4ce1b8c36336c95df20259387be3f5a1f0c3ef6efae1062728b09f877a8288

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x86.cab

MD5 8234b9b90bcbb5077e1b5faa0b66d1a9
SHA1 e9207c572fdec592b7c17a7f9c6f875c8a55b1f0
SHA256 6a2727269e6cac7c4d2e316333d29bac0dc1cd7f51c36c0c08b0388203dedad2
SHA512 74c94a6e092d7c828fc1e3faee4b21917afc3cacec04f260754190d0533f93a58289763ac620e5a577f7865902023b30548cda4d9e968c90ee13050ad6d1e8c5

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 4d51275c98cd0919a5dc0c6c2bf87f24
SHA1 f25979d34dd00dab6a8702e68234823de685e56f
SHA256 cb58110c6d731f63ec93d03536358ad0b4ad2d65a8cab2e9f7a62266cb5a1ddc
SHA512 0e78f62e800e62081c922f5d2c786bd02f7f0875a08a26b86e4810c116eb411909dc271ad0732b44f6acc0bd06b56b745e635a32bf1c4d1266a97133d557b4e0

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x86.cab

MD5 e2fb2e37c342983493c776bd81943978
SHA1 2a8f3c45cf979966d4d4d42a4d34f05c72c7e29e
SHA256 57e57a6348e55aaaca6bed5e27bbdd0a4bd0dde69c77f4d26c805be6384be927
SHA512 2d297f607c5a098a3d2b19e7f88aa12f720af3c23fe6ddce7d4659a9184d1cf8f8a76f35b8acb639b48cdad8998c919215a03b89207e2bb1829ea3d8a9efb95a

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 ccc35ffbb90627fb0d2a536cb8102533
SHA1 a22c94a41586bce0b460d57824c279a919987f1f
SHA256 665750d1416cb514980d34abbfc743225a675c6dc469f9a197428c5996353fe8
SHA512 382d9c0d4a81d9f27f28b16c2900e94f4a90afd233e9c597d70c87660a6fa6084a9b2c48342079511fde53e58c8bf4f55e404a6651facd129c560c31ea599524

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x86.cab

MD5 b0e2b612daf28b145b197a4db0a9b721
SHA1 f69266e4af3d2de31a2a2e416f10b0f44737739a
SHA256 e8dc1063c9434eed8d633741b19cdfa1889581041e2214b87b5159e3ea087f3c
SHA512 6e31f18cb75ce69d291d0abd15edadf02c0693033351dfb2f435312a47540aa223c8176209725c14a05fa6494153a3e191b2fb7cb8c5cee11fb42371ce67392b

C:\Windows\SysWOW64\directx\websetup\filelist.dat

MD5 121f6ad9e8865876ed458a25c4468a50
SHA1 5d21df722ac9552151888953507818b5325ed5da
SHA256 57dcb8c9f814c9dfd9e027ebc9cf4344e7fa8513f64ec19379622624d4637b3b
SHA512 fdebee20a62c910414fc8ff617453b123b93e67418cf4f2e9ec793cda85d1bdee472e18989d29432eeb89a179733bc8bdf3fe39aa6a2befcdc16b75edf352c85

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x86.cab

MD5 4379902c4180a9a6bf40b847372cec5a
SHA1 c7fc8184d5620154b9bfd6fbc8820a78c4eee592
SHA256 61e703e8d231412f135b4aba629122d9cb69ac9ee39fa3cbbe6b95de05097a8b
SHA512 9269f49a5ca90143c50b817e9f5aec0fc4c32ba1b6d3a21cc5448cad21a16a902540c8cfc1825b124ce39e0bdc479ade4354b6be15b2067e3033e04998e0710a

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x86.cab

MD5 5380053ac4c344bd38604022476b1c1d
SHA1 043dc8f49bca3bf0bd85e858f5c2eedf68565c0d
SHA256 84800c55f773d5d6913e344e41baba58cf07cec2e6c7114ca3bf48e8f355419f
SHA512 f3ce2def6e2e8a1d2c07f627e3c437a1bba0b2e456020a84121346472be3d28e0fc69623bd408f35a2c639c83dd2787f998dedfe42b7625dc71500824b035fec

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x86.cab

MD5 75556d89fdd442967a23993c9111d997
SHA1 003de53653c0cc84f8c3d617d1f76fb475f1a7cb
SHA256 863ac3438f57158d4f53900c6924bfdc132ab43a5af57d4658e65842836b4fa1
SHA512 6086114500dbbf4db9d0a9c3f72732995bb9a3ab5c135ead53143749b95651b37b64be7a52ca09388de90216fd00486fdfcfbc87d42d77fac469f82b5290e06d

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x86.cab

MD5 5dfeb46e60795266da03f2d0a67e7acd
SHA1 a77758873e5544e8ad22acf469c4a0fd0c944a88
SHA256 ec52b075a3e9c7fe468b317e0ff977964b1003d560065128741f4392bf47c49a
SHA512 6ec058811ac017be3cd3a46559cd73126666f41b0fa58d92c1168cf2a2e0e2357b19f65531c786ec81a438975dbece440c5e7b6c653afa5428ce6c444179af6c

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x86.cab

MD5 901567428d8c82756d7bf5a406441bd7
SHA1 6e3c22147f3da77ac8f20d615ca32b5ef2a0ed28
SHA256 32356344aeddf709c9d5302d8f3fcc1ff1be2e82d8d17833a2086400af248794
SHA512 6fd4c429e32480bdff4e58ba8bc0d28fe97c9ff5ef1fabbb856230efa669246a354f99b723e7483d548b74c121ac8ba9cba2b5bc3c18f35ee828302d392cf6ed

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x86.cab

MD5 45e83cba5710a1de7d3990a288122e85
SHA1 23c4bfbddcfb11acb7c47c409825f039af7eb908
SHA256 b7da29103cdf374de0c09713cb985035eac45fb8b394d3b8157d8a7562a89899
SHA512 8c56d376d349aa00948e1f3c6168dade76ac9a26ade1aac5a385dcf0253602f5a2973483d083425195db6ad7717494fd3cf674f5549774ac608cefa2a88bf0a7

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x86.cab

MD5 9bc8213933598d050827d20a4573486c
SHA1 e6f9ba62756a00c53746419dea221881aeb336cf
SHA256 9c96b6fc4df5c0efca9f0d653976772b2b964243214f99066e4ca4aa6df791dd
SHA512 a1920d042963cdda41df44044de5b94b4cee6efa102f633214e384918d93d2d6a31eb388bdbd00c7e9c199281e3b71caa5242e9a42e7f0be27edf90a3cf6890c

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x86.cab

MD5 f264af5a36b889b4f17eb4d4f9680b4f
SHA1 1df087ea99d321ec96d0d2f1c66bee94883d6f08
SHA256 bb46189eb8cb7769eb7be00cfbc35902072fa9408313ef53f423e5ae5c728f61
SHA512 73ae1cf3cafba148f4e5b4d8ac12a7aa41f6ecac86c139c6a7714f90f3dc61c444dc152a3ad3c2ca800c1a1f4955a2b508735f8490666b57d1420fb7a7bfc269

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x86.cab

MD5 dd47f1e6dc19405f467dd41924267ad0
SHA1 85636ee0c4af61c44d0b4634d8a25476cf203ae9
SHA256 39ff69ba9161d376c035d31023d2fdeecb9148a2439abe3afd8f608f7e05e09b
SHA512 f77c4cef5cb7e927948f75c23a190e73d6c75b4f55915859046533a10aa3c5abac77d8bef71a79368c499c85009213e542094b85b94b69e62aa66b60616777c3

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dcsx_42_x86.cab

MD5 73ba11ce0e936726fc9fcb882f8b91ea
SHA1 4a4babe3ac751e60ae6b5b0d69c93fa53d7fcd21
SHA256 a9a704b73531d6bf59a421ab5c046c19a16d2b0b07f09816dbe9da4550a24b17
SHA512 9a198eb93d5623651d2981a277eab4c345c08161254d0127d90c97344450ac1a7fd5c8ac840048a43a347e3296b286b646ea0fba88f0c7bce1ceed1484112d56

C:\Windows\SysWOW64\directx\websetup\Aug2009_D3DCompiler_42_x86.cab

MD5 87bdae64fd47a75f867a290ec7b8a4b7
SHA1 dd9e69e1815e8bc161e8eb89a0f2a296074bb95d
SHA256 6bd32337826f5a5141fc06391919a249e984150905c2546dc8bfc33d41a24e82
SHA512 c8f7a490722741df4e03823880c6d623ff16ab648a40c1b1c8f7bf26c92499eb34c4596bf239337cd23a57974757958ad9a30d42a4141dc0e7522f998ed3893a

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx9_43_x86.cab

MD5 bf124b64fc3774f61d30de0a405f0c6c
SHA1 2f8a8babfa4e51555fcf125e8373d9c5f7f7434a
SHA256 457c5ce48eaa0fe551b46dffc1e4dca985d261686d8d4e6bced533ee1f682fce
SHA512 935922ce74bd399e8358693562f86c9b4b6308a6e33586a5dd61924f8b6b2cfd6cb2e472fd082b9ea32c0abb9a799a0ba9103b4c316342f8072a7a3782c2116c

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx10_43_x86.cab

MD5 591a61bd06c73c70f93dac5af2d8e924
SHA1 c9d36ac5e2acac31a7413d22ed1c09c71cc96ffb
SHA256 f0bc06ceb484d97cf01526f9223df7b4357d166c4391869f2e7d514dc1fe769b
SHA512 3e2e3318a700a6ed82a21018403ca99728c8a56b7df81f99a5d705b586cee1141586dbf19a01ef1f1a72ddc8f45ddb51ba5769ae4634b02233ef1ac4e0fba5d4

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx11_43_x86.cab

MD5 061bba3836b3ffcbb01b150467bbe951
SHA1 00d8fbcd4068b3199d3d393bb4b86bf82985480d
SHA256 b80db68cd82caf8bedaee62808171b20c546a76499c3ad53014e3bd2fbd2918d
SHA512 aec8327e1ccc0b33b3e32d66a5ee25c4b70a227b708d10f61ebad2d998f3be68145fa85c50baa16a21ee766b336b1432fbec02c75d698793092015c832b6fc26

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dcsx_43_x86.cab

MD5 e34c0cf1bd5a68c80bdc709a452eb322
SHA1 4dd4553ec7e2e42d51a716b1f4cb58588bcaa164
SHA256 799b517227812252481c9c9b22cf16ff185ffc20b9273612c8a37153b53aad93
SHA512 3488a52f6fd3681b10624546b923368245f969330d4909e91c5b58f159cd24b258a8a2274d62243ca5ca9f1fb40f9f248b3bd92283f775dd24baf68ecc5fd03d

C:\Windows\SysWOW64\directx\websetup\Jun2010_D3DCompiler_43_x86.cab

MD5 e7dfa140cb0ae502048ecdf1e42360e6
SHA1 4db08318f78f076fcc6ff29737b3d6d676f59c54
SHA256 293ced557ad732abd2737333df39b08216f31601d7ab65b743fe51b4efb8b6f0
SHA512 39b69a5cc4a50de72d031c41879ed7644b577a9e3e3b44bfecc61d5312c7c32c964dc2cd37db711f7e486f444ca77fe732c642f3e494e6da1bc1cf774d9ef75c

C:\Windows\SysWOW64\directx\websetup\Feb2005_d3dx9_24_x64.cab

MD5 dca673a8f9f834f9370862d1c97fd9e7
SHA1 1a0cf0fdda2c9e8abdf5cc19fcdbeaf1bc1639e7
SHA256 be3de63f136a2b41d3229e477ce2cd7f67ded031b4b370e640c39b80368238cf
SHA512 255270bdbc1dcd6a3213d8f0da2e48c6445b0141c5148edd1dabc9ca4643667651694b68013412a4f2ec90ccd60a757f64a9a76e2576c4fcb056dde726a6f67b

C:\Windows\SysWOW64\directx\websetup\Apr2005_d3dx9_25_x64.cab

MD5 e961a77647e7fc2597a68ff572f730e1
SHA1 976d1cde1ec28a4992e1cbc345637447115f14c8
SHA256 a239e99d02fbfc9d30d5b705aa743fc070386faea1a66b3d67099ab446568a12
SHA512 cf72ae18e99942d959bce58678f544a10c98802d919adc30737389d6cc0d492f8d7902e0e2cd04501fe6429b96c782649658d2d35c879a202c23e88570a15b94

C:\Windows\SysWOW64\directx\websetup\Jun2005_d3dx9_26_x64.cab

MD5 05103e47f259fa22d27c871e4cdee7d9
SHA1 502fa5d15fe56dcf64431bb7437e723137284899
SHA256 794e23d8b08f88bb0d339825b3628c24cd0297195657f9871ee6324786fada36
SHA512 180e0abbd97b6781c6639c6ab2a2355400b8e32784a8469c3cbedea23b121cac5ba17f6aa509610d0a1e5830735455690f574054d6224a6a5d2ae70edb601835

C:\Windows\SysWOW64\directx\websetup\Aug2005_d3dx9_27_x64.cab

MD5 a9f4068650df203cee34e2ca39038618
SHA1 cd8caeceecd01dac35b198b42725cbeb5b7965a7
SHA256 3500c1a7cfb5594521338d1c29946d1e4ffa44d5b6bc6cf347c5bbbde18e94dc
SHA512 c92fb461b53051a22fb480ba5b6bf2706614ae93be055b00280be4dace19c1f2a9327106a71851b0e42f39e4172ea3a027f7ce878bcbcb252b723eea49dbcf1b

C:\Windows\SysWOW64\directx\websetup\Dec2005_d3dx9_28_x64.cab

MD5 d964ed45ff274da2c8f48e2cbd00aa9f
SHA1 5c2e5607065238fb24a0b65ddfc904406615e2a9
SHA256 daf10a54089755f9a8aceff0c7695f1aa42d35e3179da5b9bb91e409036ae547
SHA512 a74e2dd4bfb037e5f5a1deaa86f9c4a354f023b62e1f2075509fb707eee1725b1136441d1059bd3929af1a44f6372dabef9cd15d386a77b2b22a532b74cf16aa

C:\Windows\SysWOW64\directx\websetup\Feb2006_d3dx9_29_x64.cab

MD5 33618039dac4e97c813e5bc1a499e6c6
SHA1 c792b9d0134df698476c2fa4179de6bce8aa583b
SHA256 a5ffaf9d58da5d79402c4dc93e79960f971d2701d4651bb33d18925af641f11d
SHA512 35b490903721ca5faef73815d4f9c6f52efab1fe82a4fdbd7566a1b028525afd29a72dc68d4b7d219cfa5cb33fec241d6b2784f15f9795d368dc356b3df30b5d

C:\Windows\SysWOW64\directx\websetup\Feb2006_xact_x86.cab

MD5 fec720c0c15c43569ea9fab7ceafea95
SHA1 c65235b40865725a00675f1bc013ba8b77307669
SHA256 6456fc26622f3a72b9449ed0e61874cf1adba23cccbfcda1324f033fe0788fda
SHA512 8edee940930e3c610e709e2c6348abab479628bfac71a0c507f46af8d80f1f0c6e31c7c44af5f884668ce472b281ff18cb44a97ab68232d455b7bc8f89a75268

C:\Windows\SysWOW64\directx\websetup\Feb2006_xact_x64.cab

MD5 582102046d298e7b439c819895f6061d
SHA1 09900f44668350118589f18c693b131d7c1f9238
SHA256 c91a6380c65853e41e2f9593b954f3b5af49bcc894476d8eb78cd9f8b6dd7da4
SHA512 8aabbcbc88489ff8828d532be5c1bc0d33d7960f41c7b38348aae73ba4777999f4358466d061ddd8291dbd434e7741ee2c3215a10f8287be36209e0842c4eb2d

C:\Windows\SysWOW64\directx\websetup\Apr2006_d3dx9_30_x64.cab

MD5 5ec6f520f3afcc6494ab0d43b690ebd4
SHA1 2359e14cb6da44aa89a3815e905d6ffd81960d02
SHA256 27d99894e2a68601f46487c9999723dc83bcc9c6f903f2e2622d05668035b015
SHA512 9db4a9581edae2681491d5e13228642737d0d186e0e1672b063482b2e699274acfcb81dfa9631902e93e009adc0bbd9447061830c8ce2fead6743e2d45aaed60

C:\Windows\SysWOW64\directx\websetup\Apr2006_xact_x86.cab

MD5 a2132a62f9ab0bddc3207166dc014581
SHA1 53b19ac3e6c6752011ba641ee3c409ed10c95dd9
SHA256 52c71c89ccc22fed3d7c985a22c464451af34b63b3a26a3799bc25d881221ebc
SHA512 76fabd7f440b6f9b409b0b2635ead4ef332563a9bed738a722a7c6b9a077094154bf735caf02c67191b08ab0a19fc03e05ef3d984f6e34dcf3bd587a05d2f424

C:\Windows\SysWOW64\directx\websetup\Apr2006_xact_x64.cab

MD5 6ca70cdb3fa575506ba4035e9a50d8e4
SHA1 a2a20f5f95a1ab293a188a55bf593a82ea0dcb7f
SHA256 f82b2043b470bf0e711c3d05d758a379920340212437917b5d98af0c14e7bfe0
SHA512 a453ced526332ace37861a0a862fff3710ef74ed57965f28dd279f526a2f33c390e82fd2c49bee75476e5b4c349c40a71eee49edac720236a16780dfd700fe62

C:\Windows\SysWOW64\directx\websetup\Jun2006_xact_x86.cab

MD5 cfcca19d60ec3d822ed5ec8bbadec941
SHA1 ab0e87182877991810af48f1478906c1e671829e
SHA256 23495764aba10ff35cf9d23aeeffdf38716219d8a155ae29162f01f7fe6a30cf
SHA512 2acaea2de2d77bbe8206e8309d48a4cba432d72fb9bde2576bce7a31ee29fdcb0d44c2b996e8dc21a31bcdb03c806e11ad53b74d9c4c972436d5202825900c01

C:\Windows\SysWOW64\directx\websetup\Jun2006_xact_x64.cab

MD5 d404cced69740a65a3051766a37d0885
SHA1 288818f41da8ab694c846961294ee03d52aea90d
SHA256 5163afa067fe2f076ab428dd368ba0a2cf6470457ba528a35e97be40737a03c0
SHA512 87998e67b359c2a0d4f05dc102f6c4db4f260903385b7558a2c1a71436001d5b18f42b984e6b279a8197243593c385d41f51de630fa31c5ca5140f6970f87657

C:\Windows\SysWOW64\directx\websetup\Aug2006_xact_x86.cab

MD5 e16f0875713956a6f9cd8c5acad36e51
SHA1 984b821eaef3b549ce0b12f72a405a93e51a9dfe
SHA256 31b16f93be7f5f9bb78e9ece6da96565d50a0bc1f66b206b7a21c601a308dc53
SHA512 dd626d5552eaf0c1dbd32bc4dd84811bace74c6350eddac692d3c3e8c393f4a19c26e8f2932f54a14648448912e6b87c796c6eeb6da9b2c55ec4565983b76189

C:\Windows\SysWOW64\directx\websetup\Aug2006_xact_x64.cab

MD5 4ba26f9dccaebd7be849a076ec82d6ff
SHA1 42fb0d0089d8bc92735820f475968f59af4e4365
SHA256 13e7eb934a7596e7c3b7d8a0962e68da841d9c73d154825dc982ff6d05cff221
SHA512 4e4fd8a31ac3c2f8cc66d434103c0097ab3fbe2c2e8140aae2f95fc4ac1927aae9cdce8730dd7c4dad785d9a653d90b0f914b258bb5695c68ca93f605ac82dd4

C:\Windows\SysWOW64\directx\websetup\Oct2006_d3dx9_31_x64.cab

MD5 edba7bc2a22f3186420c271b7291dca3
SHA1 65483db4269be348528fd205239b811d775421ca
SHA256 4f5cffa56fd44f7775f12fc511a1e3f030c05ac78484f6866b12b82979067c22
SHA512 90a9fdad3d7f933da8c3731e42d262034907d8088b85d7100be46c57def02b436c31eb9ff144b9d67fd931f92a1677ec0cd762d9aaf066bb026f139499ba3a66

C:\Windows\SysWOW64\directx\websetup\Oct2006_xact_x86.cab

MD5 4fd2b859952c008de0542053b15bf0d1
SHA1 0800cec84b51fc6362c871fab87a09db5c4ad6d4
SHA256 f6b6ebc9c239c5263aafaa63fd691da5aa715e9c794d5fd663e86559d5c6ae56
SHA512 d656c3bfe4593ea9084a5d09f0173c8f6b7d6229fc7e3f6757ac03089cfa94a7337bbef0456785b79d777b976f5a8259056d2ddcfe0f74d78c304a02bcee0ad8

C:\Windows\SysWOW64\directx\websetup\Oct2006_xact_x64.cab

MD5 cc568d26b5b4cda021d528cf75b21699
SHA1 dd47a33950c9e3a88defcaa7ea331fb1f1bbab97
SHA256 662d4e5d005cdba02fabb0d7a68a7b48ecafdebe21718d892833d5c482e5add7
SHA512 24b53bbd82dec594d9909352d1f2afe69b6f082db99aab3385826c4e8d22f5c075f3c5a24c8104dbeef2d894980319af141c65d768a51936c75092a846f3c8aa

C:\Windows\SysWOW64\directx\websetup\Dec2006_d3dx9_32_x64.cab

MD5 2290064562f2d6d197765f4edebc5bf0
SHA1 70c2e3c3eb521ba4c46c428d57166631f86512c8
SHA256 da1ce01be39f41f967282849715e8310dc1887bfeb92c4e0166d2c31f00647f7
SHA512 b25a517de79668e3abd88acde835df4a0d69e70ce0e001db31d5debcd812bce46f4ada5e07c036c7bbe88d6dfc9f6531b2198f03fc27fa46070c790b45955dec

C:\Windows\msdownld.tmp\AS5B3EF0.tmp\Dec2006_xact_x86.cab

MD5 082b7d69f96799aa2ab1a8ea1fa2ab88
SHA1 75c7032b749259977c947a5103f9a4b92c2025de
SHA256 b98e55c654b9ee6f6d040665d932bea7a1299c56cc9996eea900ac4f5649c7d3
SHA512 57c96a4c99ab9a7d33a8cc81a3b4e2ab58fe3a2fbc7f79ad688c7d0257d281c662d4ce0737f68c00d15f715bc6177d2ff9cc32a69cfb77216265fa56ff79dd8a

C:\Windows\SysWOW64\directx\websetup\Dec2006_xact_x64.cab

MD5 f34ffbdb67dcf84092c9d321e3343d3f
SHA1 52fafa930c3464e070e1e4692d4600b12678e9d7
SHA256 bdaf9c41f83e65de2b73aaca2002541d48c65f551cfa0578b3259d3bfca54ead
SHA512 a78d32ee71f5b4214e9b8b95fb8bdd4b629d34529fad7a494219175ce5cc129a3f5c500d426afe0de6a680977fb86abf0b77be353d8d19d6ed1a11c421c6e757

C:\Windows\SysWOW64\directx\websetup\Feb2007_xact_x86.cab

MD5 a09f7eab35816d682e7432dbb36b047d
SHA1 db67b9434abaa8e7f166956a1c8d01f536162c21
SHA256 0e3655490667ddf17150aec089889268bdd7f1e8367d2bed6f3eb68a5ff28288
SHA512 fb1cdbfb3cdd60783d1c8696ea6efb746331880c79aa74052808ca09092cf1a2336bf784104d16203740998129b718dc0ad4a632e4031e85ccf340c593f05e57

C:\Windows\SysWOW64\directx\websetup\Feb2007_xact_x64.cab

MD5 cc622a75240ca96fa8f28bd984bed5bc
SHA1 424f216c5c0e02ae654612eaeb04900c9dafbc61
SHA256 3454d5101716a5c17bcdee8632668d981f99e8558d8d05e20a33ed718ed8c2ac
SHA512 eab36cd6bc3ae6f67d89996785f9c7d51e140bfb839a866b4e4ffa7809846df861d30d1fce2e1a498e8403deca5ccbc50b8f37f4c1b4ad3cd3a63b150c49ecef

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx9_33_x64.cab

MD5 f33c12f535dc4121e07938629bc6f5b2
SHA1 6b93fbe3d419670a71813e087d289b77e58e482b
SHA256 3ca2acf6b952d6438b91e540f39abcb93ee12e340ba1302f7406f01568e5cf91
SHA512 df1753ab43d5b7fde2a5eb65a77b37ba28599bc0683a4306f101c75f82b0f1a2c8ddf5741981073cc5df26e9ea38c9a495ed0fb1689d2e7fc7d6f693759c822a

C:\Windows\SysWOW64\directx\websetup\Apr2007_d3dx10_33_x64.cab

MD5 906318e8c444daaaea30550d5024f235
SHA1 3f3dccf0a8a1cbf6f603be1da02e1e2bf89d24fc
SHA256 1a37565c5b868b6a5c67f3e24b8af547506799444cb77c7086e7b0cec852f239
SHA512 0a7aed2f49ea3dcbca1607fc46f166a44bc9d08589db05051b422c8ad84adf322352f71333367c612f9579b4aacb4cd6b82489ddf168ad67fb4d42ab52999c88

C:\Windows\SysWOW64\directx\websetup\Apr2007_xact_x86.cab

MD5 8922189c0a46d26b2c52c65515d87180
SHA1 27830c01afb15158186a045b7224ef33793ad211
SHA256 39f970bf4cc42e9325ada84a603c6c691bf94921385a52325f402f7432ace697
SHA512 53d51caa2cf448681a709f2b9737ef75dea4e9a46e2b29e6588b13e941671643a64d3597649aa2ae0b1fe9e5d591ed00bad9ff3344ca62851e03a68279142cab

C:\Windows\SysWOW64\directx\websetup\Apr2007_xact_x64.cab

MD5 fbb6aa140d5d0aa28a7561ea15d69e72
SHA1 26804276edbb1ee23b96690b40a01bb9c723f7da
SHA256 7781f0494648989583d4ac7695b9c5310eea76b6a102e15ea0fc7376250e4584
SHA512 08d6f2ef3346229f71e9fd6904d99bcb69f0a03cbd2d428f0a3ba58836694b801446165814aee120b4c5eb7046184b08fb49248f5e1941579b9caeaf9fba1b1a

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx9_34_x64.cab

MD5 8dbaa3047397ee4cfca2efffcc2dfbd1
SHA1 d88fad72d7eaf38b8469b2b8492311c39c42be04
SHA256 fe4b15931e048c97cbbc26f753093e7d41eccf174402542631284f8bdb9ee692
SHA512 1ce01bf0bd4c0d832d95b13e958da6cb69c0d3949b128fcf40ec59ecc0ad8989b27c91eac28cd98777d57dfeb811cc1077fdb87348a11b6370d806771d7e742d

C:\Windows\SysWOW64\directx\websetup\Jun2007_d3dx10_34_x64.cab

MD5 1ab35d11274d1adbd316b19c44b9ae41
SHA1 14165ec367ce179588c8a5806fc968fdb49b4aca
SHA256 02ed1b5a850edb52ec174de177e91842edc7c5f4c06ceda5b16f3427dbcd4c99
SHA512 71c8fac7c95211d323c4fb6a02916e7d43ee399bbe0f1d983b5ac210f5039b23355f40b36f023f3c36e19787e2871a60cc389e51d6327652cd84d9e3b93d5a4d

C:\Windows\SysWOW64\directx\websetup\Jun2007_xact_x86.cab

MD5 001cff513a31ee082133e7ba3b0d71a2
SHA1 4517610a25239a16c26ca9890e1f0e52dda3781a
SHA256 245b0c554cbe2677939a70e5c4c6666b1b43d10d47980223f8cdeadb2d0eb76b
SHA512 7119f6ca16fe6d968310f34828f30d8144531b89583cfd529056d2e31d5164fc65136fa9015b69849f724ec641a9291ac644c91cc3fa8ebdd4daf9cf5a665a7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7124d1ea786d7de64b0adb6b69474581
SHA1 b1c045776ef5c74da818f76bd50b0cf94ff36d12
SHA256 bbe600d41930d8e01595dc82e42d285eb7f867d729efe2aee0c34806cd29569e
SHA512 b72659ad8003a1c67663a06dd7b7458658f3a023b25f652f1a1a1f72db09ba61dc408dea06fd50bdb988d5ead348e3ad99c3c1a213355f32326b3130ba7defc4

C:\Windows\SysWOW64\directx\websetup\Jun2007_xact_x64.cab

MD5 b9648d12df695290be0479c1e78894c7
SHA1 932627d40a83411f9f4006792adeeb4c3a74cf37
SHA256 3f2ca0accef2594fb014296f4111b7fbb59729c5d928b22f7283c392494fee7c
SHA512 240b622b02c5fa3d036043ecbe5bf29fee447147af36e795bfae83fafa35934fc22a3e9cc2d846bd880d7808897355e16696c555146ee69864472d4600ad25b6

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx9_35_x64.cab

MD5 ddfef236e7d70471aaa1741a8abfb735
SHA1 5f7acde3116a6d4363410d984b9c8919674ec9c9
SHA256 28b6ff092de67717c47649c87e7114c34325edda199ce2943403c4f3f4c3e0b2
SHA512 00990f7e6f266c67385813b0ba399a2a2c970dcfaaeb7fab183e2ec0cc50613cb0ad57200bcdc731900d8f7e609c95e8ff9cddaa52bce2ccedbcf4e9f74008ce

C:\Windows\SysWOW64\directx\websetup\Aug2007_d3dx10_35_x64.cab

MD5 8f715d741b7401547a263fd4af02e7ba
SHA1 39c031174008a0e7bd603a5670f578c0cc6443dd
SHA256 c97275f60e2f25732b3b264b8bdf9cfdaa39d6e5b189c08fab5cd7a04fae9bf7
SHA512 27cdb534361c1f6205585e1baabd83b03f6715d29afb61351f660bed1ccd1ef035c6541ad7e4c551bfdd2aa8fe77a903d23eb27618ed369c37a369d373467c8c

C:\Windows\SysWOW64\directx\websetup\Aug2007_xact_x86.cab

MD5 12fb614027a3f3ca6b510bdbbc3cac81
SHA1 aeb8241e273e12d984f3551b2e9ef978153a6ff8
SHA256 c35652b18c6a2d108812f415ddd435ce0eef5489e37142300ba67d66986ef43c
SHA512 f983f518ac3573a6425ffa0ca049ecbc9d4b857bc473767ce2c67fe4118731ecf902ae739b4d817288bf6cccaf5d9e90ed035bbe23fdf7026d16b80c08c441b8

C:\Windows\SysWOW64\directx\websetup\Aug2007_xact_x64.cab

MD5 527e5861d4999e7b410f5bda36cd6d7f
SHA1 403303e3c349a283c275c673261b600b3589095e
SHA256 e8ef9c88a6b958916c1959d1c6c7f1666d22e0f70ce8a8c83183f49ed71f6287
SHA512 38b1d719a477990eb5033cf870b070103d13fedac7bd99e61d54e7afe27d3a1c73a250981524c9fe9a29722efe01a033531ddc97fd3e550d4ba5df28903c5bf9

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx9_36_x64.cab

MD5 a24b26f20ffd17ff3725a6dac823749d
SHA1 e0a9f241a083a58bd62046b0fe50afe73561c901
SHA256 23ad953d03c9da720002834eddabe71bd649dc9cd31abc7a09a8e77a948414c5
SHA512 5fdc1571574ae2ba50bcaa90e2cfe2dfb30a66574b6dad682c5b1b68c0ce1c8378ca8a766485968ad20432672b42a030a6edf6275b3f78daef055c45f37d0d3b

C:\Windows\SysWOW64\directx\websetup\Nov2007_d3dx10_36_x64.cab

MD5 9ad15681fa177c198ed2c1780f92262d
SHA1 5391c59fc75cdb5426f71e09b67384b2b9fea98f
SHA256 bee9bec21771bc5365847be692e785ea619d625df629981a167429df6f0cc9cc
SHA512 eca7104fa4e306326a92c1967d339d32b9e9ba1e42965fca820847f9f9b085d1ed30867db10129766f9dcc9b6320d4bd43f05103317e53b79f1355d1f1d69f05

C:\Windows\SysWOW64\directx\websetup\Nov2007_x3daudio_x86.cab

MD5 bb6131295182fe609e802e39f7b3af9f
SHA1 925dc4dbd64492f4d013063ed6562427269668dd
SHA256 90f472ed8b0beeea5db1b462da44577160337c767b27ce70ed58d68d0a03e7a8
SHA512 0b61e722b2ccbcf8de5d56244d9bcadf5d97c43da0ef01363f1f0d79f686b70c74d3ea5d6482ee28d2620c647cd690f5fd807e2f5b4328044aea5bdb6372d04d

C:\Windows\SysWOW64\directx\websetup\Nov2007_x3daudio_x64.cab

MD5 523deb17de80955969d860376fc0768b
SHA1 8964d237c360208e42d1a879e541dc710f1aab05
SHA256 122e09bbf46b3c3edae6c28ad060482dac24d4331c682fe0231cc5b6fb53c5e8
SHA512 c46522b916bd840478c06256305c187f950e525f7780a1763589c3ead8cb425a245944549accd58cb626769d368b03a047cc3b1fb38cd2ec4c4bcfc5668a2b7e

C:\Windows\SysWOW64\directx\websetup\Nov2007_xact_x86.cab

MD5 b3eb2dbd7a3a366ef2a2e1efe54a4e4e
SHA1 7edfde36ce6f8904b86610ead23aecffa0a21c63
SHA256 6dcb9461eab4aceb999784ecd74d985b3543899542ffd66203929f409c70c8d8
SHA512 b69cdcc7a2519a48dc13f60bde5dd0dd84af63386b1d98a507103492ad8a9ae5bbfda78761ce15db9abe5f201d509fda8013f3489aaf21db85cdd25dbcc29cb9

C:\Windows\SysWOW64\directx\websetup\Nov2007_xact_x64.cab

MD5 3d098aef8ad101782fb2187d7666ec64
SHA1 e6565c1c8cc68a0013490be6b3d6819dfdad94b6
SHA256 9fa6f4116a4eb1e72f75cbdcb2e34198a243d169276d4f493ecb8a9dff3722d4
SHA512 eed7ad526c5dba959e5d5b963154ccd87c4177a286e2f59a59ccbc7226e7a738ec89ee9d859113b72eb5c15caad444929c456beafbe125853976cc9e1f4936f0

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx9_37_x64.cab

MD5 600b24bef0749c2fbf406e0173478843
SHA1 d373147cc4ff0cf42d084edd75af18f1d0a347aa
SHA256 7ef2e2a5d4843f58b3eaca34f5a9c63e9abfa726a3244b762a6de70bb9a95123
SHA512 e156ee9e70a1b2be4b2d4b538b6f6ad4f4d877bb0d31297464840e3eabdb9239d73e54a9ede97c4eda688d7afa8483e271e31fdf9c658b240aa9510f161ab19a

C:\Windows\SysWOW64\directx\websetup\Mar2008_d3dx10_37_x64.cab

MD5 756fe364f6a8bd2e70ecbbe895e134d0
SHA1 eaf82f86086510c0522b5dca8199110874b11b37
SHA256 6aff708a5bc25b4ecee972f930293324f86bc45dc97d687dab782108606c5902
SHA512 3d1c0a3ca8da93a85a459b252ca9ecd9177a450dc1a8f73add303a601ec64285fedd2dd97ae0a2c72661dc579e03fdd63ae6df900f645975885ab7a178e47352

C:\Windows\SysWOW64\directx\websetup\Mar2008_x3daudio_x86.cab

MD5 5262e69c5834aa27a833c1e589cc2574
SHA1 757bb50815568a7aac35c1d85adce68466fa39b0
SHA256 1ababdfd6ca26f1c56f618f8c9f90dbc063d964bfa31caa787b0a8a1bee519be
SHA512 82f75f1fe7524e32514eff95ff7013ee1a095085937c1d31c7209c6403b6de9bf5ff0391fdb4bd3ef3d2cfbd941924732ea2b9d30055d90e04405abc426dde95

C:\Windows\SysWOW64\directx\websetup\Mar2008_x3daudio_x64.cab

MD5 bdc5ed445942d7384d946acaf03363c0
SHA1 b7e021195bc4574a5676ad57eeeade1835299dfd
SHA256 312c2dfd80126d25a1cfab0fadf5c99bf1f81b404e121afec908f5b5d04529a2
SHA512 e6f792d767f5f4d3fbb08ba555d6aac3a8a873c11711eaf8936c738a9205fbe6ef7e64a9b56c58fd3f858bb7c20e595afc2f3c9d9010e101c2eca737d1676895

C:\Windows\SysWOW64\directx\websetup\Mar2008_xact_x86.cab

MD5 486b18945e3f5ef496727202eb8e1473
SHA1 d1741959717a62b3981542b3a9d75f58d5aee637
SHA256 d2140d9b4420b022d6e6135a67029033b5b0ec083893eceadd1007eee41ef4cd
SHA512 e262c6b5bea9c60e07985eaa5f84fd7d8191a17739dab8985fbe60116352cffc06f05f309c6aff00a596d8a0b61982e86ebe26097554f1a46b337d155ee437d7

C:\Windows\SysWOW64\directx\websetup\Mar2008_xact_x64.cab

MD5 3fc4683385ca18bb91a64aabd6287ca5
SHA1 1dd91f7af09a1d6ed2d205bc385b526d3400336f
SHA256 b6f81e365b7fc224f66bd6560e5040dabc9370b3f21f9bd85728349200dd7632
SHA512 4c6be51c33444d62967ac4dcd3b0ae127963ec831f4c618cab2989726130fd5a50d3928e1e66111d000f14b8fd3882aca1b0725ec6025359b30017cbc5380afa

C:\Windows\SysWOW64\directx\websetup\Mar2008_xaudio_x86.cab

MD5 dc71ac34a07bad6d68fc0520a5b0fb2d
SHA1 fc74844b5bc6c504568fff83ff629e802b859f39
SHA256 bce9c695d24972eacef357da0f83ab9d9cce2ee9a46176ffffad3a0abd64f48f
SHA512 15b9e540e0b194e2b6a66a41a143184c4ec26c8124b6d7827cea43d7bd1f0bceb33c5617522fa5787ad28423a48f4e735c4e782b12abad53defd1f9ef0ef9c11

C:\Windows\msdownld.tmp\AS5B84A4.tmp\Mar2008_xaudio_x64.cab

MD5 3b2c203ed13d8901ab7c27616da80b6e
SHA1 f4c659eccd07abd1429ccb0a403c6fa80e821631
SHA256 e9a2e00f9c96bd5c91c4ae069c1c2ef6451e0207e8c18074f14d0d0ac08301fa
SHA512 967125b6ee2e3c4ca7c80037ca0a9d4d766ebb333ed68832ba1c7e321cb6ccdaa6ccc6242b01f61c779515e34185c63d71e99a7a2cd267f289967413c3606aad

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx9_38_x64.cab

MD5 93e07225a9cdcd077af0d83b232da2a3
SHA1 8ebc7e6376203c68a2e3cc82dda75b2e7b285aa9
SHA256 f33a6b6ef55bd4e75a2e67d269b917fa6113f2b1c9b745b19d3ce6a6365d1cfc
SHA512 6cc39c9eaee38a9ae8755ebe6091bd60ce780332a8cf70934f8b08bc920a148fe8ba78967f2290609f07ab992880ffd64c55b6243fe3b0d46dac56a12aff5367

C:\Windows\SysWOW64\directx\websetup\Jun2008_d3dx10_38_x64.cab

MD5 ae0baabeaa94d668f9f1948442fe9b79
SHA1 34dd1c1ef542cceaf8202f41761c0c76cd9611f0
SHA256 a75a8109e3b4ce2a805555577d45853bc2e67451ba287b45aa3ce4ca14ce87b7
SHA512 da4fbcad45a08d8c691324aed44c227e6b6a22b2578804806f492bb7c1644a8f9a8aa7540d6f35c0fbd243448a79e56bec2e7e2b26bda40f637242f1207c789f

C:\Windows\SysWOW64\directx\websetup\Jun2008_x3daudio_x86.cab

MD5 dbc81af3e6112058cb652136fc9e99b4
SHA1 ccdf0a69cbf4ceb933dbbbc15fd96df52931f4f6
SHA256 75f048bc8261c1877126a82d3e7983f22f830596eefeaffb799947d9a13afd51
SHA512 879f04a0c66b76aceece022397f87e52f15be73bbe479fe03f01163746e21f6b5178091f30a5118b32f116a4ed27a99c1baee5ea5da9d2e277b6f534daa4b841

C:\Windows\SysWOW64\directx\websetup\Jun2008_x3daudio_x64.cab

MD5 8f47579336d3e8bdffa6ec7efe59ba29
SHA1 4379c4f9c5425668abbbdc965f8bd9df0b7b0855
SHA256 7363590b33717a0c2e07f3b2dceb3689a526b255f29c84092022a37bf6e9b9c1
SHA512 257e5b70b727b44bacc49fe30d73d4cfe0637bde62ebae58218bcd24f4d97a3f9d30a938b9a8a6e0479b3f6b0410bf8093e7d74752bb1df73c1906dac809ccce

C:\Windows\SysWOW64\directx\websetup\Jun2008_xact_x86.cab

MD5 54640e3a5216776937ee5f026ebd22f4
SHA1 bcf0ea32672f6ddc01bc4e4e23fc67301769f42a
SHA256 fa86c9d133cc5ca499b1f57d52a6024cae3f5605ff0e5bc466f07e3f7bac121c
SHA512 6b4fb153aec1f860fa57462a70937de3a94d61164c263850ef883e72569871913df5390bbd92a6b2574ffed5e8f39e434e435f16a0ef232121eeff3e71db0049

C:\Windows\SysWOW64\directx\websetup\Jun2008_xact_x64.cab

MD5 a3ecdff8018bd0ad0d1a34860e4cda6e
SHA1 36db6dd7d33e4ead7fb2629205b8c6717a62dbce
SHA256 09e15921b2a8204235c7128b804f26e72599f05f55005bd29fdb05da8c812460
SHA512 01da2b3ee535dfb0648fe340f3fb34fe98dfa7d5e0b87d5041ee8032581bf5bc0cb03678dd19b9faed3e0b9dacc36819cedc705fa5f093f8244e422ebf30d9c4

C:\Windows\SysWOW64\directx\websetup\Jun2008_xaudio_x86.cab

MD5 50de676bbab28205c1d045c35eadc944
SHA1 ff963262b0d5d73e27a827116eed38ee1e182258
SHA256 6d128830655e6cc400c1677ad91341e7b69f3d3f5acf32bc44ed2a32b5e776eb
SHA512 5f544aa2c671a5ce3b6431059ba042b00e973920b1e77a57b42b387db493d03e2a8ef1bde824d7752646eda20e7ac3e17b5729e391a2e3e20ef953c65b7542e5

C:\Windows\SysWOW64\directx\websetup\Jun2008_xaudio_x64.cab

MD5 be0eeff1ac4f42be998940f6564e89b5
SHA1 62f054a4ecd6aa187c3d1704378c458786de5337
SHA256 7679e7b1e03399a5d0d7b802308ee1503a9c5c59935d16c330db760876bfb37c
SHA512 c3ff516aa3730e908ca626349f037311f5521849ad970c64dd44e63344b29dec6a40454cdf436732302514b976ad7d8913d7416468241ebe4d2f043056510192

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx9_39_x64.cab

MD5 85ffa26e1821c06035bbb25ca9241c34
SHA1 272016aa12473f9c3ab33be1ae1ca11a2df3eeff
SHA256 03f30dd485a82b6505a881f525e432bb84447e108bf086ef341a39951a1863ed
SHA512 537e708761fdc3b5f1a3908f565e0d2c09a5a7cc4566fc65176e81cffde8702b918377d9aa701032708ef253b91f2a7153995e39fe4ac2cd311d51e791bf1473

C:\Windows\SysWOW64\directx\websetup\Aug2008_d3dx10_39_x64.cab

MD5 dda02cd5814439f8368259285e408845
SHA1 6c9de1bcabcdd5333c24f253f38ddd256e6c6787
SHA256 c6602fb00efe93ea7875e29974c073b4f83991bfc064470de94a95dbacd51712
SHA512 8809577e13859067d9af53c4d6d6da047e9c88d264e7facf102ff34101c530e2691f1b6442ac2694ad3342f83b1f5ed3333d6f12d2523cc1a6af1a29b0aa6c24

C:\Windows\SysWOW64\directx\websetup\Aug2008_xact_x86.cab

MD5 5e96c7336834510b8af861083d87e8d1
SHA1 1c4065905496690b59b0c7ed25399ce6593a4a29
SHA256 736b3c20aa536c1569465badec5bffda858978b2d9ec1e48ad639ccde301d6f6
SHA512 683cc10a5fb529055bec363dba6b26dfab6f764fbc256ac9c224d70fe7422d4df6e1303cfb707450d1150d79bf8239bb55653e2f0af87c4dc28969ac0db17306

C:\Windows\SysWOW64\directx\websetup\Aug2008_xact_x64.cab

MD5 1284916b97980a2dd714ee7d9f3bef97
SHA1 80216e9bee9ab8a7a94c11039126533308411034
SHA256 1b640b0022c876f74a41db17672bb0685b74d3759a7818f84c8ffc51a9aa0d51
SHA512 aa367c5eeaa123eb983a188bdf9558deea1052ef0332ae144ffe2681039c374fa80adc0daabe12e91c9505107c2bdbcd4780b58e58738183ea8ca927d14a0bae

C:\Windows\SysWOW64\directx\websetup\Aug2008_xaudio_x86.cab

MD5 60aa66cca3684683e233daac694bdf09
SHA1 a14140e7eed90414b10ba0c248ad0cba888c1516
SHA256 a1550abc06e39ca576d24efd2801d139c64c7dce643246a7ddf2de2d03a7ba23
SHA512 ca846a0e0ad82b4c96ba1ef01e6bb0b98852676598c4e3e80877018f6d4ab25a2f4eaa8f80115cc3304aa75169a584560de65f2a63bfb43f26b2e1a2f7edb5d1

C:\Windows\SysWOW64\directx\websetup\Aug2008_xaudio_x64.cab

MD5 154c82143b1b0730e7df3459cad48253
SHA1 bad95ba1b8294f8574aa93c6aa3dabc1e2ae95a4
SHA256 42807ba4736a40b7bb9b4b558c0daffd2ca75987dafe47a6571f3c45f178d29e
SHA512 db6d734003542c8891ab86d3cd2fbc96a020da852bc4098c9451035ec40f33ec0de44f770973df932abdd3c1ac35109a12c542278d0c898e54e6f8bd49c20c97

C:\Windows\SysWOW64\directx\websetup\Nov2008_x3daudio_x86.cab

MD5 7b59a5d0824ab10eb4dcf0295d2c0a09
SHA1 0c084c3e1a3da5aff22aa924a5209c57d44435d8
SHA256 8fbe56582e93b3277caf8660f689cc9e9fa6a33056d40a88d48f669a005430cb
SHA512 db4a91267afd98205e98716e0080f18d8efac9b2043962e8b909910619d04ad3f99692b1a9b0b612c8a5fa32b31150805e375b67ac6b897dc1c70bffc9f24f81

C:\Windows\SysWOW64\directx\websetup\Nov2008_x3daudio_x64.cab

MD5 c931e5b595c62925df29ee9040a0bc12
SHA1 2a06d78f47160cadcd0f9ec634818c9b79b7f61a
SHA256 4da03f7a174d276dbbbe469c12670fa85fe247428fd5033e93ccc3ae4d5f84da
SHA512 5d9ec84116df04b955e026860ff7b2750cb87261d2a91088936e7b5ee500548686f4a7a4884b1c54081701f3982c8991613c0c77c93fa32df70084e63717112b

C:\Windows\SysWOW64\directx\websetup\Nov2008_xact_x86.cab

MD5 6323491029405204cfb35e995062b79d
SHA1 b281a0781b01d2d5f55723f5674df508873e35bb
SHA256 3e804174d83cf4908cce7aac97756541a58c16372368904a253d10d64fb4d2a2
SHA512 c0b39e2c1912d04d39ee46f8e30e554fbfcb8d011c05a133774ef78ec761abb7d619aacd68a8dca48b6515ad003006a500386bcaecb9356c0cbb41684bf797f1

C:\Windows\SysWOW64\directx\websetup\Nov2008_xact_x64.cab

MD5 45eb89f9552c6536092dbb848dfca448
SHA1 40c7f5144e80614870bfe1ff1d0eb400deb8fdb6
SHA256 636f4829ebbf2e9a1ebe572a0f0b7f8289089339cc38c7075f48fe4930134cc2
SHA512 e4e771a0b6b93db895620c23a32ae4bf3a455a687480c7c1363e53e9b8d9206cad53989bf27b326e1583c4a993c59d68ce6d3f054698c405c8cf62e3cb256e6d

C:\Windows\SysWOW64\directx\websetup\Nov2008_xaudio_x86.cab

MD5 350f4eecb4407263a2417a284d355186
SHA1 ec76503b1f170010d778eefb6c3ff1d4aabd309b
SHA256 cad128dc2e64a47f65bb44f43a5a0650b045a5dae34ce13f34817642c56e4721
SHA512 c6a1c97bd08a02135062b5294e895e60e6c4361626bc15c0693b2a3aecf610b5e9604c1d71aafb1a62a9154cb2fd8067d77894698585286fe2900683982c1c29

C:\Windows\SysWOW64\directx\websetup\Nov2008_xaudio_x64.cab

MD5 97ab92ee81ab716560b9c51ba6e644a3
SHA1 681cedd9212cab09139585a69bb55898fe7c4a40
SHA256 63229aa8bd8e675b292c263fcad6b7868394ad29987d3f4db55f618359cb0681
SHA512 ca783306876f76b59e5c0ce4f6a49461bf5fa4c2206f289fc40c0f0f050687fcd798dd1b07e2229aeb0a0b736dc5123d4acffc0e737fa70f51ea7abb6d410372

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx9_40_x64.cab

MD5 2d7ffccf9db1906fa49be695354e5290
SHA1 8d0a8a4b7241e31bf931cc3cbc2dd50cb48896e5
SHA256 9499871ec59f7f115f51399f21730734fa1037eb0c1ef9f1bd12c0479b216a6c
SHA512 5df399c1b62652a91fd3250fe696aaf283f028910f0e25762576bc7c74588822dfb4010ea33c05d222bc60fbfd6d3fcd757bacf4773d7d2fff734eeea078beb8

C:\Windows\SysWOW64\directx\websetup\Nov2008_d3dx10_40_x64.cab

MD5 9bdcd6514ca65c183866b1988ca23d43
SHA1 6678a610be410bca5fafa0761afc10eefcf1bd7b
SHA256 86f96aed9c4e381623a6476bdeb375c3f49eb0f252301ad4db2f7974362790b1
SHA512 e4a9d9087633d7e6302ed58de60ae7d35bbc1257d209b082cc67f36bf85572912a703f990254e15abd8e3d0e5510f4f9db8e2efd1d567f647a2da2608e49bd7c

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx9_41_x64.cab

MD5 212bb7229cd29cacf1a5ec4e1c6e52e5
SHA1 c79ff23f737b991e8a7f38b9e674677482405f20
SHA256 53da650f9aad168fe8034da45abbabc950729780ecc4f645f1470e851fd67ac3
SHA512 6e1396e665f7b7d6cfda0591ec4c4082f8e3cf0eb2e64b7eb771cbb16f73af2a1c35ed2499062cd51d2c7c438425e235fa21bc48cda6ac3fc60d6518bf609fdb

C:\Windows\SysWOW64\directx\websetup\Mar2009_d3dx10_41_x64.cab

MD5 70456abbb34272f7a6c2a48223c08f23
SHA1 3d4ae2460131b32293a2f0b0c3c3b4f8b4dc484f
SHA256 25ef5135a88061ede0c4fde037be62e3a11701748ff83eda1aa9cc496687265d
SHA512 e660fa94c8d579aac1a6c8f8bbe55e2488b744a8acb59631eb82231a5c3363b3b923d43e6fa044afa5190060c8da67c0800c0255d8ee666d44f45e177a8241bf

C:\Windows\SysWOW64\directx\websetup\Mar2009_x3daudio_x86.cab

MD5 fa5256647c0eccc35c2b1c581a846f91
SHA1 0d5a854808650098afb36c25cea9f67d2c9ca7a3
SHA256 2984d216a782ca017243f4685ba592801b1ac3ccac2bf20a8a134fecaff03510
SHA512 0ee38e439e202e4a06a1e9965112a663dfd4f7bfa5a6f34694f8429786ab0eda3a6ab13469d0e750d9efc8834cb482fb8894e76673aeaaddd9fb814bd6b13204

C:\Windows\SysWOW64\directx\websetup\Mar2009_x3daudio_x64.cab

MD5 e28e921c4c92007597e71d499edc77bd
SHA1 d8c0e4ad125b21a32f14d967b7f1f9dcace4a86e
SHA256 53a41f2989a2f68e4e927c89b2e38bbfcee7a2182ec588db233f26292f9d7911
SHA512 da023cdf89845bc7c7d2541348455c17730d4890df5b8be00e807d7c453d8d1da1cf12600a600f22580f9805233f96dd3394ef95c511e267f33746701b6f1d64

C:\Windows\SysWOW64\directx\websetup\Mar2009_xact_x86.cab

MD5 c1ff75f8ceaca8bb6194efc53563a3f3
SHA1 789890284ad15df5acaa580dc47ddcae1f0d0c41
SHA256 250c430741fc09d74ef6f43559a365ee908f52d96cfdacc7b6d8bf5e1bd3e5e1
SHA512 5e51ec6d2a6c71ccc070a48539170dc9738c7b500d6bb3bdf9fa15a85e435b4418399524d278babf0b79ca91880206d7c57a7a27104093dceb1ee1f9aecba1f2

C:\Windows\SysWOW64\directx\websetup\Mar2009_xact_x64.cab

MD5 a9d30e5a134b5d7c5381e4dd018ab673
SHA1 2fa0a0050281d98c2b00e1a0ae0b99d0b6a594a2
SHA256 19890202eaec445617d364ffbde498e8eff48ebe5112a42fb4b99b4258aa0757
SHA512 5257241c6d2638439e6274c084a096fa753536c0d5f7ffb1f4242676a9a27ed4691cac7ca614df039278b87ab628a8e75fdc6e223413abd82b26b970869abe1e

C:\Windows\SysWOW64\directx\websetup\Mar2009_xaudio_x86.cab

MD5 528d1c8ba95c79a237ee6f83403b919a
SHA1 cf2270f9d664e90e6481ee37c319ebc0dba1efb6
SHA256 e7aacd3af1c4e2031e4e4365d47e8af1023272c795f823b41f1728d48d127b67
SHA512 f7fb7c5cdea9dd4a58c597019cf50c50a568bedbce2fe86c9c9aa459f16c66a23ddb89e45970de251de49d0b2f92c250a836ee1f727c43bd3b062ab716aa6bb8

C:\Windows\SysWOW64\directx\websetup\Mar2009_xaudio_x64.cab

MD5 04850620fc179a2812ca31b9ed375ffc
SHA1 cc04b25b10b16166e36499256a4693297a7023f1
SHA256 2c1610997f383e55d5e264b3cc52d9bc5262ea72bad6116a0d84e623f61b0361
SHA512 d27ae04e183771bee6ce15f611f563657c0fc4914d5857b018e7fe374122ec9ce56ebb2c5f990f46689255a84ab3d3e8d9746b41b0559b506df55aa7cd7b0d03

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx9_42_x64.cab

MD5 e3a8689d2876c6d3baac0b36b5c4bf1e
SHA1 22746af0bc59f5ba90a1f48a9cebdb87f40e56c9
SHA256 54a61b655ca36f76a489b46c6174dd601a831210f16ecb9d839cdb7e19d47904
SHA512 76fdb7b7cf64751e1d59e70968a14547e889d2645468e5125c280d8d585a3dcecfbd83cc1a08d552db7ee91be78d769372dfd9e4c0e86a5b80ea32ec7a78073b

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx10_42_x64.cab

MD5 55fd3e53e8b2bfb1de4143b5f2b7c829
SHA1 c3711ebcfddb1d52e9417bd02509b768e683fc40
SHA256 98ca8f4d1c6cd13fa721a35a23992d9edd14cc7465d3752e5978d89c9bc91960
SHA512 eda2cf25132359899806296aefd0af98ab406ede587a582d701a5f8584e0e0dbddd60ef0225a59b0669965afec97709c38e20e8a3470c26b4dee35205c1eb01e

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dx11_42_x64.cab

MD5 4196833920bc3bf77ffb56e3693e4160
SHA1 fcfa14f51cd79582c64f7956a5781622b682b1b7
SHA256 f2f4753e201d6e7f40f4011cc4b4fa95f4519da0481d98cb24dbb6679518ca93
SHA512 242b19b6f8132577e9a7c7247dc714a95c7a4b81416b79dbcaabcfe14c03405b965d0ac751193947af64356f34bbbb25acc021b0bc7e452e35340058f169989d

C:\Windows\SysWOW64\directx\websetup\Aug2009_d3dcsx_42_x64.cab

MD5 8182931eb4eae0ed69b183c49f7fbbbc
SHA1 91630f1e8e48883c4398b85451f1b0e6a8445d6e
SHA256 23d902f8b95dbd5ac925e7d1bd4952eeac762e11e209be973fd438396a1e6e50
SHA512 1bbd9da1aa2e3d956a79cff74ed8b6ce958b1f40103824328157ba87ff6c7c375c4d1c790c8c079658fb67ab01e1349ae29395480ea8e6308cfe714a742b56c6

C:\Windows\SysWOW64\directx\websetup\Aug2009_D3DCompiler_42_x64.cab

MD5 2e09221105524389268d24f0b1fd4861
SHA1 6efcdf3e9a018a3af6b1ebeeb3030552905cf44b
SHA256 ac103963d4ab1846c4a6d5bc042ed2fa543f88424e37e05af5165ee62989b503
SHA512 9b4d319c9c575b59c4000adda1d6075efe197179ea0d4442cb06b42569a4e5e3d437dda73cde7b5991ac7b76ad02fcd00dd7d048fef6eb51e93f5012dc67f21a

C:\Windows\SysWOW64\directx\websetup\Aug2009_xact_x86.cab

MD5 234963b689c5fd79cf71a3f555b2b418
SHA1 e9a4a8118da844571beee04a8e79675729396c15
SHA256 1520e988f112dde8ea11794e4b6dc9bc6ccb2ae7e0be7342d4696b719e5a86d0
SHA512 dd00fb9da7f14daaf3ff535e4ef31c1eb35757836242b8b1f491e4061128781b59c117aee0ad7789d90852babc459ea5614ed5fe4263a8d7219e045b0a5a80bb

C:\Windows\SysWOW64\directx\websetup\Aug2009_xact_x64.cab

MD5 503d5dcdc151739cce29b6bc144413bc
SHA1 2fe0261a0e81da501448861d710bae9627ff658d
SHA256 34d922a89d6b354572c17b890b0efc21bea237b94859010278fc1a4435ae7724
SHA512 fc7d8896ce2710a6189a812bb57b80b74489a9311610eece7db32ec0f830525e9c73e10755031ac3bbe8649344f02c44df2450e5b6e98b17c706e4755fbce0ff

C:\Windows\SysWOW64\directx\websetup\Aug2009_xaudio_x86.cab

MD5 2136cdc81fb2badbabb1ca9da463034a
SHA1 7a2d39f51d390fa28d627ab349523eda6bb9304d
SHA256 68785e0781b43c34cb184ae167363c23d5b9d18ddaf8474a5f1d6b90a939e8b7
SHA512 82a600478e77ee623552ec7be8cd63f85a0028d552cb3764b0e36400020746e2503c505aa31f9b3569c65ca56e34a900913f712a4a9f60471ca4126e3e582de6

C:\Windows\SysWOW64\directx\websetup\Aug2009_xaudio_x64.cab

MD5 3f50dca229c21b19c6ff1da50f9b7022
SHA1 c9db30c33c27923da5303cfb6fdffc0642af7315
SHA256 348bcd596d4b3f1e10059a0ce3c4383d383c4964c00a77ae7281e3472f6b8b25
SHA512 c7d322d0f8d14a3fb65578dcf84c31f6f57d674e315d0f5bd9c4c2b9f05c006febca671d486cc6da5ffee5af46a45ca967446820860609d62ac9414f633e36b3

C:\Windows\SysWOW64\directx\websetup\Feb2010_x3daudio_x86.cab

MD5 c0f5452d6ca76e8cc63ed7e6b6fe75fb
SHA1 05a175375eae4953bc2aa5b6777fbad268d7b7fe
SHA256 3cdd51afca42c61a7fcf0e7348ee4f2095d1bb9deba31f7c09f5694a028b0d35
SHA512 bf75bd537f253c2a989416bbb0cf68e530c8e9acee0de0cabb245a4ba06d827b7eb35e940472a6c9096112be58fd96c50ad398ea14acad0739c154cfbe405aca

C:\Windows\msdownld.tmp\AS5BD0EF.tmp\Feb2010_x3daudio_x64.cab

MD5 f0ed6ef41acf1e74ff9bdfc16aa8cd02
SHA1 8f888a9ef499ef705a512352ea976eb7168d6860
SHA256 a46a4b55659921966428301c02409c32a642ff7699419f71ce8775944117ec41
SHA512 577373645ac7c617d6cd98e92fa52379d1b098232c0d563d31bb0171379d04d5f43aa8142a95943c8ae702b82e94a1f46f8516f1cddf53d8d63a2474f8643421

C:\Windows\SysWOW64\directx\websetup\Feb2010_xact_x86.cab

MD5 022f58555cb11343e2bf69562eeaaac1
SHA1 1cef7f8e152b72c3d8892702e9c6cdef6bf7d8ad
SHA256 d5a7cb9a858e3dc2fa875c8aa915b6999137b616327aa79d382379a1ce3974b5
SHA512 7308bb60c33bf063ca1e13fdae7aee032d4725e967149ad8db8bf3935b1c5cee8937dd8772702413e0d4b440110ea2af4bf58ff0bae89b9b6eecbba9702665b7

C:\Windows\SysWOW64\directx\websetup\Feb2010_xact_x64.cab

MD5 16384557c085f2268ee68a6f200060a0
SHA1 68493582ea6e17342227f326a2aebe3830b7d0db
SHA256 dc678bde00cc64b91d29c5d98be82b19de00518d1706643e8eb8ddd4ec577327
SHA512 d0ee2f2836fa5804f8c5d817f2c51dfb2b63d1f2c14516f467b757445e08f346596a9861e86873fb9c78556390a3c60862dc8bffeca0b1cba92a8df061f206a1

C:\Windows\SysWOW64\directx\websetup\Feb2010_xaudio_x86.cab

MD5 1a65ed07a006532b97beca96bfaeda85
SHA1 66bafce1212a29513f26d7bf8d1b80c96238facd
SHA256 738f0ca04f3f568eb5c1a4d8f1af30e4930e4f7950e96776a5b8adea16efc8f1
SHA512 a8082022c5a7b2cc0a3f8bacd3bc85d1788ddd3f4abdafe2b83497d4e1fcc9bf574ad86592d850ffdae85f45d445d0f11e89c219107ac7ec6e7ecfdfb69ed9c7

C:\Windows\SysWOW64\directx\websetup\Feb2010_xaudio_x64.cab

MD5 c501686b2ae5f884c3cfcf67c300fdac
SHA1 1817a5dde8fda83dcc6075836146eb17621e229b
SHA256 b99380971dccf9500604a39bcdf5db6f5d96b14519ec0bd575587638a0238099
SHA512 e41b18c0c1b69d89d5f64e1cc4dc815faa7234e13fc63f46ee0913e1eb99fa0ce585cfe94d5bf124246692e04c580716f334700f4aec3eee7aef77d8c2b53cce

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx9_43_x64.cab

MD5 4ebfa56903a486e4ff5c0ed4c57ff8bb
SHA1 ea0edf56084d4a7011953fc34ef4ae5e0004f753
SHA256 810a07865b7fcaf0d7abebc86682479a05bccba71c69aa2d4ecbec3c88c8270e
SHA512 be06091faff54db09aff6c034addbb1a143de17d05f4ee9239509a108dce5f479cec2789fd27c2ea3fb66ae47de12631dd4f4599cce80368020e620c1a6a0a35

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx10_43_x64.cab

MD5 15e92aada1119117964d28291f8adba9
SHA1 a4bcfd73e2d1adeacda9046cbf44c9fd21b3e075
SHA256 c689eea749f1ad76a162d1c6dff31dd92d0ebf85f5b539c4c953d55bbb921b57
SHA512 d0653f6aa90f9389a3ffec1bfca92b3ef22e0a2c7892dec2d156da3e2d757a26cd39a00ca47e3a4e153460599e48657f5dc96c8aa9f7c2509db0ba1ab0ae5ec5

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dx11_43_x64.cab

MD5 1c119486920ae4e41cd2c328777509e3
SHA1 a89e8cb197576d78c6d1d2e45d671d7e187efc74
SHA256 37ae82574cbbfe2cae6019a168a6d1bde38f88f8e51f13335001943980a665e1
SHA512 d81c623005db87ed057aba3fa807ef3b4534ecb8473e9a3283457543590d6d73b9a9deca333e312a2616f74f1bd407de9ada7bd1c52126e04c56fdea78119bec

C:\Windows\SysWOW64\directx\websetup\Jun2010_d3dcsx_43_x64.cab

MD5 89111c646b93b8ebcb306f0f743b2d7e
SHA1 f9e83beac4d9665eaf54c6578147a6ad539d463f
SHA256 ca1b0022af12f048586761439e152d1157eddb7153c031e075ab8d946173d31e
SHA512 3e79235d4c73d26506c3d537491987c06c184f0bb2eb7f40babdc70682215393f6e9ef49deb57c83d7d29ff15740b472a59a7320b5d006a0f094614396b06be0

C:\Windows\SysWOW64\directx\websetup\Jun2010_D3DCompiler_43_x64.cab

MD5 b6c9433b3ae42a99b0ca86700b265d9d
SHA1 595ef071c6798b31be6db2c721ca8a1fc51c8210
SHA256 9b56aba20f49739cde64f07ec317b6e20b0713fb9ae697318d811a0f103a6dbb
SHA512 04dbf5a877ae71f0b96680b34946f64a5477d1a23669eb89f4b2746084784efc0bd78db548671cb2eb8d3701570478a07485874b2d293351ae2bc1c6c2845630

C:\Windows\msdownld.tmp\AS5BE707.tmp\Jun2010_xact_x86.cab

MD5 3188814f4f1b69543688a55af1ffe23b
SHA1 57108fe718c3fbc3ab17b849d72dcb03315a1068
SHA256 fb320286968952ae93c7cdb4078bd99e689a0946157574760b844f7bf39c7ea0
SHA512 dcad3777a739bfeddef3bf7c87db289c88b9a5dc0d9e196acd2ab0d3c685cf14d361cd539ff07b0f23ad36b2bd4163c9c8475e014e22da272de78bcba8ca7793

C:\Windows\SysWOW64\directx\websetup\Jun2010_xact_x64.cab

MD5 79ed229e336b3c13524d5769e95fa97d
SHA1 1407132b85923d199509c700806c705af3a67727
SHA256 3e8fcc374e84e1170067a057acfa3b5464220d6bf5324566a05242e8208799b2
SHA512 676472162b9d54e9cbf23c853236f10009e5646be45f97be5d08dae7e5f87a947dbcc9d63cfff5b7d739ab9131ea6e3b9a499cfd813c678c9a4c5dd6eb338907

C:\Windows\SysWOW64\directx\websetup\Jun2010_xaudio_x86.cab

MD5 11e2b64c1e1c07f5843adde7e247c8ed
SHA1 ead54df66fbf52fc503b2d364da64a7de4f19fc7
SHA256 c364833271396d78811a9a3388341cb9e1cf5e6e0fe2d7986cb4dd2f931a0dae
SHA512 e3a988dd221599678a7b691f2b0b5eae5e8fdcb5352c7e9c38868c2cfc0fe9417a5954d3e8240157c5d9753d55f540c25ee1944c9ff3f2ff14df5d7051a79991

C:\Windows\SysWOW64\directx\websetup\Jun2010_xaudio_x64.cab

MD5 461c07c13afd70954f34d55986a0515d
SHA1 d74a8f99e72d182c21a30e4cdcf9f7ca39dcea54
SHA256 7cce405577fae04e58fe31a099febba96d3ea7cb94ed2184b6bfba32d9f20acc
SHA512 aef4b8bdd17af066f5680485cc45266859f802f2a79178472f5c00b9146ab52f8e04d36a973ef8ff45eee29940fe072180d4e7e0e89366fa2e8aba8bcdb890f6

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2902.0_x86.cab

MD5 74a550d8ca43f210e526bb000af42303
SHA1 ca3dc6136846ad196939cf71ccc04be6b108bff7
SHA256 afa44ed18e3217892499062db4337b94025726df991a0bd4dcc3a9f8c27c41b9
SHA512 58757d831931daba43ceffd512d47e29bdb91cb7b1505d69079a14f911e149d718e1566323b9bb1d0292333c76603e7634da5798307b6dd6c97f885ce25c87fa

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2903.0_x86.cab

MD5 6df41acd290de624df34e57569225f7b
SHA1 b33a256ceec451e467dc2aa2339a3736915ade25
SHA256 84e240f8813bacb2fe0f20081ca20cd0fed4b9e10c96aded8516b25375c407aa
SHA512 0b2647e0f6ddd936023d70f4a6c3f69275ef65433dd45cb47293a933f2d7b2d0d0385f80c8cb8be8538c4d4420d2da17484dfa056fc7dfddf1ca974b4698954e

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2904.0_x86.cab

MD5 0ee4994d37940795f01cd2be93b7d847
SHA1 082f6aa6d9d92cc23ac1ca858244a101dd8f5dbe
SHA256 cadffad57691af14fdc0f41250e644257a3068da134a5922f343f2e69b1b5441
SHA512 ee23312d54c0d0140f80317fd0cea299a362d8cd1463cfd79a9062eff2305ea188cae4f83f3cf2c301e6d82d29820fec726844971e286ddf729df9a17afaa167

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2905.0_x86.cab

MD5 70a647ca8587b3be1d2209c998b86b50
SHA1 5850552af0aad715c2406a3f50d7c6af1595444b
SHA256 f10aee00b78b734acb3bfdd81ce0ac22648376486d0c308f9975b05181ecbe13
SHA512 470c027ed3113af38c5f3c4fd3348d3cc8affac081dfe3b7fdbd1787da3bf78489e5379d8f306d917586ef8810b31a7f303125c94739f6dba15e3ac4745d996d

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2906.0_x86.cab

MD5 d7bf6789f6c6dce7ec335f842e91c9c8
SHA1 c0297ea86238a166da27b9428dc891256b52b364
SHA256 bcfd420ecb20116a78b54678cbb04204e76368809aee1e1bb36810a4d433de2f
SHA512 b07bf7444afebd52a11f64c57d76cab8976a222d8f9fa0e78e1dcd7bd2c126dc28d7df7b778f10bb8f69dd7b7163c76e5f7edb260e31ef66c458f4fd72899b36

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2907.0_x86.cab

MD5 d82fa9747fd442d8cca1cc35b97440b2
SHA1 a3e2ab8588a1bdf435e786c000c38144adbca457
SHA256 b185fce1d25a4411c1a2f53ec1e4232de9a3078d7db7aa469d53c5fb041f792e
SHA512 234e7a4dad6e9f83ffec2c769e775b18783b6a03e50d7e8186fb7fe01747fbb5ac46cff6f8437ca932f037da6c565f4faca694da4580f2876e31c252fafb55f7

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2908.0_x86.cab

MD5 3bb868c2953151575cb8833fcda21fc3
SHA1 403c8a2123f59d2a3abeef22630cd6f62cfc1d92
SHA256 fd1c15037800a0a689126b09f29a6329452cbaf42508242d9cc185f557f04954
SHA512 33021b90441bea79525dcbad841164d1b8568907edc5c27c0374c7cbe93bc381d93081f8f7b20f14aefec3b59153dcc9b2fa44c80b1ef7fcda0f8a6038ac24cc

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2909.0_x86.cab

MD5 3f8bf012bf573f071e98df62843ece92
SHA1 b6004908bb160643899b04b6edac9fdc7e3d86fa
SHA256 1e9c063428322da24df17c5d49c63a53e0f0751d26f741d90216b9c4ff1a9136
SHA512 dcea9b2fd7379f8a0d7eafeea4340f3ab7d71069ff843550e2c7a2ea21e1fba7a779a5352bd5758bc88eb8dbde0ec1d1f3e8164b1766e1a47f676a44c36c30ce

C:\Windows\SysWOW64\directx\websetup\MDX_1.0.2910.0_x86.cab

MD5 4ef2b868739e09e4020f2f0b0ded4a46
SHA1 39d201d0666cabadc0dbb81ee2bc691b9be10191
SHA256 1829a24a8ed3a2496ce92aa0c5142d8f512b11cdf23eda5e579edb5b11e2b589
SHA512 3a2f894854f9932840c7c7341f2e1882102e4f12dfd45f36deecff520da6d3237d9ea3867041f53037c808789e6bc57e7ba067d9c8f621350396126032c5223e

C:\Windows\SysWOW64\directx\websetup\Apr2006_MDX1_x86.cab

MD5 c0fb3fbba00268b9992fd0bf2e2d2efd
SHA1 fa6ba1c5e193353f01b816fe782ed296ae7814dc
SHA256 90e08fc3b98267756c6017f4d37b157eba3586c262474d1556b21d9c35d84da2
SHA512 00d23eb3c3312170e4a6a2992721255e307085f6f128cd3203d6e9b16eec7f0ec54b8a3fc09a5be51da2225b55fd89b13c278e25853771e414d0a5a93e3a3b0f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dxupdate.inf

MD5 e6a74342f328afa559d5b0544e113571
SHA1 a08b053dfd061391942d359c70f9dd406a968b7d
SHA256 93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca
SHA512 1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\mdx_1.0.2902.0_x86.inf

MD5 81700fd8d24ccd5ed83ce202dadcc625
SHA1 380473dc3560cc64fd0beca96674554d87085c28
SHA256 3bd14cf2a96544ece692e1911500f7196370a111017fb6b0e23db0f0d0f40dfa
SHA512 8ee1bd03fcd6125d22d1d35437537f594a84e67573ac72d440d45d419b88f5d3d1f5fcd8804e1a0b873714c1a71c63a488b8068f0c465e94940ea6e2db1c7860

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2005_d3dx9_25_x64.inf

MD5 f052926f0715b88b23ad52855b34df46
SHA1 c411b1ddee73a4b317d652bc3ec159ed58efffa8
SHA256 3d97810d00ceb3e7674a2ef81427d4180f77f93f9454837c5933fbc6a1ad5c1d
SHA512 8fad81eeb503d81b96c098190b5c4155f4bfe1cf2f36fdb5834a176c7c78d11b52efb6b3ba6f3168d7a21a1fc5e53fec770d125feaecd7d1cfad9cb1106d0b94

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2005_d3dx9_25_x86.inf

MD5 bae5034d79a545ce120f2c336de0f68a
SHA1 7276af2015696d5041214fa92eff4375b3d8b183
SHA256 f484ef48e0c6e2be8207d8c8c7308dd966d52bea1fde221b927d3e49f1cab0b7
SHA512 be58875949d23732ff63a6f505b242a44811cb9603a9863d6a78a4c9193b6336b89ec9a82666865888590a7b81ad99d466a3847e7c22d0de399d476364280a22

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2005_d3dx9_26_x86.inf

MD5 62f8ec9c0d3bd54ace90cb15f5caa208
SHA1 e84f4a60c79f862aca0f917d1d30898af4036fad
SHA256 262ed4a65dd45e19f196cb2d9946326693ee31a86b51bf77116dec2727971cb6
SHA512 3de4ad76b207c2a0ecc10835cb787d61faa02e3531f6242a606ac0686cbfa156f59c30695effe5560d9a8481800b356873b7590beb8a739b33c0b1fcccea3fab

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2005_d3dx9_26_x64.inf

MD5 134624a22aefee1fad4eb11445b8d342
SHA1 3f0f65ab8be678250660ba47f33f229643c118b1
SHA256 addafcf0cfd36587c12eb2692922f0fb134874d11005a0544cc054546a493933
SHA512 24bfc2d96b3078f82ba031045271460295f3a1e6dd3c8c30d8d50c98daa9051aeca93ed8ecae8722b70083d3b0ba41735f81068e7514e81767e1e119e45ad6f3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2005_d3dx9_27_x64.inf

MD5 7cfa60cdb7e697b40a268eb8814446e5
SHA1 e8e77082361d5a5ebf6163cf880f9700cff5741b
SHA256 0a8ffec8d7ef3a0aa005f604a045dcf80cf5b6473b4f26e30c58eee23e253fae
SHA512 77aaea559ef94d405194351b52643512a71990833dac22a331d5b78d569263db11bf969e26224ba8a362bf538782010ca074286ea605490d40c10f7d2d53d255

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2005_d3dx9_28_x86.inf

MD5 e0b6120a048295ebbc629a9f8fbe53ad
SHA1 3d9cbcbdafc1f9058af74896a5859591e164555c
SHA256 d4d03c4ab3c8486d6331548e967ee17e011fdac90f63c0a9a44a744815a7da7a
SHA512 66c0b9501bb08d41bb708d0a724fe6ac27abaf735ca224074e594cde932ad1f9eb9db5defba8a8a71a0a12904f20324ee4d129a1ac9fcf816fe74d648379908c

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2005_d3dx9_27_x86.inf

MD5 e45a175750a672cbb2553087a8c5cf8a
SHA1 70d487f99e101bf39650594c27674313181a8ff6
SHA256 d02232a6587c460c026601517178318bab2ac29c59d269c6e3d1a3a993a9a1c4
SHA512 199882ada178e41be14af82001829d009379445028d3803d2a86eef899c01600cf2aa86123311b728e888498674379a35d40ed0964c2f88da24758fe3c7093d2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\feb2006_d3dx9_29_x86.inf

MD5 f4c258b663ebf54c55d7d09b05b26ff6
SHA1 85af1252cf3d9ae7afcf8d576cdc17910203ad03
SHA256 f12f4bd86d5cd748b0fcf7106e9dff333c27c0886541339ba1f40c443bdc61cd
SHA512 cbd491fd8e847a4659758bfe0f5a4b56c97e539e3b3aa7ca601c329d858c882cceefb9ee8341d794235b7c2403a090f45a0ba8f2f44de3e3b1685d027d8bd19f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2005_d3dx9_28_x64.inf

MD5 9a3ccc90b71d554e968eca0a812bf0b3
SHA1 0ed1ca28d7f6c8b4e017cd48b8504340cb4d736e
SHA256 510b6d528be3f2997b8bd811486dc3c13eb27a9de22d1bf030e6db0e632cca4d
SHA512 0f10d2ec9f72651927599b69dc3f4e037febfb9c2a18e02eaa49962903c1cf77b63ae6335c06effdfac26b87418ef2c7a2d53dd799a28d275632d8255ffa8be4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\feb2006_d3dx9_29_x64.inf

MD5 0d951a2eda3638d4c976a5ffc1a9f8db
SHA1 fca89fa6bc6d4c25758b7baaff9136c3d73140ff
SHA256 ef36ece1a6bd8af3b0b9247b081d28ed511b7e18c43eb3aff364c9ce8d3a06c3
SHA512 89e960fbf9421a208476f7f65acf8047d231f3d6fd87fb31b01185ce88f5ebb1fa7513224124889082f41f1dcd579cc8bbb638f1af73081b4630fb07934dbb80

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\feb2006_xact_x86.inf

MD5 9dda266ba05cd917cca889659e3b98c8
SHA1 2a2ba2ccb3c9d87c03198b9ef3b9c6e21d693055
SHA256 45146fd446fc8533dc5f97d88bee9ae220161f24797114d0bf3afc7c479ed69b
SHA512 26fa18c8058397b8b5d89baf1fb9cd689827b48781dbe40ddf884c0a3ff9cf8d8451c6c084a693e4fdf107ad181fcce35a2fcfb371548df948416b5713d8ce38

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\feb2006_xact_x64.inf

MD5 7d46669082d530935e79c74c4fd83bf2
SHA1 194a05e3b019beb07da96c3bef780e6154a78b9d
SHA256 b7ca1a4942057592c5b83b4425350da41c61779dcae608112141d727091842d4
SHA512 590a9628fb90d4140d6f96238caac46f8ab23a59e3a9d94a28d1638006085efdbfad259b9633e4a56585f6cc10119d67abf3fa873a426a1946af589c17f84fa1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2006_d3dx9_30_x86.inf

MD5 a49046c25439fa900b1d1bf826506ce3
SHA1 deb71dad1d55dc5af2f80a1c3010c0d899bec187
SHA256 373cca07c0ceffa72901441219a4457de9ff110aededae5e4818588da39cd344
SHA512 d3e04f2e7b358faaefdd683e7ede8a41c2f65b7c8072754b03b2a5de416651f92712fa7d9bc6027d7326dc5bd8a497161685c04cbb7bb36a384aeee8dd77b086

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2006_d3dx9_30_x64.inf

MD5 5d684b07779ae5b421e23167e2b9b44a
SHA1 1e3570908b810cc799f047221351cac7a3583787
SHA256 b70b8f62a2459580d22999301f1823bcb8a9bef54bd33b38e0af274a3a12e010
SHA512 6688f5a9952b36a0a83e806c9be99d9ffe9ba4982b76a9c7e8cef5f824c17ffe9e5ad9ef4e4974c6e2a9cb37e8c05584d8d83033182d1c5d00a786bd2b693e23

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2006_mdx1_x86.inf

MD5 2ca62bfeb43facdd1fc06f20fb20397b
SHA1 ffbb8f6a8a11f949ca180a7e73279c4b775bbbb4
SHA256 2546a1875bf868edc621a1cd0ee262151faa08762bcced0117e1304eace0c04d
SHA512 3d16b07bbfd172dfa979dfcf4384baff35538de371dfd0b266e5110772f0751f9e5274fa92b06d1f289f8aaa585ca1fe382f8469561e74e343f37e8a05f85dbb

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2006_xinput_x86.inf

MD5 53294b978995caafcb6a9ac8f67b8580
SHA1 c165d2c615261f135f60442ad0a6e589d681a850
SHA256 b604779115d32d439f77b33257c96f928ec4ce564189f7d0d357099c1da140c4
SHA512 a3da7e02ecfadb181ed13855b093908fca0aae2ee75e6bc4f873fe69a34cdc08f3bf504aac2ea98f9573437d2ff000e43ae8450c87036ead48e6c2b80ec523ed

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2006_xact_x64.inf

MD5 09c9b7346b65f5ba209934f16e711c8a
SHA1 9d6cf0fe295475c438fce214d9d24d5579f2f29e
SHA256 d9c3216ada5dd7791ca852a8ea97765f94a7b56fed27b20916b5067eb82b14d0
SHA512 26b84a457b5bd17a5deba56926af156a2144213a2b75fb015641a7817fd2307cfb439ca22ec0bb584dd21f8f9e4c7b3cc749a350b26cfcd0257f5fbda23fd9c6

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2006_xact_x86.inf

MD5 f67df97463d42bedc122fbedc37096c4
SHA1 42cde962b355cb3c6a7a7a88c8dc315f811a7494
SHA256 037db252501fd0e30303c11706d804d9eabbf319d0b4e88181ef8f297b4fef8e
SHA512 93815abbd6b6666438adb146bff476aa2728aa7475178259fea623dbfdae819bcf1accddddb7695ef23bb2913d234264ad2ec826bda6eae5d99459798b032144

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2006_xinput_x64.inf

MD5 019f21ca754cc2e21d97c3a2a97d5ef6
SHA1 54d97b4018e0cd04c63f1221cd8da7a0990a2cb0
SHA256 f9d01e93e547045e1d232242c900530dfdfa54698586c7049281965e3bd01ca2
SHA512 0c0ef6a8bbc05eb81cdba8aa2c3f4a0d39f4859b6de495c79f813894253ad1ddca4851841064cadfb1901ea1f056c68560aae1e68bd12c590a143a6b7f0b16f6

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2006_xact_x86.inf

MD5 fa59f92f7d32613a12189e75eaa700dd
SHA1 f2c3947427e7eca9fd1ad53427d1dec28a5f0f55
SHA256 6bdce6f6779712e38c6d9e6e5961217e417254089f096c719f25566e952cb257
SHA512 e8dcbd918cdd7d98a94d53413088e2f75e4d1a15d4f69b6927f3cf19760d9f2fc577659fd533b2e4e2997aa29f285b0fbb35830331997549e429dbdcc7ae9853

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2006_xact_x64.inf

MD5 a983924d66305104b4e21a551dc66448
SHA1 23deca69eea790ae7afc30cffa55e87ac8520cdf
SHA256 fe9caa55be17684622fd7339b1b96e1f0d107dc33c065706d24a435d523c6e12
SHA512 83c2117df0fc37979ccca7d861598a8a127d135456f72597366ac65276906435ab99fa353f246f9f61634fe96f8376d38253300f177d5cedac194cc92407f3d9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2006_xinput_x86.inf

MD5 f87111f61ac57d80199cead8e63ec45a
SHA1 4a525a78a90fa87290f60f0598fe285f9f46c90a
SHA256 cc66d67daa1f4c31ff5e59c2606c3930f72204a5057c29b9d58dde37a47b1cb7
SHA512 ddb1b7259aeec662fa271f6a6d271e9d48c4b8ce4d47d452dc2ab15611421baa13cec0024e668309b7444b31fa5b24f41b032796c81a36e94d7e577d9c516712

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2006_xinput_x64.inf

MD5 90d7a7386af9b951f939d869567894d1
SHA1 ef70a6efb5f7b32193bdec6c5ff13a4abeb4f00c
SHA256 35f25b9538e55172cf36729519581444e26b38a9dae5cccc4ad75dfa34ea08e7
SHA512 10920d0116aab01eb1130eb91b26bd91d4b3ff8e09a77db5b79f88c94c463389548c2b3ce494162d4b2c3fda903eae6c2d87492475c56fc901c37fc8306555ce

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2006_xact_x86.inf

MD5 ddb0d03b1d4a6ce09da5cbc61f5525c0
SHA1 ba5e1361e394301d5b9d9a4aec68ae21f19c70a5
SHA256 34e7227e03812fce5415b0a4c3d15a9e9b259350ac9873db2a98b2ea76ae2284
SHA512 2160652a7f8adfc346e0af6f822875c34d2d13f168b9895b063925979d4fcf33a7da777ce7d43c9ef2b23186ac00378e8c2d4ee115bb2ff794e863e8b6feec5e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2006_xact_x64.inf

MD5 d40e6c659cb7a757d8e751b050495927
SHA1 a9c515d786bc8f5c739fcf5ac1b6e15365f9e14e
SHA256 6fe310a67227203bbca3389dfe3403fa268cb424f4b525cca2d5407ed26670a5
SHA512 fb58acb95f1914da3c650168ed50fb6f75df68773daa8e8389db9c7c7c4d0e8bf93e46458fb76de676acc65132d781a7624f67289860a19e03520ecdbdb66896

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\oct2006_d3dx9_31_x86.inf

MD5 8f7aa1f0f2389f3cac574652f5d6672d
SHA1 921f2161cf46c6314a330ff52c83f8a3f1058f0d
SHA256 a1c61096019a6ae1a9f31e3fe67aa2bb7e9e451967959d7088344f3f20ab572e
SHA512 a85c03ccaa27adf3c75287529f18e84f526cf91785e0f4281db0eb86feba78522603e21def19bd2a33e03ceaedd9109b8af1dbda4a3fe93fe6eb95366b6df747

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\oct2006_xact_x64.inf

MD5 535ca39d61f752c3f1ba4956871fa27e
SHA1 4941efb676adedb9a46d7cc7415d8af03957b3fc
SHA256 4c388e9eaf3c39e75d003a58020e491b675b3a6054c702062a9c90e86f691d96
SHA512 f203958ca9c7d37daccd342a4deb125b60ef839b5b674a2a0220d7f0d770d5cfcd5c1f691470200bb4d8711f2f6a77d8b968e17020dbcec8c40b127a09f5f9de

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\oct2006_xact_x86.inf

MD5 6181c4b93bad5332b34180ac0bae5077
SHA1 259c8de2dff2a5dd8d4971fa1ab3fb0d193ae90b
SHA256 66998b21cbe6f05b12cdb4bb45549dcb1b4a92f8a1b910334150a8d767fa39e9
SHA512 8508ebc77b667907c5c2f587131f24cb25c5a67ab2f7d8b94216931457f486b37b9701397ed6ef527c9c6786f82a938a52d2b6cb0afddeff4101cb100e3ceca8

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\oct2006_d3dx9_31_x64.inf

MD5 e2a0e651573cffbf81578b864b50cfe7
SHA1 1c739f17f63ce7c5ba00638259628f7fc919cf74
SHA256 c031987e68e476365cd885e41a072f85fdfc9e480c93871d024a5ccf26d17118
SHA512 abfc6452d055bf6a3fadafb9562352bda90ee0edae5a0fec798951ef9d39701835212533a60eaab67c5c0fcf01ccb9115fcea3779b024ee1e11f217cb676e7f0

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2006_d3dx9_32_x86.inf

MD5 c28f4fd1644e2a20b1c897438e197e1a
SHA1 5178534444ed7dec8c63f02defe7bdb864c47123
SHA256 ef09d783bf5cff2cfba99946e5e71fda577b196a49c88bed1c51b5fd29cecf94
SHA512 7cf93260efb1d794a17ba25b1fa02ba03b0ceeed8131d274b805155072a9a2b92a899471a8b23add8bf46c6a5a3cda63499043eaa754001bb43cafd882c8e708

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2006_d3dx9_32_x64.inf

MD5 39929631df326b944470256c4f9cbbf3
SHA1 932de27abf59c889c02ed747f0ac04f5e494492a
SHA256 ff00313af4a90f426492d72969f5efc6c56a17f2dd91f20cb5c0a38d9f1f2b6b
SHA512 8dd2755a2b2fb90c6880cbbde65d127f55d12df2bab4560ddf86d6793b2cd4733929d97efef5fd8eeb417731a571888c893188df0361ee57eb4437fab331cb13

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2006_d3dx10_00_x64.inf

MD5 eec826f7141bedeeef38c5a3528b5034
SHA1 529081aedecb7b9fbc7d9707eeb6415f98bc128e
SHA256 2a43ac72ab9a6f4771c02b6e10884921b733b86dbd7ebdfc5502d011cd5c8d05
SHA512 62cbe09326cd04c891faa124c65554fd631382a2e078c70ef72a1a07d57239b3ce599b57be3fccc755075174df1d63ac3597dfb3aef9b4ea34ba4597d804d2c4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2006_xact_x86.inf

MD5 211700aaa53bda6894be85df3dbdc792
SHA1 4874325e984b4f0d884cc732da474b3bb59d3848
SHA256 4c0a40094228a51f567bec65c2cdf289d268812c1af579e3c6b76cd3adb77e12
SHA512 8f51d965cd1ee20cac11256afc5e422d94d43435729d653b25c5347e108fa50e59c3bba18fbd7fe4e2a1a6bd54da1622b80e029a5914e973f3faf5884a262baa

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2006_xact_x64.inf

MD5 ca414f7196d9b2a7a9d4057ca0714fac
SHA1 7eae4a5bfcd42915adeff5377036ecb4bd656999
SHA256 f2f2040b8d13705f00d8e20a53f22093aa0f8c8d6aa6224992ba727ace7b75f6
SHA512 1efb725a49a8ea7125074436bfe988af360b1ac22629d34a754cabaf3c151855d08e826a0e244cdf9b624b531de14d23f32c1c16c82f6832c8604cbf52882e11

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\dec2006_d3dx10_00_x86.inf

MD5 1b702c5bdf738a8abf4a3108097a6b7c
SHA1 c1d9c9d5e07117f273064bec36ac92b5ed624d38
SHA256 33291a47388edecc059f1825c1979142d7a9cd4a850716f9dce687deba1fa750
SHA512 498483dc823e76316e977dcaf7fbc557c3e60c67129a678701d5168105edc97f97479107330d5eb3989dc179273cc9b74d055827f036f2f3551a0a3d398f04f4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\feb2007_xact_x64.inf

MD5 42161a1071084cb4f32b0d7d748d9b62
SHA1 e7e29605c21b7a2c370dcf979a40c50b93ceb298
SHA256 184c1684c57de07983edaaa1ae2751b263497673ee8418af023a63fa03553f53
SHA512 2aa8e864dc28ee5d0583d044e3d8a9399d8d49b9fb1c522c1c640eb7b079515ffb0bac5280a220c23e15ea4c7ad45c7f1722e05e9f9baa069f4a2670e4976358

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\feb2007_xact_x86.inf

MD5 5f1df74b0110f56ae0b6556dd2dbc14c
SHA1 c8c7d383f5e37c06015e1304b599568999bd4e09
SHA256 64b6020f43bbab7f7c2368fcfe7224165fef555b2bef813aa13b2d9f6295d46c
SHA512 06572fbaa625c85b05f5f4eaf880083607b6d010a8d4bfdb28cfbb1021b08e533f3491080faecb24055acb897b337d83caf9306fadebc1f1353763e8908850a5

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_d3dx9_33_x86.inf

MD5 044cae9c30c88bda73727243f5e5206d
SHA1 de744e349cf4ea458b10657d510966d21ad08d67
SHA256 349a09a2791d697bffffc61410a536cdcf258f0d7c86dda44a297e8aec4bdf00
SHA512 18e501142004afbcd28b41bdd3a9b19e2eebc047d7858ee11a9135f19759cfd8c643ff074a51e937bbcab7162888fd95effc146be21fe63dfc300ef03ed44056

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_d3dx10_33_x86.inf

MD5 fda5776cc944ebf6d84fb45c8a1a35f5
SHA1 f3b603dcdcfd6a310c2b0945f1a3b97276041ecf
SHA256 3286ba521fda888b1808f12955a58d7da4df7d2fdb472c7837a1e0e1a6317a06
SHA512 b051b04ce06ad21d08ace3a28d490214556f4b5be060ee05f8a4ff872d1cc72df05624021a9a0cc1efa4e63772f55cc61f11edf03537831a44ddd6ab409e83b1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_xact_x86.inf

MD5 99f23af200574f24c4c5d9ee12fd2cb8
SHA1 f0e50816ed808748f9379733921c9302551cd937
SHA256 008db10780aa8fb6f20b7aa5f5d513ca77efb36c8dddfb9ad89173ecaf700af5
SHA512 5e97d157ed8ad10f9cbb9490a16141fa52b2f32e09edc7e7f5e4b2d9c9bf38bbb85706d76543ca4ffe9b54d5fbc4b763b7df0893f1e7e56ae4c8ac1a720dbaf2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_d3dx10_33_x64.inf

MD5 00ad98b94609033c2819745587b0eed5
SHA1 2a07dda60a97dc2b4a7cf3cfc6245e72cea0efb0
SHA256 3e61c4d723d282c36c5493d82644ea96715b7b548e50494d22b4a83d4e2b8237
SHA512 e7fea5f9186c324423c0b129dc3e8594df49dc84c61400f4635ccf688075b256d7923ca8f4483bf7b2fe43862e71aa134cf2c9545a23c622d0cc04dc7d6dac1b

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_d3dx9_33_x64.inf

MD5 e40a6f3215c3f1397eb18b3388f95032
SHA1 4845590abf12bb5725d94d7aeb953a5686918537
SHA256 2d87efca75d8b9aeab3262841d52a7c56bad34ac6b9691f4df2d89b14c950f8d
SHA512 942f54a3984a29e1973ec096709de890fe870a9dfc84a8c5597244251cbd69f84543cc5cffe620a076d0a16dea6e393c6790553d6d9e2fea1af1c0f00a12140d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_xinput_x86.inf

MD5 e188f534500688cec2e894d3533997b4
SHA1 f073f8515b94cb23b703ab5cdb3a5cfcc10b3333
SHA256 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5
SHA512 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_xact_x64.inf

MD5 dcfa000ba60f73c2c02ab590faa1ae10
SHA1 154b9ff40cd92bfaa572b289662d0305fa2fa017
SHA256 bf6ca1165632efccb0292ae8b739ce68d78ebb95dd39b8e4c1717d78a026db10
SHA512 34f6cf1f3fbbdd79d04dd55315b0074abc21b9c26df6e2fc9d66c6d15f36ad35edea741000a84a25ea9a68a94d46f500398a27c8865a30746574741dffaadabf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\apr2007_xinput_x64.inf

MD5 94563a3b9affb41d2bfd41a94b81e08d
SHA1 17cad981ef428e132aa1d571e0c77091e750e0dd
SHA256 0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8
SHA512 53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2007_d3dx9_34_x86.inf

MD5 b1d65a13b527d75ecdc30cabf407d103
SHA1 db6df8ce6c28cb4a0275aa134c2d42a0ed957fa2
SHA256 a568b7b8a0360ad94b1ed6388eca6ca9d8770937360a426a0fdadef9a4019bba
SHA512 7d80f772b36c408c258f7db1180bc09996620634e6304761f5c10659d0885bb8d0b19bcad50a13a5d99ee92dc8e15587534d966bd32c5a8910308eab623a7f86

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2007_d3dx10_34_x86.inf

MD5 55e30750af2bf57321ad1097a512d725
SHA1 0af3c73afaae0e8a1fdabe25beeb96b32eafb9ad
SHA256 808983dfd3db7c3452589ea4e14ab4af8ef47dbad3b639f9a3c55685c9b73867
SHA512 0ad8b51a550243d3f24ec5934f2b5e53f1d8e0b87997a7cda38840b3160121f1e221e6cb09d3f5b384df74be2ed10d4dd92fb02aff98bd0ededab751ddaa7149

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2007_d3dx9_34_x64.inf

MD5 d203c1993f21a870871ebb0c99de313d
SHA1 e69a5bc70fe66f89fddd81330dc148a1e788a56c
SHA256 77f3fa1756181a90d2ee63c26cddfdaba0d720c9a49121db28746cd02b3e071d
SHA512 e03c341f2d8df6e8174447d32bccb56b096073a35a3d8193860bd4628d812d1fa381bd35a55e17b4f27c5c5fffddb25223d932e995736fc608030501954d45ba

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2007_d3dx10_34_x64.inf

MD5 bf312732fe77f600a36f2a7b98a346dd
SHA1 5e9c70959111dbe60ad86258cb5bb20d0e9caa0b
SHA256 0f75b7ef71e183476ec938705024eb8a10a77d7602a336be876c7f5d17429725
SHA512 10f3d128da5180ecccda522164269e4940b69a7f55af9501de648e572ab5275f02c113be5342969c73e118fb7ec49209883c4a8d6c4648fb898289f77ce7a3d0

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2007_xact_x86.inf

MD5 757a5f0cceaf39b5c7c9bd61650fd12e
SHA1 a7b3dda77f0f2334466d324eefeb3e5f6809d880
SHA256 33b980fb973394d9d8cb4645914d4cf6793bf92bd311e0431ce9cacc59fdcbc5
SHA512 f4f969b017c9233bc4a2267118fe921689b3237d28fc2b251ea3b6227e0b17dee84dfb8df6491928791891dfcd265688069b92d8a88cb9dfdbfff07b24a4dfcf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\jun2007_xact_x64.inf

MD5 c8ca749e73883789faf6561a375d9b51
SHA1 fabee2ac65f1d4267da8df07cd3e4cf4eb19148f
SHA256 405d8cbe3c87b16afac2a9254497412a42de4ae2d8fb470a1234dc3260e0b90f
SHA512 56a0fd5b8f065b82f5f9b73dbcbf912045847180a6614dc48ed7b27fea3909839615aab0c8d0a122d9fca952e9591da5152b4c618e84a2d7aa409dea4fa4237f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2007_d3dx9_35_x86.inf

MD5 815d75e4264b1f9c0bbcc529ee7a290a
SHA1 cc956156066c87ce1bd2b7628453f1824a426412
SHA256 c0d87c1b079b54b75b86939199ca5ee1f796ae3de9c4ed0ae074a4fa01823c73
SHA512 bdaaca529cd52df20cf1e35b45e1824fe48d09442666b18faa3e948937026b09d880a27f1d915816bc6e1d98b0b486d590f867aeaa046317b7f48d6a0f949391

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2007_d3dx10_35_x86.inf

MD5 741a5ce76295b86694cd7540870eeec2
SHA1 2c165af0047c98d2864379ea5fec33bb1507bbf9
SHA256 7987e2c475705bf8f049a15af946ec0cb5ccddf27c0b5c8126694421df601770
SHA512 b7d0a0bdcd060ee263860024abe5b054aeb2c8c8c7ccdff9cfa9886188d7177b1bb8799909b3c95aba181292b5bb9f9426ecab0a6a2689970afca5a1739fc4d3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2007_d3dx9_35_x64.inf

MD5 0b3f4e715a43024fd00f769e62cd8b9d
SHA1 ef6de20d95a920e3b69307737976bb243783160a
SHA256 e34ad9e49f31cb9211e0f350405c344d93fc65075e470c8fe09dd78af68f2c80
SHA512 336df101ab341c5f22d516089fd31fd9f0541a01d3ac4ab4e171b73452ba3bab3cad84af50f1e9da17c46bcfbe7a1b52284e2ef2af49c67c6d6cce2969e14ec9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2007_xact_x64.inf

MD5 a78f12b4514614db269bf55faf383875
SHA1 0425c3e3ccb15f691d6f5d30b71856138063002b
SHA256 2fcc4bdc6516418d3b4935c301e14f30e3bbd0adfd264bc34067b27b0b266b8e
SHA512 9d1cc2704541b71b246c2cc8e6e1d667cd7e691e42865aa5b0a800cf26386cf00781ae7727b7f90711e987148e98f4253e05b6d3872d3f69b0584bcf97b3fbea

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2007_xact_x86.inf

MD5 8898bbb8acc1b54b3b9b6a2f6b0e2cfb
SHA1 e5ace499d26e573544be76c8e45cc5278d15022e
SHA256 c246c38e41ed71bde4b3cce4fe337826173896a04c26f8b2a00b06bb0cec024d
SHA512 b0633c44541cdaa2d2c3174027d849ecdf5ccf2149da4a2932f59db600cafd8b959aa0382973e23fec7a76ed7555e96065a4d8aa077f50c2a14e5080673aef30

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\aug2007_d3dx10_35_x64.inf

MD5 703b4ea6a182ee3b48026d01319579c0
SHA1 3184959599dcee4e74b251ff14dd2aac81e2ad68
SHA256 af4bdfeb4283f04e24475279931e042f17052224cf708f0c444fba2f2e221289
SHA512 a6e67befdb1d757bc08f6a726e6d79c4f51324edbd1f48730616e27079bfa60262b88b4c49cca046e3da3832e375dfc29b2ff48b7007443606da94793ef7ed84

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_d3dx10_36_x86.inf

MD5 582814cd47564fe8e3424cb2eb090501
SHA1 87a2114434564bb0a5cb4ea337577dd405f5e42d
SHA256 96f48bb810055699d37e9e27a65947483a0b4df304870e3b5448d3051b3e4926
SHA512 203d522271aacc0200bdd684934a8478b54a258f55ecca49a178ccabf418a328cd02ebd2a9656bd9dcd40c33de21d33664c5b16c1e7877de424d37b4f9b3e7a8

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_d3dx9_36_x64.inf

MD5 345ecd585eec22fb33a62e59c2758b6d
SHA1 2d6ed63996903c32b3e7ae24d86c924b11d53e7c
SHA256 d1b544b3912e73e5984cd759096120febe6f17e41a3cf920ef82431b9b569c1d
SHA512 6d88cd48bc32a008989ec4bb71afba0afeeaa12f17833fb4072c38b237bd006f192f4e4e7a65d8aebe5d6dac1d13098eea370b03ced343a5541e0ef23e813364

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_d3dx10_36_x64.inf

MD5 60e353607750ae5e63cb8e56f443321a
SHA1 8f1b07f8cfbd66e9a7e3c15118bddd99b04d6871
SHA256 7a49ae818e199cf9f9bd831f94cb6d03a1e72a141d76546261979b30642757b7
SHA512 038aecc1264f608c6028ec2288f0d8de6c9202bb3d1e96fd247e889afa06f1ce592bc9e224f37e83f29c0984cca6c4e85ab11eb28570aafa20b076f2b2e5b6e8

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_d3dx9_36_x86.inf

MD5 08ffe480ee5e54fc19a2feea46adced6
SHA1 c939391c489bb321f70707183b0d3f4b5f13911b
SHA256 843764f70f56d430c0695e263c895a135a631f793213d1005fafcf9c210d1ac9
SHA512 c05aa34b860b5620c982731af15889da5571395fb35faa24d43ccbb1b42dcc756769a0b9153c28112d7347f28d4ba933d8b15fb36a3e511ac99eb148f848ed99

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_x3daudio_x86.inf

MD5 4287ed3f6647fcd80ec6b0f7f2606964
SHA1 27b2e4212295478645a017a4df820af6bdb4dd0b
SHA256 f882bdbc8230d24b24e20f9d0db447586e9493801900a8ba381eb493bd41f5d5
SHA512 c816d7127fb7fadb971b757ba76d4b918fe18bb16e5d2249b4bd80b0b6c47208e7ba5e11b521d9cd0a23d464c392f98a3c617b91c0ae799f3aa10401b4e2bcd7

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_x3daudio_x64.inf

MD5 55402001ac41f0bcd1f457a36d298848
SHA1 a18fbdc9631610f2550f05cc3aed5a665afee7a4
SHA256 1cc72ca78433fbb72ee6b654c908748ea846c87c80424816745f285ed3bc910b
SHA512 96cb7ff1d43a7c1642d8ce9cb3c23ba460f6c083a7927fe0ad7a3ebb85649c384ef0542ee3e7dff6b99413b95a2a333327cd28349665901f466782fe96ee491a

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_xact_x86.inf

MD5 7e2a5eadf9f1eaf90d5eac15b7a9f558
SHA1 907cf74056bf7ad91e47c98aaad9a092ab42fd02
SHA256 24714f229e479338ed89bdd6143140505fd63f517b7e71170ea6c072a1748b06
SHA512 63c2f438e6feaec2b9fce15617940c97862a54527d549fb6ea149e4d18199c1752e255c6cb167ff20b9cc1f74b87ffc97110b65652bc5c3883cd14894d21f8fc

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\nov2007_xact_x64.inf

MD5 bebd51d24aa338f6192e291d03684b6d
SHA1 cf2c0efb60f44748b0ef3f95276b0512719f130d
SHA256 841d579573afd51499c7cd8ee986a41db63cedb722e8fac351d3632ff470c161
SHA512 28fdc41091d761faad79c1af33da0372086689113df2f1cb40513d50727e5aefd652a977ad5c92bd62f1c5ef9cfc24c23bc6758ddd6a4d1ac5db0b5e401432ca

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_d3dx9_37_x86.inf

MD5 020d1260794d5780937f0f7a919cd62d
SHA1 511ecd1186deaf129a5532b79fc776a9ab8fa9be
SHA256 d55858e166a2fe00d4acc30da756f0ab2c4dd5a79a9874eab3100722c74a1b75
SHA512 201e24e51dd859c35fa9d0a403993cb0b2eba67effbc598ca4491f05bff4f0805731b1e7cf6026b7dff9fbc3167c16b43887f080fa40ac11c6ffe09297401f9f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_d3dx9_37_x64.inf

MD5 ec75fe979fd2c2372ea75c72a905c832
SHA1 954642c9087489285c8f0786b63aee108ec08d04
SHA256 a4fda3373241c2748a969ddeeb6ef41b3cc1bca6608362ba87db75f69023fe9c
SHA512 dcaa772d21d1be7fe59f1ad32d10e7cb454ed2a4d98b3add201f8bef03718c29f9915fb4cb779111a954a9d93d898393ac2ba593c2d4d378b88bd492b7b5381b

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_d3dx10_37_x86.inf

MD5 1242da12c637d5976af936f60f387c26
SHA1 a6890fa9d41f6785d54a7d3e1b229b64010089ab
SHA256 bae3bc2b7071d2d1c657a87a8c8af6c0fb5373f11c9aa5f61b406924717d0792
SHA512 7fcaf6ac1a8166e8c68d650dfea40bf329565d4ef92316ed0188a252736c9e288cc8f7d017b0de4af05245d1bf94a85b2dc72a93c618a1f2caeda45fd84a6a09

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_X3DAudio_x86.inf

MD5 9ab8a749708995453ee8a995a877af2b
SHA1 eb8a0ad7f7b38aa190e2fb8a4a2d11cc9fa9b493
SHA256 0b6e28f00364a9ff436c3d99f0d4e80bf615f1450f420122324853cc0b88b16c
SHA512 9b0ed586fed0ffe25d4076b202afcc7ad580dbb05593e392a12d64b639098f8b7687463f213e53dfbb85616c5a3781adaef8f1ffd293c082a84291472266480b

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_d3dx10_37_x64.inf

MD5 b21f653f707315be4c85ff4630af305b
SHA1 32b0d69a786a2cd37d2fdf541931d90ae8656944
SHA256 f37681f4d49f71d48b1960c3efac74f28af9fa764b29ed3a40b5f424fc8f60c9
SHA512 e68348c9413f77749218fa34e55e416c7bac95f234522bb6eccbed1185a3f3af2a393511d3b83dbfc64580e1725f9f53e7e586570d696a3fee76761e8b0902f4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_X3DAudio_x64.inf

MD5 2f7b3369825c6b74f4b645ebf52c8e98
SHA1 105972c77223b943df6533d517c698241ddee9b1
SHA256 b7dba312a71ed109c9c54cc5cc096096eb8cf0962396e8dc996f8fa28307547c
SHA512 88a47bc3520f9fbc082f1ddca7e083cff9bdbe5c4a0a851925ea14d8e0f327f2a9982e5b4ac457e4950acdcf6788299c4e13a15ff38bb76c8d212f1466cfcec2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_XACT_x86.inf

MD5 e3ad8befca2528572d6c51a15e072c94
SHA1 9718337261b8b93b546a5c20bee8b44d26707053
SHA256 6b0cc0dc993e172855864fa078c4e5c8f2f46bfc3200bf2ccdf3292931ee3cb2
SHA512 de4915424d8a53ede76394fac14c4de46838f21afc8bf30f560d2d00df4f366dc9ab48bb343be3580087a7d5862a14c08f83b5d9cc8e78aa4cce4e6b71b70c59

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_XACT_x64.inf

MD5 d5debb90aee2d6a73bb448aaa99f985d
SHA1 950ff1a768bdabf14ca2cc6809431c3be8b19d9a
SHA256 1038a41e63ee8abbc8be85a86fafb2ac1d03defa6b88deb270f96a6ed1a97122
SHA512 dca65e91d4eb619fb34615a3c8683e04af84e843346b88bf4d52cae0c27e52b5a7a417c531eaf50cf45932e3fd6f5fff1bcfeeea4fe65efffbe791c8ac1a8101

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_d3dx9_38_x64.inf

MD5 df5538bc9e0494845a8e2d607e06e561
SHA1 a056a64230f03835dcf9bbc5d84edc2eb0c09484
SHA256 ddad68974990a21a8d4a91c47ef1034ddf0475551586f04e86b8cd2f0c990d6f
SHA512 4f19379034eb47e01de81a611facc2c8300c7b10306ebbabd232a249debb4acdcd3de42b71d851011be5b3abcae1ca232ae6891be79adfd754369dc0f16b249f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_d3dx9_38_x86.inf

MD5 c7fc0a82355bafed08a5597930b80263
SHA1 037419fc93581e053b4cd31c57222c8b8761e242
SHA256 06faf7f7ea5503dcece13d6537e57cd2581d5188a5d839fe7f118298a721b51a
SHA512 51829843dd7e2e501d6054f500fa523bf63f19382890880cac0e3f207a00dbc544195489de67c7dcf876d9061f2af12bd346513e1c98047b0c185669be5d8cc9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_XAudio_x64.inf

MD5 8eab978252843c5c47a913e4eee460b5
SHA1 b5ac7e6a36157c41d56e1113d7768e67530640c0
SHA256 10a2db49dd3bea59133bbd82b3fc0f8a959b65b0c250c11a9a6f3123b961e6e9
SHA512 d1b7be4eaba7126f3f64d625cb9c9d16dd40dd1dec96b4d647f9a5e24d6b945faebb65f25348d9ffbe092b03b1a54414cea9a2e4d1eb1deb102ab5abdb34d810

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2008_XAudio_x86.inf

MD5 35c6f6f109257f242cfb2ad2062d50c4
SHA1 222406bf52449ff0d5a7ca8ace6cbd3dd5f41708
SHA256 472bcfb54b5d63377da128596dfb30c8f200f79edaaf6d29de1afcdb71a3413d
SHA512 71180d47d8c177d84e68bcd6b9f948dc8c946f7a6c4091e20e04f1c8098b9ba92bde976194b06595834ba4b159a702c091d04ec823ac377b7ba7713f057f99ee

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_d3dx10_38_x86.inf

MD5 d12a6b9889eeb330b4a4e86e9bd175ae
SHA1 62a4a7cb8fcc0edc240caea13b2b487cd012fb00
SHA256 f5f54664ec67f6333a9f0607d891bd0dc2acfee8cce09ac4ee0372b5d0aa12fd
SHA512 86274606e76b98b71dc4eec5180b3a52cb6627ac5ecc8b008512b7bad404e03b834b7129ce326a3c9c1cfa8b19bd5e97467a9390bc8a0e749771ca06d9f73491

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_d3dx10_38_x64.inf

MD5 e2b760696e2300b1c9b6c2531b39d029
SHA1 1c576840cf04b73de362b28b943bd69b09b3883e
SHA256 0de0ada970774620c0905227666fc30910e64f3cfa4b99e4c5481685d12e3ded
SHA512 94e4bd9834c21acc7709fd28dc557455929f940be0a4a794105188dceed7e023f87a489a1de44a9f93f3780f6f9088ab3d4e829a0089bec74a25ba4297a0dd73

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_XACT_x86.inf

MD5 59c4f83a7fa2a8dee4970d37a96c2b55
SHA1 75b42f58c61d8c8ae185cd8560dbfedb7c4d6d9c
SHA256 79cb10222e466d54908d30ee433830e9673d5a538fabc5f4568521c2aff66eb1
SHA512 9a9b7ea3b354cbb29d88797533332abd4d1ad195b28ee6af05a0c6f83343b1e2ae0ce172e9941eb5f0d7ed3fb0382c1319fe4808ea2bf8988a1dc63b78c8c095

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_X3DAudio_x64.inf

MD5 0225e16dbd17754f202f34cc1fdaa60e
SHA1 d8d7e02849d9594b346023e9e69a5b2a4fffc45a
SHA256 f4526ad18f081b84a139e6d98923569fc8ffc7644e20499e2f68abfb3e87753e
SHA512 2b308f4c4592a80d4215781ba7ace57f93a7449b2ce36a7c78203e1f16f1b7321dff6c32272180c9cbaee5d31afbdcd11f3d474004fe13c63752d3c0201d2033

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_X3DAudio_x86.inf

MD5 7949a4d37b517c39295f0d656cbde501
SHA1 27313949fe172d687e9faaaf91044ef56b7c973e
SHA256 0064b7db5bfe52b6f40f61d962901c7baa116abbc72328f50586b6fa65f894bd
SHA512 93d947c95b7ae357bd47a5a050437cb05192eb6c84e9222a46d70ecc7c54bc2a5cb1d3f65cb2a4db5fe18106ed9be5a7aefef08f9634b28cd5cf128bd00352fe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_XACT_x64.inf

MD5 9b2753cd7967a014a6391b44900ce258
SHA1 d6d227999ad32de75e05ae7d7fc43640e8893ec4
SHA256 90577c4c3d5d0de80c805caf0cc713582698ef7224fecf4ff911ba6309c5c920
SHA512 31136e55f01d382cb20f7109d0369a3ab7c8997dde1b65e9214e410ab686add4ef6950241c0aa9fc93ea0cfe3134d98ae1f3f48b44e92a620715bf159d6f5914

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_XAudio_x86.inf

MD5 e82ee7f4d71ae8bf90378bb6dc107d57
SHA1 6fc8e3437dc9d87213064e69bf0769d20fa7a739
SHA256 e5e435c4536f987e1087218b025e6dc66c24c3e300e839391891f1b3bfd360dd
SHA512 baea9f4d6c744f26b55426c9666f135c07f3e8af15fee04cdf34c0af83567815dadd5a4ac8a6547a49d58e0c837a28fb18c4fe1f50fbed8da9991bd2aed8ab7e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Jun2008_XAudio_x64.inf

MD5 c564c4dd81be3fe65783bca776be371e
SHA1 b60e1e1e34b8c56fac53dd7af79e1e05e04866bb
SHA256 9ce21064f2feed9bc9426a6e92e9c850aae31abeb80c7906ff917fbf4cc03913
SHA512 5b790aa1a6215ce8687cf3503267e31d1d7b41b5e4675bc634be957fbe14c53556989278017f2c97336df13d16eeaf975e0602a4cf9c8356598c392977df4dcc

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_d3dx9_39_x86.inf

MD5 b28ef6e3eebceb622d1431fedd9f545a
SHA1 c6ae73cbbdff4632911dc1759a9ccdd73056ac8b
SHA256 8a23d386626328f9519076f33d5c3b71c639f2347741442c3374974e6f61bd53
SHA512 4f2bfced9eedabd6ca807a1b88cc063d15a31ab0bd8e2b60c65d6daddac9a111c434a0fa7d7641813d9880612464351ea30368bf6f0ed9ffc69bfb4d51882d12

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_d3dx9_39_x64.inf

MD5 9411bf36f2075b7e42468277e8020e40
SHA1 c38bb84e7381baf0d2720e5f1822781a639c04bc
SHA256 4cbb1c6804b9c76bba4e41f0d2a45f1daba7350af9da4ae6966651f7f4da041a
SHA512 c860da71a89c41e81c1c89b3e1f4e93e747d7dca1152a4ba063f53f899fc701fe24f14abecfe883571af518df4c2d766432ddbae2ccb2c52bd87d85f6ad015b3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_d3dx10_39_x86.inf

MD5 baa493c7a361f1ac0c5efc94f1568f97
SHA1 16dd101673b96b54bc5a38c20ec3ed785c6bf7bb
SHA256 e83f8d48323887af89648c5bd7af713b42d20ccb757be34675f1fa527e6cc33f
SHA512 2e8db3d1ce2830caa9a0f698bc31e2b907e39a233fb056fae44062b3ff732b3b62f12fcb2eb948c1728df9b64c4d8ee873c0f95e56c2ad1727140236ecc71095

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_d3dx10_39_x64.inf

MD5 b01ca47b1cffd13ec5d8a6a592ae8449
SHA1 e1b615488ba42c44922522dd47b2e99f1b5394e7
SHA256 a5eab981c313538afcd7abc7742854d251c736835ffc1f549a4768fdf49c3e71
SHA512 2609474f1ce19473ff8f5f4550f9eca077bcf063bff8ea7fe890493e1119e80e6b233141a8e9dbe7d9f1e167c4941fead6cafe506f98053e623728b7edcf4ea2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_XACT_x86.inf

MD5 d2aedfbc8bd56092d658bd60b464dfa5
SHA1 54f8e1cd59f43cbe02767face39fa42f50ddd229
SHA256 f1daaa8d96108a4a338f62a4a1339143ddc566e194ca00dde5427136bfccb0af
SHA512 41d74bf9899e8d904bb0bfeed5e053ac3c453e0d591526aaf5305ba33128abfe29cea09bdc23e2131f91626a66f0ff58f6cc02fda9692e58fb2c476795e2b6d4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_XACT_x64.inf

MD5 f616331f6e6916d1d27fbcf357cf1478
SHA1 e5530aa845bca9b1c89abbbc189f65584008cedb
SHA256 cf09d632a4b2cc670d435f356f309dc58359735834baed10343fdfbf37eddaa1
SHA512 c39fd664f43c4cfad8e65d5d6b3ca845abc0b341cb663acc7e274a00c3218394d3d04cca850312074a294bcee4e5a0796a3c90d6263de63f8f83078d9c44c8ec

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_XAudio_x64.inf

MD5 fe4812a5425f1b6d9562b9609db16ba8
SHA1 01a206feff15ead479848ddf056a560701960fc2
SHA256 311bd58ed7437a1cc79692ae360a02efbc8ec51194abcb80bad78b2208a94d58
SHA512 2a98b997af381504ec8e2c5b182c73717ab81a455ae77c57036aa904f87dc8fdfd16a7835cc1e631e9435257da8bc631946b32d8f3bb72d260d1114c4c3c4390

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Aug2008_XAudio_x86.inf

MD5 e0947065f559b93eb93a7ceeaa8bfd44
SHA1 39bb647363b00924c7c0b3792f8017d7c7d9e3b4
SHA256 f211a7d99b3ffa0180bd91f68b2c285564227e075d499e950e76fde04e7707e3
SHA512 620810dcd56857b2d3d5f1271c5d4979cc90977acebfea81edb472d02da8e6104e89984816a91ab57a2469253a391bcc378093f1adaeea7c0d35f7f1b794969d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_X3DAudio_x86.inf

MD5 e8adbd1e68258d5657a34ea722f3bd32
SHA1 ae4e88d17663889e841992436b524a35506ee534
SHA256 d0361ffe046b7a7a374a4938d419e4121365892e4f2138899f670619ab34ac6a
SHA512 62b132cbde7afebaf20a437b810ea42b7c782eff4fa1f83e2e586b2fd9303829ac90c54704e28f53010a8487e04bf92b791c85fff4c949a12cdff2132c2b09de

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_XACT_x86.inf

MD5 87c8d16c6db20854f9610bd5be6e5ae5
SHA1 c17d78456637cc2a67b35d48f9cb3c730526425a
SHA256 31680e7a90d24eda04c910e1f3e6c02774cfc5c36ae08e7ac043665264702f83
SHA512 061d80816e2e5a7a2df68cd91a95e5f17aae8610a18b254abb7d5929826b14da5755eb01912eb369d1fb5725f2a4c144ce92e0d08b61799903d83fc91f35413e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_X3DAudio_x64.inf

MD5 fe8f918218c40fcc007bf16e9cf0b76f
SHA1 2b66a5a714bc7a0ebdccb0029e179bb3f32009e5
SHA256 d04d052fa3065cdf00e96bcdd7dabf3583ef10b6d80fd67cb03c32f09f2e602d
SHA512 9845d8d2c0c0c618594e692abb382e4244d95f5a06c48d7ae694dd09ada670ff23bab07fbfd09310f60f6684267ed0709a1d146da6fbbecef4790b9373840b2b

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_XAudio_x86.inf

MD5 052b3294a9345385406ac2056e724804
SHA1 79372406f5cf40deefd8ada18ba238e80360ac70
SHA256 950b5aef596fc5048732f6cf263dfca5bcc25df7dc17df91efcbc3551751a3b3
SHA512 9b0cff2968acd2552609169a138d40fcc25ff2c35b70ba61cabf769f4e5b54774f32392508867b6ed9198b3da5a858b3a7079d7c4a4ddb31f63e4d4985efd2bd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_XACT_x64.inf

MD5 d28248a55a7747733c0e4356c1a15d70
SHA1 befab66a5faf1889c6eb2208698874b00024b78c
SHA256 2d8a68e726728e4f4be05e35fca812b855046ce4bf697f0dea14094dbd7e1d79
SHA512 f7b89d96e287ddf8200462c4eb0415f2fec81b7a69e5fd4bd5bd33cfc805287d287dc403060b01639cdb67b14ebe65e42f75c3a1fabbcaf8692d315cd5bf45a7

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_XAudio_x64.inf

MD5 318d70544da7620126540b0712200e7b
SHA1 707c4a04f02e10b08a16528b0da8b284cfa315c9
SHA256 ed20b160dd26a5ed3c220a1fd9b5fc880b3280ebf56c2f73e76b6d4da5ef82bd
SHA512 4acbf6b35043ffe9c740e3e48fd9320e10f5dbe317dd89dcb97b68495b60cc2cb2cd98e57fad030ed053636b710d344b96667b69bec4b7727ba2508f35f23aeb

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_d3dx9_40_x86.inf

MD5 d9f6cb1edf9f92a045f4b2b8ec17cdb9
SHA1 fb362c8de21847523211fa512cdbf73e5b49aa60
SHA256 955637638635025f01f82febab4a4977252a765439d90ce940fba752723b9db6
SHA512 e22fa0520dd3f905b5170e3ede4d9b9e40b0522c9b39308d150c01e5bc381949d70ce04818efa9eb2a08bcc3b26f2179db9a5aa1a5d14d757ee2dd2c5c3cfae5

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_d3dx9_40_x64.inf

MD5 4f4a9d3074a4ce8fa141a17b0c2e97c5
SHA1 e77b4e76ef70fb08befd69a03b9f5dcf02c81428
SHA256 d071b30f56763506da0c939b8d35b0540bef3ef0d51a5cfbc45816ca91f891a3
SHA512 7b961d3b9ed247e75047a5bac6d65ed741fb3c210fadfb23d4b77653af7001fd557fecbc2bfacac00188894374ec7ef3b0a5c1b1f6ddb0c9ad3ee3dcd1f32027

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_d3dx10_40_x86.inf

MD5 7a3a4c3b7c9c979261ab1fe477809731
SHA1 545004e59315dea0bcee6bde61bde3c45f79d107
SHA256 a4eed39cf36adccac4317e5822b30aa37ac5b001bcf4a24f7b5ccac6b8b71e9d
SHA512 556cf8ff26de695e39aa42fbbfe0bb986fca9ecdc08209c28404aa1b285cba8bc4ba62659fd0d929d138c781446fdcf2a30c0e1aa1487f6f1d75c9f15145c7bd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_XACT_x86.inf

MD5 25b4458970583bd63b3e21ca5eda19b4
SHA1 a41a7c318342365d64f94da5c2b9d0490895d684
SHA256 764c3caeb1725a11701ca7119fdc49b3219553b79f9a5c1a02b20991391e5a21
SHA512 4239e25d6701e28a58424361d2bbcd27abcd91308ee2b5abde611304b0c2caf3cd807c8aaf3665569a565664b12c53e17aca73703ece809b9f26487d9f9a3778

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_X3DAudio_x64.inf

MD5 5e65d9cfe5f15381afe2016508800dca
SHA1 93a44fa2bd9559929c4ed459a336e1cc27738f90
SHA256 4da1a6bbcb7e84073dcd1898f854702ec32f5324478b2fa39c4a9868abeecd3b
SHA512 9ab50d72212f79f949679b7e7c19f698f2b1c6f1d695555d925b7cdcff800a14fc98535476150a15c563eab74d8a98316f44027b0e3ad2834735a6f94aa07646

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_XAudio_x86.inf

MD5 ce1394e17492dac92e0257482272617c
SHA1 f1babf395b608a9966cb5d89d85d131ce8263576
SHA256 1b66e4d80f9843fc73b0a6097fb8ed5f3d2cfd5cfb5c328904d2c370bd87bb3e
SHA512 c5b800c6d519d147e37b459b3c667d2e05b6e344ac38be69aee40dc1e20b232c9a123f0f6ec8fb5909ba8d76fbb24a626ffb2f76b08bb3d3984d6ad6541d6a9c

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_XACT_x64.inf

MD5 eb9c537b01096960889de48d1a13725a
SHA1 205f797be95c576f2b15760a25440f532011332c
SHA256 9369fb0a9d3353627c097fc19780e5e7126af47766ef6a4a95ff3ddcca56691e
SHA512 c82ecd2c952b1df01e6c7f7858341c62b36330945dfd0c6bdc404d14bee5682ca06a19448961e03a2093ea00040fd38ce60c126b9f155607b7435b28f74055f6

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_X3DAudio_x86.inf

MD5 c1501e224e63e7c7fbdbfb7734a8e4f0
SHA1 c6aff4de1b44499d304649b782346b0a6decdbd8
SHA256 aabd029d75f25244bae4ca17dbf9c4feebec0d5f121fcd388c175c3360be1bac
SHA512 e29f985810029a43a987ba45c905aae84d0615330e6fcedf81806a403f59c8861fdbb31935b0c610378d8131d38ac6798c778f5c6fada9f51838cd8a8cfcaa99

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Nov2008_d3dx10_40_x64.inf

MD5 f0769f57bd08036d669104f9bc942228
SHA1 18fd51cbdb46f1ffd47103dc026f1cabf4e4868c
SHA256 7f902d9ce6f6d71be1d16997ffc9661be2540522c73cc185516415a52dced2a5
SHA512 427acfacf52759a1ebd749022c375767fc283a625b6773e06f8965926e0b96a969a27a440bd661015b56eeffa6decce7322e43974172966520c9ea5f6164914e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_XAudio_x64.inf

MD5 8d2a8bbe89cd936282ff828c10ae57ad
SHA1 acdedc9919abeead28ef07da56ea33f88c45c3a7
SHA256 4a554d09934581a87a4cc98749b525b6794947b64b8414d380edfd502713f9b6
SHA512 69ee567df6d9edf90a6a2a882b745597fe0720af3eaa0f23ae7241e7519aee5af435566bb1e0cd8b2f6bf6956b21f73d7af9d8e9511afe48a54f68f440aea2c1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_d3dx9_41_x86.inf

MD5 b37a5ff044eb65521a290c79ba1a3e00
SHA1 ed505464894bd3e52654834487f3821ae117edfe
SHA256 bd29711cc2ecd924990167ffa95f48842e24aeed3acef1023717040240b4bbb6
SHA512 eae4408cfa7f9c39b101489688cc570a184b8a57f3d20d3b0452a581fb80c4f485dc2f512a39669a92a5bde81fbf474e1585f566ff482e87610780c23126c21e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_d3dx9_41_x64.inf

MD5 d4a1295d35748a262f28c2d3ed7a116f
SHA1 f6794d7a852b3f56e93fcded600077220ebfef74
SHA256 12fe918aeb224a9bd4d2a8142f97c95d58a9a69e591e7e4f95014c155bb03519
SHA512 79a2c575482ebeb4157971c07df42c76b42fca1b00e213f3f311935977bc27c86ecee6b387d93e9dadee06bdbcd6d4edbd72ca0a66925eaee547f1bd195e7f02

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_d3dx10_41_x86.inf

MD5 6f64b88a71edf6070f48277cc7e22125
SHA1 1c77aace8a83ecb9a388bdee2aaf38e78af08ac5
SHA256 0170a4b551b58d92a753e86793bf3af762fe3f8d781512f710a4d661aec8d626
SHA512 4349bed85d5c42f921005ad6915571b680cbf178dc1c9fc8f218dbda7cc34b76647edfa324d3c529dfba18da800bc010623a6ee8b34a5ede0a447d1e7dc93827

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\Mar2009_d3dx10_41_x64.inf

MD5 d9bc0224ff859db21a9f684ff138cbae
SHA1 dd4f2ecdc2a7801588166d92d6e6aaf769bb3627
SHA256 53dc284b87f5787804823977d2fbb528e393829367db5d2ac5dd79c581a27616
SHA512 29d5c1e3b54e79e322a966d954935a31aa7108aa31f04e711e36efbdabdbbd3282ff56df9d640fe48f8707d55a7af435c83b7f281177d4d5bf01364786596ff2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dx9_42_x86.inf

MD5 dff48361a5cb0dea034dc6f16de99477
SHA1 afa417acf7e9da37923255a623ef34c7f6446c80
SHA256 5989dc367a8f84815bcfa1c46ff756527c6250c62973220d1af354b70027eaf2
SHA512 750b69eee07e7d6e7fbdba722e2e1ce377729dca5fe52b4d57d23dd2b80b28b3af8403aa43c469a5042ad35eb09ba4dbefc40a014a137e1b5d87e0f2de203856

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dx11_42_x86.inf

MD5 9deabc0af1186bc22a6feacaddc5839a
SHA1 2a1fbc0737777513390210fe7fa48fa8805b15b0
SHA256 edf6764083b47c04fda52b149f565587c6a07d4455357fe3c27c9e56cc57a94d
SHA512 8a3dc2b4d25a2a4ed94cb70e88b051d9df9985f3c6a8af0725bb521e029015755b415c23a44ae8318aea4a04ec9b9c1ffc895df41d28c384d78a465dbb29ed3f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dx11_42_x64.inf

MD5 520790b3b1eb8bb9ff00e4730d17e256
SHA1 51872475e3c31bb749f0bffaa42ab4ae362b2dea
SHA256 f9c13939779d4526107cf7d3554c122efb564cff02228d02b0b6ff211904f5dd
SHA512 da76b41ba262ac7adcb2b48b8e3845b7c57b1c45a664a1f0bc90d420cfeae1ee454c2089ca37ca5df264759f016c781ab1bf17c026d9733df7271e8ee3320dec

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dx10_42_x64.inf

MD5 8d272f58bf5ce42962d7d9835e9b489e
SHA1 7e0969289f839b5dfe606f6ce6ed106460f97682
SHA256 2bfdd3d3bf485439013045b3a08942f457385bb89ab76d9479fbdd85f09e9d96
SHA512 0554257a41df07860233f26330020a45e2dab2613a6028f79914aec7552d5c54525b137e450202db1283b602c3d95908acbf9f1eed20dd79c21fda5963fc2b5e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dx10_42_x86.inf

MD5 b3a2e761e5da007cc6036c5703e12eed
SHA1 447e852f9bdc357b00864d4dccc7486f1313918b
SHA256 a80a00464775da82c02f628c5bc13cab0d0643ec2a44b28d2acf7c77d467becf
SHA512 28a106886578fb38f144602d2b29c72a906bb24a50b16ea7d3f71f8bd7f194fc0d7c8451dd1c3e9ecc59be3a866c07a23dd394a17d39eb7b55cde7b347bed3a1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dx9_42_x64.inf

MD5 ecbefd1db4cb52d5089b1d4b20a08656
SHA1 85134f773bccff3e874d27d7e79dcd1e9485c903
SHA256 4887cbec8545b02152eb16f6296987a43a256b69b408330eaee362184f298d98
SHA512 a50afd834f0d892af5eb33b9c6ffbb330ddebcebd123fc7f706f05efac9491b49dfdcfe6196f3b6a3c9f7ffedf4fa723e0499f03417552404c0fb4f4fa3c046c

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dcsx_42_x86.inf

MD5 a156f288883f2c1e867896c114509aaa
SHA1 02d7a136da0bc6c8cec933a880c62b90ea8d329c
SHA256 ff9da1b0328fd918cf9558ee57387a4865afe98db1410cc16b1e921c5a744c48
SHA512 632fd6b2940a851bc82c2d57a962dfced3b2cc61010e037ef9065b4a8da5a0f112bc2c66984cf76334556bcde35d49dece1841ffca9c149526a56d3824178b02

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_d3dcsx_42_x64.inf

MD5 32b0f585bed3e042371e125ebc7e0f80
SHA1 dc0f6d3a501cceb50a92848f045725f93182f150
SHA256 f7a5a84bb654837193e0f40b579777f5c6cc2c7341cf90503d6a6709d319797f
SHA512 ff7ebc445ead8c5109585ecdc58c7bb20f9cf9debebe587ace38c64f70277ee6a9c9359af0ff55a1d4bdd2d01b958efdce743f30cf5b20bc8656fe4124ec5670

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_D3DCompiler_42_x86.inf

MD5 e7f9ca8ca804cc404f855be173f6ac61
SHA1 5cbe6a3e7cd65a66bb6ed17930ccfacb8c756fcd
SHA256 bb8834d2366f6899c507bae176a13dadbd44488451a263eac830be95f4bad43f
SHA512 cca663b914f6f6d1b86db83e4f2976b103af041ca171257b9815a689788018434228182bac943fcdc7770d43180d53f887ec987e9639edc26ecabc7d20dbc4e1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_D3DCompiler_42_x64.inf

MD5 bf489f4a6f1c8772091caf9d3f96628e
SHA1 c0da8b93f1e17acd81e5664ff7f014cf470d12f8
SHA256 8977772e5392b8e79364b3b8d97300e97ad891f38d5a2dd306549401e46b05ff
SHA512 2e21de522c0be4b797262528399d7ec8604fbf466e8de49cc12b9c2e2daa3a8f0977e952bd36135ed4887516d31ff8c782273325d2afad48f8b3202f35b4ffbd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_XACT_x86.inf

MD5 5b6e899df58c5dd0201934027490278c
SHA1 8379d615b05654bdbdb6512b98abdb93a9179796
SHA256 1eb88b5460824fd32eec9b90e7ef5cb529f51215046e539d39fa27a409709766
SHA512 2326b2b5f046ea663bc8723155098ab58341ace400fed48933575dc55b1cd14ee8f8d67194303783a1d1f412e395eddd8952127eb35d8ec745208a6889dc63cf

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_XAudio_x86.inf

MD5 6d9bf03bfc9465df08d17b18c431926b
SHA1 184ff4a21ae4756179fd179d1c3d007842a7ec2c
SHA256 842cc52100b5774bcda19e40837bd552b308e74829d5b35a505822c7436892e1
SHA512 35efd74761fce6b8c7371cbfc5c8c50a0142a3fa3492dda3e566b031bb1dfd58633960230985d899348073de38295e25f76d716b153640a9e0e8ce6d59954f5d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_XACT_x64.inf

MD5 e8623d8be34f89b38932adebb2ab2df8
SHA1 f7d844b8c77bbf1bdbaf4c615be7591299185bb1
SHA256 5d57466af1801ff3a92b1540907f0e4b91d90189177d68c6b4c8833e5d57dec3
SHA512 a398b5057707743dc3077f04e3796fc231da56b54d58c826b13ec610bbdadb0513c56183156be2e45b47ae96971a9287097ffdcd709f496e96f8f7233375f1a0

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\AUG2009_XAudio_x64.inf

MD5 af52205973fa73d4227dd5e105f6a37a
SHA1 2e16e2914fcb65e55a117b24b992d6e8cbec8c55
SHA256 4348663aa7cfe22916fb13d93307e7384376fad9d6fa34c6196f80df42c61a33
SHA512 92b8ce27f01fec9c17c2677eb4e9e3f1dd592a94a3ea12e9580c8e206a8895c99b0498b2fac30323814c8da16a48555bf5a76eb72afcf5b99ee2e05c67cb4ef0

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\FEB2010_XACT_x86.inf

MD5 82c10b720e33be099f69e4010d44ecd2
SHA1 e95a2eb23db3fd610d71089500aad523f93c9469
SHA256 e850fdb84bcac0f667927e53fee943efd3f43be6c6a0ae1e17f3fff83ddb2635
SHA512 853261c439b26cdc8991ac289b9f9925976452ed613481b0cf09e75444882805ffa15633eba441d8e1a04641f5f6378b68e2270a6a48d3911d7f9c2c0b1235bd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\FEB2010_X3DAudio_x64.inf

MD5 49460e9297b0faab5a5d73e7aa2caa67
SHA1 a7e211f3d4ae808f67a798924c4d3314183df873
SHA256 68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf
SHA512 92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\FEB2010_X3DAudio_x86.inf

MD5 e84adf38d499ae39090ad60fd76d76e3
SHA1 6af4d58bc04aac2723e8b97649f1b35fb1aca84c
SHA256 d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a
SHA512 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\FEB2010_XACT_x64.inf

MD5 45f4f5d8439b3a33df8f1d9f39a162c6
SHA1 e09440edc243b072aa589ed139ab9fdeff3193d2
SHA256 c7efd1ec4e4d31644a5054d32cc1e6795464472c05439573ae93e1727a5eea4a
SHA512 f8b7ab66b7fd182efddc2a851c6468a311705267afd5fb81554713b338f24642c5e7b5d5000b85e417154c4285457f9fdcdcf9f42c155c801f7a295e6ae3ea34

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dx9_43_x86.inf

MD5 a11deb327119b65bacce49735edc4605
SHA1 0be2d7fa6254b138aa53d9146cda8fedbba93764
SHA256 6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b
SHA512 b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\FEB2010_XAudio_x64.inf

MD5 1c4dc3c97e96135a784867d68d193bef
SHA1 5019f79ea9b624999fe58420daac619c5695994c
SHA256 da63330fd2a1538b714ee6cf2e09256446a04a55f866b3f70237d8a7165cb3e3
SHA512 d529d68ccdacd41a7bb688bf226a23f4d08639213d96e3e428c16176681c5f7d45ca8527291322b2a6d4dd14fea1cab3cf183006bca3b5a45fbf2e05c2ee1437

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\FEB2010_XAudio_x86.inf

MD5 e6e942a2cfbb587bfcc4203b5bb34fd4
SHA1 2e0172ea1936911a98e11a6e98990703e24172c0
SHA256 74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca
SHA512 3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dx9_43_x64.inf

MD5 ce097963fc345e9baa1c3b42f4bfa449
SHA1 e7624afc3a7718b02533b44edfe4f90d1afda62a
SHA256 272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f
SHA512 f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dx10_43_x64.inf

MD5 13c1907a2cd55e31b7d8fb03f48027ec
SHA1 ca37872b9372543f1dbe09b8aa4e0e211a8e2303
SHA256 a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377
SHA512 545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dx10_43_x86.inf

MD5 53a24faee760e18821ef0960c767ab04
SHA1 4548db4234dbacbfb726784b907d08d953496ff9
SHA256 4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862
SHA512 8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dx11_43_x86.inf

MD5 fb5d27c88b52dcbdbc226f66f0537573
SHA1 2cbf1012fbdcbbd17643f7466f986ecd3ce2688a
SHA256 3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0
SHA512 8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dx11_43_x64.inf

MD5 590fe1ea1837b4bfb80dc8cb09e7815f
SHA1 792b5b0521c34c6b723a379dd6b3acf82f8afb1f
SHA256 2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b
SHA512 80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dcsx_43_x64.inf

MD5 e1f150f570b3fc5208f3020c815474c8
SHA1 7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c
SHA256 5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a
SHA512 a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_d3dcsx_43_x86.inf

MD5 cf70b3dd13a8c636db00bd4332996d1a
SHA1 48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7
SHA256 d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1
SHA512 ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_D3DCompiler_43_x64.inf

MD5 6494a3b568760c8248b42d2b6e4df657
SHA1 700f27ee4c74e9b9914f80b067079e09ec7c6a7f
SHA256 3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216
SHA512 2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_XAudio_x86.inf

MD5 31d8732ac2f0a5c053b279adc025619f
SHA1 c8d6d2e88b13581b6638002e6f7f0c3a165fff3c
SHA256 d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da
SHA512 abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_XACT_x64.inf

MD5 dc506eaa8bdc02b0918e8ce956b505ce
SHA1 9bfa75f2b2d7ba26a778623c8505e10428a1f6cc
SHA256 f3c288d84db29f7bc4d2c771341f765b5e1940a4827fcb55a65b48eec83c71d3
SHA512 9938b821370919a25e801cc19841e951ef4523fa62eeccade6825e74c43319e9bad2f76e5971ce5d26ec2fe55258f7c9390626bc3b934c84b70f7a2870976b89

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_XACT_x86.inf

MD5 dbef26a0b937dc1859e9582aa88bf928
SHA1 25f85650c6f62e59c11f7234be22d34e890793b3
SHA256 ca604ce9d2ee43a09b39b23a6a2a048b1a79d85c7d78679cc73aacc75cf7a62e
SHA512 4259193cd51168020b3b02ffaae89d7b4a972273b227cc3116c8cac3874b7c329e66c989ad200f93b05d1e4f90657b5391f37d6d128108db66ad7d6a758aa34c

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_D3DCompiler_43_x86.inf

MD5 1a86443fc4e07e0945904da7efe2149d
SHA1 37a6627dbf3b43aca104eb55f9f37e14947838ce
SHA256 5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf
SHA512 c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\JUN2010_XAudio_x64.inf

MD5 dd987135dcbe7f21c973077787b1f4f8
SHA1 ed8c2426c46c4516e37b5f9aac30549916360f7e
SHA256 1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8
SHA512 f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 a73e7421449cca62b0561bad4c8ef23d
SHA1 cf51ca7d28fcdc79c215450fb759ffe9101b6cfe
SHA256 7986e3fbe05418fe5d8425f2f1b76b7a7b09952f3ec560b286dd744bf7178059
SHA512 63d24647ac5d0beb8f1284973927263cb6e05b4c399cda3912178114b42d541dd516c6d67a453ea997d9d0cd9126a1802678062f0951c2547e1b445ba50dfbe4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3dx.xml

MD5 d2ecbcc04f7e087d738df9329d47c30f
SHA1 0f2d7c485020928227b668a148b0a60d99bd6695
SHA256 7b38e6dd8c567d17d94f595c33fb234284abe884a1148025f59c8e426ec30c03
SHA512 5662bbb30d7a601efac49f0e090cf05112565ac40dd998787e40d4ee6988f985ad8513b0d5f80e17f8ec9e7784af1c50a70137c0ec22b0c72107b601503bcbeb

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 4837ebabf70b8193b9508bbaf57f391c
SHA1 b442dcc1b567d39e060903abdee0551d2c5ff9fd
SHA256 2938b52fa4e511e8643282a14088639620f16cb3ec06eaa023648d37f5df2ef4
SHA512 1db57fb308da2bd95db2d9e460e90cfe113c0f9c5dc190145b0b470943b3a736cd8decb160d3df3ac9e96c8641a2b2fca3649364b1dca3bf0a1c0b9aeec94e4a

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 5e2b8b8a5ed016468716b9ff82a1806f
SHA1 f1772121149d87745738cd471d0e504301a9ad0d
SHA256 5b70f0ac40a38c903062a12ff7cd71d907e75238a044ded9b34fb51e9a9a2799
SHA512 4620c9bafb7dfaa8d4351d0d99ae3442ceb2220201f16bd9bab4fbeb1f411fd63d4f0e79abf6e762f4d0e62d42608fbeebd13943ce338eca59ad1080ea6c2728

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3dx.dll

MD5 d3f1922325be8e7e1c72bfd8179454ce
SHA1 89134f43ce2af4adfbc4087392aee6fe56be7ff4
SHA256 8418941d8f1d4c84288e0bf54392378dd3d87b602bb693ff4f8a633022681c12
SHA512 d33f513ff6c199acabe86eca6dc06d56c330ccb78be4d13fb6b1906a3cba3c93afe982b05cb057f2b88f6e6637452f4d99d4a4fe6f3f7c473de9e67a40758bed

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3dx.xml

MD5 1c124cc5c3be4a5e8d6619125b1b33eb
SHA1 455365d2ff521d135b75522a4ce6382aa73b7c30
SHA256 c3cc575c93690ddf44fd71fdeaff3d61552e9d4eafbef77840e4208522d81fb7
SHA512 1e9fde35b9c4d4a123a92545f5b15b12657d4652328e8d249ca31338f80b10a9b70811a16c40e82f286ce1b192bc545d29605c2ded4b937cf69088d9aa9943dd

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 0a48ad4c079a737d447642ab684c99e3
SHA1 93c2ceb9c0aa50ed5b382d3d9c70548a7d32a5b1
SHA256 7bca314dd7a225e60b906b30c3365874318bd3d49ad05c4d669f7888de908575
SHA512 733fb09c4f2fa27c4e4ba1c7b96e3dae91b1d01a6e7b66008964c243ef6faeca78b0287eb1ade3e0858f49cdc40ed98d8aebbbddef64a6ec4204cedb0c45d01b

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 fb3bc0754921873a65f5fbdca845e6ee
SHA1 67cde5bc8577cd3040e275d290ac021874da9fe8
SHA256 f500c350dd71df7452b92444e19b4644b04283434a6557123f1e4d9fb078c3f8
SHA512 292b8bda44e6ff6449c4b38da9b8317491c0f0da3d1e5f7947741de27cc51bbc078fbf947c89c4be3a0b54f7066f0480990d1de57919edba3414aace77c47635

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3dx.dll

MD5 afcf5f50c632f3a5598abc28f196d77c
SHA1 294385693592f9d6320f8b0b18f45bc194d01a4d
SHA256 5e90089e69e4f7e2e42ea4a81fb62005c3710d0a4acdf207b97ed03f5641d013
SHA512 29746ffc665051e13386e452c3e41a593b6339e09a228927929be100cddb3e0e0fd3b54abe02eb7d46a3d97466ecb02bac362398b72fd8e804cbb21c8bc856d9

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 bd9b06897040d7e164bc3ff4a1ac6736
SHA1 11abfed0f77788556877786c92d594672b23c6b6
SHA256 d808f684f4fa7e551c09d49d4e02636c40e591ddfd0020a54f3b7dc2173f3fe9
SHA512 0c74056d000d20aed590787c656ac2261bc76294132d11c56bc823355c39fa58925432339e46c361058a7c9ad36efb0976a4286b592631f05cd3c00835f3c12e

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 ccd53738df4fa27849b6bb05dd67d10d
SHA1 28126653a3d1b4574fcb0c09176f5fa0ff28ef78
SHA256 c29d337bf7639fbf424b34cc0409d2715762e1b4d82881fb524a2508381c9f62
SHA512 aa3a10504fbe49a4c44151beec7d9b543f4b89a51621fa60810f385bdc8a6821e4bfc37cd46f3688013f6f4facd33ab45bd0deb4a1fe16453e1be8f11f2119c3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3dx.dll

MD5 43c280c3b15ceb2472ab560d09629664
SHA1 e3a897d7608d03c93b5c2b8aef52703452cf6696
SHA256 bebbc40ca25ef22e9d16b0de1123e0cb0444fe7a78b4f0b4395bdfd81618698c
SHA512 5229eef9153b992684b6dcb4a32b231c63322b5e4b49ef262228c0dcca4760f97cda5d15a7fcdf77d813eb24b359101e716f72988374106ace13473f27e731c5

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 ac39cb4b3d2531f9ec0f14137226c8ad
SHA1 4b1039bd02311019dffe1d392e0734b3a2fa08c3
SHA256 b4504440b4082812fee4dbec6b8943c7f0cf715af267646240ae4c34db60e608
SHA512 999921a7682ab5ca528adb7eb34e1eff6b253c6a4a70753e663f65ec452daf92e9bc7c7078140b62ad0acaa11a5240e5e64c2d788a1bf9f2a54c1810488095bc

C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

MD5 490807c150b7d8be44bde871f4df8c56
SHA1 69b68a5b8cc3f3e75aa2ba284654ca58bb62f23e
SHA256 36a21fc4f4c8f6ba4ad900613ee1b08ff43f2545585a2601c9fc4cf083d68a77
SHA512 9442e26de55009428cc6e747637c2cb64bd2f008541ccbb37fed4e83ff66845c7cf3874d93542e0ba544e2db61f4864b665b7720568eba284beb095489f3ca64

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3dx.dll

MD5 933085360527de1b4947289ca468184e
SHA1 d5ee5e1e3c992c7518b5ce510c627c1564131b12
SHA256 78d85f0e2cb7d7bde534222f4ebfea1c9e06d37ecd3bb7ebd59e35f00b94b11d
SHA512 2e22398d7cdcd6a46daf3dd3478d861bc4012ba1b54862311ae031ebcd3f908352157cbeea528f22ef1824f8924c3f217311feaf1804cf675eafc07a8d3962eb

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_24.dll

MD5 bc831661963763ac4d504c5cabb1fdd9
SHA1 51b323ea377f9dcd52946f5fe77ceb5673d1592c
SHA256 94ec67763f67932dd4273ef5cc12889a5cef090ffea3ee78a80c7b530272b1b5
SHA512 fe97241d5d9ce298f62ae3295eb9f4091430c8c2c53e967b76e0aed76c3579f8bb07338a0de48e4547c63ab381b3b3d0989a183447b8e47496f35493541295e3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_25.dll

MD5 5b48fe9d6686f0d54b26a005ace24d1d
SHA1 1c395f6d2aa729a607e69dca73f8205cefd26aa4
SHA256 4c54df27ce84d21b2924e64ff79b13e7876ce85d8e0c9c1d0abd8da73888187a
SHA512 6a4fa549578097ba36495ec210365c27d165065820f0fdad20864a3139949e72da00f9b7c614d07d8950307e596b693ed7a291a5c69cc0f9ba30c5f74d6332f1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_26.dll

MD5 523ab607eef81cc4d909e7febd8a788e
SHA1 2fbf1444daab3312da6b34509763656a28252134
SHA256 8ea96fe01c3c86a36fcb3795ae03eb12034003e335ef475571efaeda17c5bc78
SHA512 791f520533f58cbccded4e7c1f64fc14d20942efe57f32a5ee75eca4107543718eb35ecaf52e6eb3d9112867141271b8c097766fcc3562f016bb612bf840528a

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_27.dll

MD5 852edc778a7a50077694f84d8e601234
SHA1 14705b638e1af81ddda5dc52f68c61ebfce5e9e3
SHA256 a70d571cd675c97c9eeb4a234dba1d667ffb54ec3bb14defb36b3e2f605ae257
SHA512 51c4031d98bfe3251a81ea9f4434ce38f077645a40d0ca413e31b6951c384a1635cb040c24ccf1baeef3d5a47d0d18d8b47fef3bcb28570d6e936fcea6f912c2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_28.dll

MD5 be19b603dfbaa829ee5b7749b3ba97db
SHA1 3d42825b3e7fe5744f67ef145ed47bb524496305
SHA256 f3e391b5f1c1f9637cabf2b812b6f5d65e4776c89d779f506f6b643cc563176d
SHA512 095e8357911c1a06000f5df291bc3cbd80aa3a9672f485fd1f2b9bdb1172d1c7235449485948bee26fcec630d6b80fc927454f9b32cb31c823494c780e0e3df6

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_29.dll

MD5 99f4fc172a5ace36cf00aa7038d23f2c
SHA1 893e05e369c2388daec359ec550fee5b9122ed40
SHA256 c5e21c18f8c79bc517da59e3192c39ea73bdcaf85867628187f6b3cca07dd21f
SHA512 a4b86d84f99c3d0c0825e3581878aaa25207765bcfbf31cb07cd6bf69a9cbbe1c3068719b212e38f741e06a89b9bc6d217077a0dec7f9efb1be75fc3c214dd52

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_0.dll

MD5 2112fe0c46662d429347a7d7b49e3ece
SHA1 8cf607547e9c5a10f129a3a8f8f32bd295c0d5b4
SHA256 cfd1c2d34feb7d94f282e97bf762a99bfa7309dc7353d96dfe4aadc187d26c67
SHA512 77f77add8411d418798d643d783752896d3fcac002f15696caeaf45b5396d2d42fe53bfb409d66ad505cdaac0ef0a20a62aa45b50aebe65237d2c44af36bbc34

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\x3daudio1_0.dll

MD5 4e961525cc7ff0e5d7da19e170b7c14c
SHA1 7e3654ef7f7c9524ff415582f1b066f29b4234c4
SHA256 228dfece2b4555a243a73e7bf461036f1e53951977625651ff5a59deaeaf4b88
SHA512 8785d0b2188f36d53c1a2b99a669d6edff1c0c27905d5bda1615a503f115d5b0762f008481145cb0cb6a2589926543b9c8ed0ecc2e328593682e39b90fca2087

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_30.dll

MD5 e415862612e65f10d7d888443ecd7594
SHA1 aa8440ec3b5bac6594fd58d97c10c2ab7d419b2d
SHA256 5edeed79f2359527a55b8189cfa8b9b121cd608d44eead905a0f3436938ad532
SHA512 f5de2f9e045c3d579d98b25fbbb7b90aa9ddcada0c6bc4e103e5257394f3cbb7c968d89db61e15b10605561cefdd63456912aa428af5a62cb769ac8c4e5eecba

C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

MD5 0c453970e89db1c1eb9de087e6eab5ba
SHA1 c4c7e034773a240909332814f499730575a1cd71
SHA256 942e98f142373547493f13b14e1603b2420851aff013d3085bada7b6b2214d9c
SHA512 ef3b2cc2598b4ea58f00f93155319674450c8c35b706108ce3bbb5c2502efa179046d9d50e12725e6dc7a555f4880404ed03de15a0753606f20a1654799886fb

C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini

MD5 89749a3b95612d22dbef28cafcdcbb83
SHA1 574592589ec8bd8528183e5a3e76ce72c0544f9f
SHA256 eec48b5255ad36ec8bf595c85fee4d124456ff0465a669ee1a15c9c70b9dcd80
SHA512 d6537f0ddff78ee65340ee5653a9f144c8922fde91c8d4f63749066dcd79befb7865474b520371af71386f5b7967e7f0c5705fa3b2946b1cac4f3b638958fdcd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.audiovideoplayback.dll

MD5 75933586afd94ea24c5acd3dbc89a272
SHA1 970fd4b49d1368330c10279798991b901a233c2a
SHA256 406f473429573e9f0084aae125ef8f19f59291aa4c33cf7d40e7d996995a3238
SHA512 c096f0f11fb306c6a84886826306fe9c2862c3c79b14a8991a174224b41c2a68b76e5be506494d23d354384c715c5d82a1cacffff9644de9d6b93e9478087a1d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.diagnostics.dll

MD5 c0843f0f45edeef233b1e581ae75e3bb
SHA1 04569c78868eaa8927ba64f93312720117152843
SHA256 8c9685959706750091b0094522cec8644de1d1c6309e7a2fe02cef130d3a2b9c
SHA512 8fc293f5c5de65893d92c54f921c84f8a3f44fc733445dda7907ee09d062371ef05c11d014ba2017fd15908b911d0185a14b89d0a311a870fa33650c3176e442

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3d.dll

MD5 7ad4d9fabd109432eed91b359ceae430
SHA1 c1dcddd86f9fc630cc0231acd7b732fd55dc5f63
SHA256 f3359d5e41b1d4fec7230579a593e40fe44f6afdfacd1e2bbe52ee06d84686fb
SHA512 bfeaba581a7aeff86bac0c184da823e4a26516a3c4f39af6b6b1bfced73117f3816c567b182f4da0df1935a6e97b6d0520cf02f518736b52fd27d37750e863fb

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.direct3dx.dll

MD5 25c76c1e29d3e8e7398f0901f558a629
SHA1 2e907c9688a025538f1b2d0cf1860a2ae49fd2e9
SHA256 2ee41d4d591a39d648e90db4d47d0fa0557fd68197756ee2ee94fcde4d820cfa
SHA512 7308fd91859d00debf446bd6b594f3ea196dbe46a3583858c76d2cbb008a8698207f1ce7746afe3de4efb9a27980f5f813c77cc88e273fa82b2695d8f3d15039

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.directdraw.dll

MD5 d9824a9dd107e598575112b4ff897292
SHA1 adcc54d159f1eeead01dbd2fbc73c808ce519920
SHA256 ff4c03bbeb292317a77c86c1c81ae9564acb984b352fbef36d66e2d8bcbd79a8
SHA512 caa1f0411e0470a315ee8c7a62defa972ff17557bcfcf74016c64ad11b0f6fa46a126131a18e275e59e025814545e1d7ffe145377f6a0bcdb8cc93471e4c9bd4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.directinput.dll

MD5 cebd995ddeab2c525a5c4e95789bc961
SHA1 1c98da39d7eea36d73b361ddb24054038c2b8331
SHA256 0ee2a2c371a918cabc85143202864d0c3a4abf1b93a5029081a622e0acf17ab7
SHA512 158b3fe6e6605eb56a99b2135df529226f9af4b001ed0c2e1fd201a60054e2201dc22245ee5a02c6e7778337f1974ee21fa088e94b13a7402e61f64658de49a1

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.directplay.dll

MD5 46f26e2bafd44960e7f13b2ef80aa0bc
SHA1 2277bc8980e0f6c3672c2348b0494f0cc0ad611a
SHA256 489f65e1e00534835486e9255eec92b83edae4dade6dff867a380859ae53006a
SHA512 5b5147940803bccd0184b46e60560f967831541e707b5ef19781103e31235f1ba05d00e44a6f2ed061ebf5dd7013d9c696131a3edaa77d3aabb85b3255ba5489

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\microsoft.directx.directsound.dll

MD5 d035348ec8968861af585b7132fe4c7b
SHA1 877ffdf77b9cdc1be14135cff0b756a231401617
SHA256 2e28c8fb8b87b5ffd1e0ea27710a2e785ef4741a89e4b3c3af726ec63d15a1fa
SHA512 94358b581510c68049ac92990674a6cb495cb8ff005f7fc03696c57ba8b4cb384c5035d9332d0ea39093ba5fa5c8082143896cd2fc7ac24a192520789c707458

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_1.dll

MD5 7c9952111f4c743b9f0d8b68b6ed93c9
SHA1 75dc863ed10e4e4a18fa06dc32789cf16c738c38
SHA256 666cef7d27a38f709063c9c581fd95e6b3fa27167bff4beff484dba2dc922a2b
SHA512 aaa3396fa9081f25b2eff6682ea26afbd297c8a61cee4540f9a947c1a96ad51f114a9985bbc69ea7d0251f6e4b1e835c92daf0f8c5fd66e477e3243ced3c9bef

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\x3daudio1_0.dll

MD5 f77d5ab654881e683cff6650916c424e
SHA1 56d8f090755f1ec60b13e748b040069ea8759b5b
SHA256 77cc09cea6de69f12106e6dd9df1c0446a525a54c3953d69d64711b9394cc38f
SHA512 dcd1273673f4088e854057e47484bb363e1e7ce094bc2c98ad7cc9112877892c1d6fd591dd9cfb325d6c451f2d03a4cdcc238af1ffb5382b7153f079cbe13abd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xinput1_1.dll

MD5 f1726346e583442541fe73429f8e9c10
SHA1 a1b7a4edd7d1164197f734218fb485165c075d0a
SHA256 69cd725c53e0302e75db20e9a3e4b33f58dceaa2e6ea4938b2733df8bc289a71
SHA512 ba17740271ea92c917db85c64d4ef63a8f2036fb1398abdcbedf9d49c09a53e34ea04e8b3f5a2ee41c2b2ecea6196ed7f9866ee48a9f3528c3b4c1f19dc167d8

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 fd1b55b856bcad2230f4338f72f9cf9f
SHA1 3d1bcaae1f2f2a759486bbf4dd543eadc7efbe91
SHA256 300ed1a4ef37c8d5f13d67a5daabd46bcdd9ad9da4fe6283f20d7d38f72caaf5
SHA512 dc73dab5f5384a01bf66197ebc9b74a24c146e8f17571c98edf1d7d1dbc33b0f4075d46150b782891397d8a4875a8cf375a111855eb689f2a8e6ed0aa3ee0091

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_2.dll

MD5 5c4d3843b491c047b7a619901fbd2ec1
SHA1 e02dd40f54e7dde0bcbd648e4fc6f723ac438bee
SHA256 4f996edb65022e33ae9c9f7acf7232c8d444f75c50c72894f6d3173b55404ebe
SHA512 474105b213bc067e0822ee22c769f0caa7a02f2d74a0422b676675fc45482db3a8a3dcb2744339a4c7fa029a2f58a2aef5db500c65cf646106d8ed096b17d062

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xinput1_2.dll

MD5 33b62be226934e1b01f5043870c70427
SHA1 ad96f837accd277da2933d07aa86ffe3ef803b5c
SHA256 9714d146a785d458f0de8fef387d82c9f8e101c02407a0cbeb06f02a69518eec
SHA512 41f859fa59145ef6cdd6cfc4a14f90bb932d2c6aa339bda1763d8e315e6a78bde561010152460e6f996c9ac9ffe6650ccdf6ded34656081a0ed9ab1270773710

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_3.dll

MD5 69d841744b2bae38fbb2d40a230a549c
SHA1 2a6429b1b1758bffe3366ab72212fb9b02152d77
SHA256 ca20cf8e4034719a46bf67c6009486c2c1cfc2da10ffed3a67dcae677b4f6793
SHA512 d5e26da74fc84da90b0f60451479524f1d03946076d009328aa7f9939456762633006d11970dc4c849101728ca32350c125005eb4e3f75114d4528cb17a35b44

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_31.dll

MD5 797e24743937d67d69f28f2cf5052ee8
SHA1 7d39afbf94675487a9ff7e41d2dbb8daedf7ad00
SHA256 e2065619fe6eb0034833b1dc0369deb4a6edc3110e38a1132eeafcf430c578a5
SHA512 8804d0d95688a932c7bf7e1a023179de8df3a5436e356b36d803cb9781f3a378adb9fe69d03b28362755b808cbeb2cc718ab920672270de0b954996996328f5e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_4.dll

MD5 6550e1a0a7be611592c31222fcb981fb
SHA1 2197a951ecac85f7144fb925f6daff9ae7811e5e
SHA256 1e0e09fc077bdeee3de065c663b83f6717d39d56778833f030955077d490d000
SHA512 4013fba5e4211e66ebd9f733ff35635cca82875d6af71dcfeb481a436efeab608fe41310bae63d55c7fdd64a5c5f64068ec1eeb997160c8ae27f21f28e2bade9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\x3daudio1_1.dll

MD5 121b131eaa369d8f58dacc5c39a77d80
SHA1 d8fe20cb6f28bc5334ae64a8df3563d1985beb9b
SHA256 ff15f14174a5543f028fa49cca745582fe4cacf3bbe490749cf43444690ab359
SHA512 ffe19ffea137603e5401f133d461b30af6fc25b3affb8a8ce20b98e3270de398b9ecc83a6cd904ff42c5885d3806c7e175957bf4a5827dc2f067756a51bc40db

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_32.dll

MD5 26af232140c88b42d92a88f2198edf6a
SHA1 b62aed3f71d8963227e5021c2222192873ce753b
SHA256 e96693794daa05a75a83c11df2e7b42f2de61567c6ad0b69e353b50f6c88119f
SHA512 54a6a235af4dc3f3c693fba5ac2d487d96c9d7a2bb7deeab35d5a252e723e597226ec84e953625c8808546f91fbcfc42add85076846a63925fd9eabc09dbf935

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10.dll

MD5 6f34f7405807dcbf0b9bf6811c94c6d9
SHA1 2de04a49825acf76a6a7aa02108337142d30b6ff
SHA256 fd2caa28493ea76021b93641958238b7a933f4f6db1a2070be03cc81d87d8307
SHA512 df623daace6702d25365697b62a4ab7d03d944306521022c6e65e94cf1970b5057da811f10e675c952d93a37abd1b862b8ce8648429780aeb99a4d55fda6aaad

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_5.dll

MD5 86c93789e9006f1ac47ed9dd47d4c8a1
SHA1 e9de46eb68271018aa31c71ef89d1ddef19edf7b
SHA256 ec68b5163cbb5f15e2fbe37fdf5fcb0d01dffbe53a460cb2cf668f31f0127ad5
SHA512 5a86661171f039946fa0568c6a9c655026c0a74c04a7789fadcb4acfd6a4faa5179d14149321920ceca9a1214910abec3e67e356898d5bdd044ffeefaeb57df3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 bce73adcf5fcfac42ce15c6691275ea8
SHA1 484355fcbc55357c2f576fbdd64d33c8ec8ffa5b
SHA256 76eed293cdcdf17942acc313366b22b55ad78ee0389989438e63ab7ae145167d
SHA512 5e53f89142918eca969e005d006f0a106862877ee6e5d317ffa1b7c017730fd1d3d98e5e75f603183d0371da39c11022cf62232a2b614a9bc5e055f52d6da65e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\x3daudio1_1.dll

MD5 489e5b8bb1bd1028ff1c798eaaec65e4
SHA1 da9c385c48a6f590347581c5c3dea67502b99837
SHA256 fac23787e7c199c1969806850b5a9652f66f6dcac86f48f6f834abc253848a55
SHA512 33e3c28d60c7063d76c6959ef18dbb0227466766c4be9ce920911e192b75c18d11943a2eb0bef2caa920a6efa29162acf9f6c9c07ed5ddf5858420b240e0c0cc

C:\Windows\DirectX.log

MD5 22e30dc008055e18925035ca30a0b052
SHA1 f8e4f2f39a9bfb86c0751b0b0ab2c5ae0decda2b
SHA256 25740d6950e0271033d7966c176114f8245e8cb455fe28a64ce6dc5d3251a9d4
SHA512 b2cef672ca89632ef4e10816b07b0c2bdf899e3b2c0f7c506d113aa336674f58d6303fb3b54ce84a599d004d4228cdd3af3ced3a9225a2fbb6f07b2f0a4c42b8

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_6.dll

MD5 39000e033d39d19ccce21aeafcce2476
SHA1 6e7823e689a9b720a049a260380805a235ddbf75
SHA256 be45aef0889b03e2243282a912f41580e8566db666a782c26a1d4d7988799d03
SHA512 65047afe28308ce69e3b410b3b52b5fa4f615c95802019cb9b78ac69694e9987076af4bddb2ed7e47b0fbe73729c91b94c525e5b7644a42658663ed044b384e6

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_33.dll

MD5 cdb1cd22baff21f48606b3c1a18b000b
SHA1 9315b5db975a34dbebdb4dcae652ba1db01c482c
SHA256 c6b7b2ad7742dde5dd8d1a35fdc1c185e586e551ad9c74d3fb21759cd8ca4da8
SHA512 c5fb24de8f1ee6fc1ed6e74580b5d22599ea4eb6c3589645fff0b15dc8dca051c4917e60fbc00ca86542dd63a8f5e40da92ea77e24826c0c6bdba9b58c36d4db

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_33.dll

MD5 37a8171accf46a9c196054066c28827f
SHA1 886264510372602c2ee0193c5a185d719a61316a
SHA256 b04e2b089656eae01a0071359f9d7fb040dea804c1b9d2379431864174259c2d
SHA512 713b843a35dcfc32caa67c52ce0a32af6f54dfc4c11615d32613017aeeb257fb3f9168443a4288c71209e5d40f2e1b281febcbae6da076d2b57cf01aa3cd78b2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dcompiler_33.dll

MD5 fae7e1d578c42a7c3d9d61a99d178bd5
SHA1 8ac88ff2bc5f616ed284a04ddcbaeb72fb1f304a
SHA256 12e238af4b4edc1f774213709a87a91b77b2c9d2d18fe475b027872923b6fa17
SHA512 75107c64acfb6d84e1b05ba78377dc4699ba83b694b7ace474665c85f3e5843db6d06348fefed539c6c2b233775c7ef81d7bfd81937207e04e637043633cd0b9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_7.dll

MD5 7febb8ce2233cbae738b16d42ed29674
SHA1 fdc5682d6aa0ec57b8f3c742fe736d74b3c649cb
SHA256 a43c92af3fbe91dfe2a1d415342631fe64e18c7dd3e16e93b6c78947b68e7bd6
SHA512 73a3c07b13b31d2df1cece720a0268cfdb7ae2a066b9e613f7c4ff0fc37b94bd4f32207149d56e1bcaa5656fd4501b1d136d94e18e97c07a8e793906dbc7927e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 45d4dac07aa361bcd77aa815d1724a16
SHA1 3bbdf7da5d51211ae269572961b5ebf508ada28d
SHA256 34ab99536ea59ad60ba6efda3ea6d18291ef096a0bab3664248d6045805da0ec
SHA512 d940002a8e0112a3b56a909008403b447e9cbb80e38b9bbd508f40aa68224f7e5d9681e1039e747ae939e0829a25be2319b9f9d0862cebb042e4c525ccbc20be

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_34.dll

MD5 1ca939918ed1b930059b3a882de6f648
SHA1 0c388397620ce0edbb362bb3ab2d4a9f31a56b6d
SHA256 b6f77f06518d35345fb61172b6a13159125ed60c469d28b1a2e07970e9ddf81d
SHA512 d1e09da8551e588b8d5d5837a79da9ae4ddd6a372457d3c341e68e3da07c0c1e84decadea9534cc87ef9ef38c094171004f836e6f74831fd6531ce72aaefeb5e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_34.dll

MD5 5aa9987f2e62b56d7661b6901901f927
SHA1 2cd4e3e70c3b37da134ecfeeedd377d1726d9759
SHA256 330e120d745e1132252df81800362a7ae0b61a9060afc800165ba8a1d55d3fb3
SHA512 af9e39f368b47b1500e5d68a6f234361fdfc29ea31c32f614c5887f124d6097be0b2d8f37287d0cd0b094d3a12e3f5881ea822542a1c85f10566604fd6228988

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dcompiler_34.dll

MD5 75f206c195bbaca6ef28565b1c0cd75c
SHA1 4687454c58f64f2154f0e99bf5a323f73ca1790c
SHA256 5044a5810fd931339933a8d0c56115a5a5c27d8c0d8e348977e2724a032accf0
SHA512 84c0a8fd3e4293d85e919940f6f24d88fc6fd68f39cffefc34014656fee54256ce581ba408eebf5bf9dac3da9de19f2bf8403521c55881d3877dd64a8e50120f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_8.dll

MD5 499210c45afeaadee8cf4dcf7d5e570b
SHA1 de5ca60de47c8f54d531b88ea80d9a24a8e87a98
SHA256 15d82e89bea30bf82de6ba0cfbe97eeaf05d1e06bc0133f0d1ee8d0cc41f51f6
SHA512 f76f69bc3b6cb4f92e675eeedbd10a80f0b970d75ea04392484d477a4d02dec670cdadcb90be9eb215c4ad48a90d28347c9104f0835e93b5a9803fd62670536e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\x3daudio1_2.dll

MD5 9e4efe7cc29ece294f3506fe0d8090bd
SHA1 b5d0e9cf45ac3b05fe21aed3ba41dd94b1ad1fa7
SHA256 7c06bb70d12cf78de9c6a12a53c95f9dba41c140a48bccd500483e5b87795a8c
SHA512 998d3034cf21bb9aafe0821a96c64ab0c38f770cf9c6a6820a2292b569510dbcd0e71ce56dae813614d9a148c146e095245e963905e71679c3cfca1ad98f5e16

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 98b1369d38333fe9143259687edfb25d
SHA1 3536573ce844dc1441b91e1124b6689b93add430
SHA256 d4e57566914f1d36f4ebfb6e164ce2170f1d5e6392189d0ad6de3ef3b0a9aad3
SHA512 3544088b8436ae6e48d22a7638d59f3c14fb914caeba17a87d1af469b82f818a1a71c5faacd52f69b5bff190b44fd91f893d07b7e05c2e9a9dd363bd75722057

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_35.dll

MD5 3ef18b78d17c962f2b71ac1cb7757684
SHA1 2380329c17c7a530075c7572d17592bb3a00c4c2
SHA256 2198022938156b790e9cfb0f7997494b66a11a1ad49b395be58251d635b66b26
SHA512 93e9bff79630ee5897bfb3bc496f778aba160312edcff9f0b8cdb8e8af3d5c7b73a8d95d54ab26cc638a2ff7cfa27153629f9fa8a4a687ae3c83e1178471e720

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_35.dll

MD5 f3764552e45880dc49b82f38699aa87c
SHA1 25e347799bb3f36bdee30aa78cd9e59c7faa5add
SHA256 db775655fd923e29509402556f86002dd9aea062cdcdba7073e1057a67b5ce50
SHA512 7e52bbfb4f309b9f5a9632efd3dc28a0509b7d5edf471267f7e794ce8479dd8cefcb29535327a7384bcc25b5331ff87c223fb70fbb5da22fea3c919ba4c5444a

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dcompiler_35.dll

MD5 5b441670a4f5f8bcce76741902b8af56
SHA1 b98df0c54483664ecdc92eccdcdee09d082972d8
SHA256 5a866cdf74f981e783624dafb0e72f133ad9f9b293856d7a18c7558fa357beb1
SHA512 0243deac1124425b65cfbc7d6465bfb09a4849e6c5be3645b808cd3fa487c3044c5b45e9943ee31542a7a47803c02f0b92c05c1e4bee18cf6076641e1c0794f6

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_9.dll

MD5 46ee68f04a75a1ccf40235ea6f1cba05
SHA1 43a30e195b8d894c69bd857ee377ce7fa6170fa0
SHA256 93a0d8fc38e4e9a301d9e721afbeedc5af40becc0b11a6e7e8e38f08f366ff6e
SHA512 16e4c624e4e74d8c1fd7652ae745a87de3698567faf0cf03651ad87f1f730405fc0d2eca68e4b0ff3c5c526c254aac232f9bd359ddb6563313a8f02db3603fa9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\x3daudio1_2.dll

MD5 ac49e8536bf510251611a77e2a6cb8dc
SHA1 8b1f64007fa777fa2aca1e456735ab872cbabeb9
SHA256 1ae37d90d39c36c142a51ab9fef7230788ff95080f2bc47734737bf82d3c2c9b
SHA512 2c33ba362315ab102e4898ae92f7bc71e7c0c7fda8cd79f896cfe76e5a2a4129bf6a1e48d75b82ed7d915c0ced819e81c0f89640677b6bfa388962ce19bde2a7

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 ffc75edfaca60d28b6e6c1da8488f0bd
SHA1 358ae6e2680666b994e721db5fac0105a86a9c6f
SHA256 fbe2e9cf7e400537a4871218113df178f70501ffeea59a8f0f721927124d6d46
SHA512 dadf216d9e92b349179b27cf436483dd5a52bfdc1db659f3d99b6d1bcc5f1fdf3b0fa4bc8bd08f89439ca1f07f5dc66625043f8065c0cc75e8b3627e59eb8d0d

C:\Windows\Temp\OLD44A2.tmp

MD5 87d52a3ce4936f6c93ac092c3cc2780a
SHA1 3be34b222d022cd4dbe28f0668c14af716f1025e
SHA256 9566e346fbf72928e9b48b3408c8336a9e77b331bbc729e8ced9f0670c51c699
SHA512 d7809bf29599e86a5c164d6cdf83e9b8a29ae08972c998bed5bb8a93a11742a5905867d2bc7118498985c4f1f4e6223cb0659e8d9784a2ec05b12bebf339983e

C:\Windows\System32\x3daudio1_2.dll

MD5 9355a1169ac104a3670c2a77d060ff60
SHA1 6935990e213c432e4fe3cd667148d95c0a33bd02
SHA256 b822d7de1253c52676f4e20f9c715e92759b43b69978dfef2527b6101e420ee6
SHA512 9897bf3ab16e869b47840b72e0d8166e0f6cfebe0b3254e278d7cb046a5d50fdd2d8624da788b9afbcf58fc95024ccd2e5b9b010de074e8d9500669f349061af

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_36.dll

MD5 44bfec5c9c82a2ee9871d88fd3b9a0e2
SHA1 e2aeb78330d0815cffedfe88438a71024577d4b6
SHA256 c12f0ab0338eb5031d3d04beaf7208ac848f7e037d21ff963d2af90221cbe935
SHA512 35c42ce3afeeb3710d3d96d2cf9ffa2828fe17f8d749fd149e3797e87e154508c77f637de0e424d38bb3fa56bca959cf9da7787323950ec8261b144c09ae306d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_36.dll

MD5 d9158e78a368b08d9133043eb3058c12
SHA1 d71d6f103bf7433f442f55c355dc74fd4b8a736c
SHA256 aee0248f18dfef8194451a22c69adda1cca38c03ae9aa776114da9d8851d4c38
SHA512 8bcf2da86f708ae84141089f80131244d957e64c6fed0fc39dc688201659cffa7005bfd4cbbb315ee0a60c61e38ead3b4e4fcb3d2f0ecd0386a6fbe486d82bd9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dcompiler_36.dll

MD5 fb4299688a0d3a37687c015ac2b9922d
SHA1 a4898d246afbb0ed399e77fa5ff29c99caf912a0
SHA256 f15efcab1780fe7d784a3cd3798f147fa249e81b7ef9a494b85dc7fdab084734
SHA512 664b139754d587dc32820354c1333fe6a5528b07b8bbfaf27374a5da7e86a4c3e7904250976ef3cf8620fd0568c34fa75704a8b1585c382b99d4ee46518617ae

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\x3daudio1_2.dll

MD5 f6a9fc2ad2f9111372b5ab3bba3707ec
SHA1 bc7afb780d42a332497139b5236b809433d86009
SHA256 4c448c7f77e3b4385d2cd35d0c470589cdf0524e532f9cf7ae084a8f88aa949a
SHA512 6cb44bb174ef28cee3e3a6ac51897b5cceb3f2d06d08c556cf6476a285de3e3b03a624ca92fc11b95f29694629457fa39747e3041736f9b76e84f19a052ecba6

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 c92c92060d535cc9800b6ce231276852
SHA1 79281861482c717e61fe9bae300e0fba310485fb
SHA256 e0838d8d562ed4683bc06ecdbc46fe19dcddf711a0c7909dabf62da572035dcf
SHA512 7c8893c92c005c7c21f829912da4b9e5a843e842826d5e362a9828710486240aa109f26e38a84cfc03617f4abaeda25f0ce215b8f6a1f9a65c58ef5606814d13

C:\Windows\System32\SET46D4.tmp

MD5 bc78d5328541410510dde06b9fa92024
SHA1 f6123294896cc3c3d3cf5a9e0e03319f58da7cf3
SHA256 7a34a7a8af47c6b2cf890ecb56bad2454ba5eb1ef2df6fad9ee53c4770e941cc
SHA512 5284d695216aa4f70abafdea130326d8ee3c6d9a9858dfa3f5b184c6b8b185adebcbc92adb8a7530f9127ae1de30561986bf9c85bfb8b474a9812151a7843c59

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine2_10.dll

MD5 73e055af78a64f9b2779d44407ca2ab6
SHA1 d771ef11d22a79dba7deccb9b3efedcbe74532d9
SHA256 113640ae8cf78caa7cface2f906f9e6b60809906f5c26e08b2e90fc48430f3b7
SHA512 a8d979297ecce24a29459e7ff814e53c649a6c969869279dbf0f29edea4d73883441519a27e5e46bb1e4b5b942cb26907cea9a488de0067e589632687b25b5be

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_37.dll

MD5 ac3c517fb0fbbe45fe44007bcd3625a7
SHA1 eabe1601d0132882c7226a4ed04fbbdd5e8f0db0
SHA256 c2ccb84c672a9d8966e82a28005a4269886ee304972ac3590c0b8a9c1622a3d8
SHA512 89b44142355c494f2a21276d0629f3536adc0dd7cec101a1f2816031afcc8a96f94663ad46744c772d6b63d172ea62e9b957d6292e4a6184f958576f62b05836

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_37.dll

MD5 4a43e9a2b17e4cafa9cb5fec0b5b686b
SHA1 9e28d3d197958e65ab8dcaac91fa55cd1991c3f5
SHA256 61aaf973712f848b24c3e769e3252248ece96db63f206de0ca7ff43d9ed87a51
SHA512 8411bbd130427b690332d222233465bf79426670f565ac3b01a71929dadcfdd18002c54d60981dc1f202e6625f99ab73451805d64518fad9b5a9793407df2d71

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\D3DCompiler_37.dll

MD5 ea752dbce35045d3c830dc16578cc8ab
SHA1 0a9bdf391ccdd113fde4d10f0afc80d54df01259
SHA256 715876d15b590936e4d32602a764d810650eec134922b32eea742e2fa71791c1
SHA512 3cf5e79062203d39fdb74e789e22405b93de126deda3d698963682d51f264cafe9a91d433312bb7976fa9b50a4798060fcb97b6de7f0dd422eecac2a922e31dd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\X3DAudio1_3.dll

MD5 c593fd0a96ee4b6390b653c4c641313f
SHA1 60d71ca2eed9ff8afa5561cf1dccca03607134b0
SHA256 74ec3e6b253af1b68252e62a5c08479453b3341d49c606adcf36913fe9ed9717
SHA512 1bb328d1a68dd7b7657d033bc2bcb8e2c096bc591e435b5691a4ad4f0f49cfad70d4e48af48d10eaf4ad13d479a3f4fef66b09a0852f8c61ff33937c7ea22190

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 edbb7730845fe5ed4717b06f84c1cb2b
SHA1 d9bc196e34d69ca0ec91a5a835b444ac3e8aea42
SHA256 de817d92db706f329d50567221c42110ae781d679ef853cc684aec779ab51ccf
SHA512 cb7c5db143087a470d7ca7f5d4200ae62513ffc27b864528d851c310d0f6f68d55b6fa45b7d3e0b81043ada5f7f6468447e9a877b6c6e06099c38690a6c07d10

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_0.dll

MD5 8a83673f0ab001870583fde2b004fa59
SHA1 be8d312b359a9b8f9f184d78c93c762cbc46e321
SHA256 887329745c479ce8d3023c969adf66780dd7e51ab536f0a08550ba4c77066c20
SHA512 583c73590d4b90576955783e24149125615b135f5bf5a815674e2546b93a8f89f6c3a286df09257e547bcfa8c0bc399abba59fb64158b411a83f28a4a4feabca

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_0.dll

MD5 418cdc57e55ee79c3f86c13a19b3d5e3
SHA1 cac2b8396b1c82a6f7ee2a3e3ec3d2e4c2f869fe
SHA256 e435b73193bdf651f7ae564eba05266595ac672db45e0e22dce92d0bcb3c6513
SHA512 1ba5a49d9102911d13d86ac4f0e4ecb44069c93a58e2e3225d9464755c14f8d57f230eb32049c2747385f7cbaa9c0da0f6001f27b685eebfcd94f3f5b8fa3250

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_38.dll

MD5 8f3eb548ac4ed90252394f60c77e3196
SHA1 e40bb2e3c99c55f2df9def2765bb014e01389622
SHA256 743e77a228e7d75442263ad70051e44534f7972c6326fd34b505a9c2c245894b
SHA512 bad441c93d37269a9d49edc39ded933e43baf2a563c425ea2db222a9859ecd1f076c2255c077a5afd07922b50adfda2bbb731ff6f292623b353a3dfbde4ce4e5

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_38.dll

MD5 a2650b27472c21cdd817eeede65648e1
SHA1 c0e5f70386bb229e289a476f2a95965699ba53fd
SHA256 bf463b7ee2235f351309b5fd790f514acf2b55a4a1f90222f7479024cc28fc34
SHA512 85320f262c10d80e889258a8584648dc20283d1af0467924e8745555c94a8fc056ac609b31d36a898829ad418c9df06047ecfcc644693bd136ccb50ecbd6fe91

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\D3DCompiler_38.dll

MD5 103cbfc5591008ad33046e20e8e1eebe
SHA1 4a8bd29d7cbe5652ba58cd6754318a03497d841a
SHA256 ddcaadbdd47bcba02c8d1880d456acc20732d21554977338ae507987ed04046e
SHA512 ddab1a2ab33b224ac3f9ed396415bbbdf96bd59bc6794fe26796ee87691154d5e1ca2abf8bb85e7a9fb6793446bf17f6f6f53b74e69443270f50ce0b85e06b6f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\X3DAudio1_4.dll

MD5 e3832514bd21236067b7227f6165ef95
SHA1 bdde126bfa7e3133f33e3d3e7b4618422c61acac
SHA256 799b38139523a3b30d26e21798ee705375c61eed8ae2434fddb52fde51f4bb78
SHA512 e60bb2b8cea5864f3311dbc0ad8f7813764bd55153bc0554e2842b6973fe24a1ce9e4381fc6fb05792d97799fb247d591e15b7dc41eec2bf563bd4f7ca797d85

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 6f05a242d0253e19d67978780bc06528
SHA1 ed8c623b0e462e92185d498552a11be01723861f
SHA256 ea31341129f7558d34fc2fcae9e715343aaadfc57f06a33a6da18448bd71b77d
SHA512 2bafde8afa6918956f745b34397a4f6ac479d3696a363184ea75cb9e05c5d83796527ea6cf343004544173e5370bca0258d5636e3cc5cec16701d68d82cd97f3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_1.dll

MD5 2e0e25252e1d41752876e9fe12ade175
SHA1 d9de3a83235166a4bbc4bc356419c07aaf3e3f8c
SHA256 088999560171c60129c95f9b541852392602561dce43e4c61a453d48065f52ca
SHA512 a4555cbbde372893c564e1fcd707525c92fbcfb6915354b0062474cc47fe36ef66a3af212c08da117f2f2121698e556633f8c399199344354ce0d4cea4d0a2ca

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_1.dll

MD5 e34ff0115b1ee3b4e03d22ae9840ee03
SHA1 746e6e84ff7f630643ff9381b9dff1f40a49ca16
SHA256 32a7c6a4edef46f025a4a5c64b892e29baaae948e86d9ed49e82014eec1441de
SHA512 7448bb3ebb8815e13e14514c8580dfb7f6de1a96c90f6611f6766dfb48ae7bc4a06efdc493060c054f222e7d9b308e062e1cabb19a60f50ff9e20f06905df58d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAPOFX1_0.dll

MD5 dd165760f1b95200a3da2d9dfdb84234
SHA1 0724300a1cbaa32e03a234cf6080a67967c335d3
SHA256 8b396d275de2550af8ada6a1ff71f0f4870b51c8407e44044c2dde7ad6b754cc
SHA512 eb130afda1481dd0e27a19330a8be8045b3172e46edcc5a0cb089e191fe415c41cfbdf3af8f084a6ff58f89cf8d7d4d0879a3bae8f93a52ffc84da2d4fec5ccc

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_39.dll

MD5 8cb3defb8887c4f0846db1fc1304d6d2
SHA1 5fbe058848db16117ce7cfdabea1f178ba229a6b
SHA256 5d29988cad858f754ecc62c3d30de555f82cc21b5b26c448b890295e9b7bee82
SHA512 4cb675b179d05ead18d2e42329e0d10cd1d520cf9c8c0681b89aca79ac9c814e82941b0086135bd57721b66b55b6feae00bd29af804f59a486e935fda413fc43

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_39.dll

MD5 e6c2f1d8b667ddc04cb55b9f0159ef97
SHA1 9dc5c2d54397aeb56deafb63ee34b641f7030ee7
SHA256 613afdb8b44bb3bed945279229d9604a3cd553f8c2b9b091235cbab8cd00de61
SHA512 5cc39f19b6de99bad0be00fcbde9d498e23f29303c6ed4ba79c2b2bc63f259f9b617ecf6ac67beee8a71c03a0e80c29412e0159a5014a43a6168c37835bb0e00

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\D3DCompiler_39.dll

MD5 c4f1972497fe2ceb7d900938c97fcf91
SHA1 27c1886e7823813ac61c35ea0cd5b72ea0ea7dbc
SHA256 b99b655abc4ec45851cc2acdb7a348e739687200a4fe3be9c35d6738dd61112f
SHA512 8d35dd4000e1d632d0924b594d6ef13454159f8c3b85636f180486ff794b76f8a84d7977e340ef08217f0f68747b593eae0b44824a20c12494007f4a40cc3d00

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_2.dll

MD5 f3c6be26949caadb11dbf0086082fac9
SHA1 6b7a2475aacaf63f30964e9958713bec331c82ba
SHA256 e6a34c1f068f89d6515cb460eed3b4dbb53522c5579e6c75741482f0d40d9f99
SHA512 167afd32d847088d4973437f8b89badce194211f8fb1a14cf30df11848e4d4dd8d5243765edb1ed09df0f9b674cd7de764f1dae9fcac91f0ec98ecd259181d3b

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_2.dll

MD5 50f4a0d5e6a0bafefa78f353533b8e06
SHA1 d370434eea3a557ed77b2363dfac720a5ed98666
SHA256 9c7897b4ee1bcd190b1c0b7b77e64ee731d234764683a1e2286af70d86b62753
SHA512 7686b893996b76a25ca7da971ca3a10400dcc682a05e8317a9d159a9317537de0bc20dfdef643e85e6ee548d7893138497fc156f77534124a8eb3e3ce47f0cb0

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAPOFX1_1.dll

MD5 d95eaabf5d277ef91d9ca70151209e56
SHA1 3d47ebbd6236045309d2222a696b7141c0957379
SHA256 5ab63c0f040fdf65e681eba4daa55ed83e89ea10c426dc2fc763da0fc94f3ace
SHA512 6d2e73468485fee2b4007f1fdf16381cdd6c77edbe5530f63cbf8696646b14d06100fdf54a48547f29ea5775f29226b16808a5a1bd4c0778413855f80e5b8259

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\X3DAudio1_5.dll

MD5 350fefe18b86bd4d9ab2a96d00215a49
SHA1 be4ddfa0edc3a463471fc170e9706abac0a672fc
SHA256 315944bb2a1959c8a4bd2677ed415363e1611c7351ce55319dc98fd2aac83f87
SHA512 490bdd66920e36aaba2a4d12bfe4aacbead7403b1a623bead0d9ab5f68d80f46fa530c5f7de9e747eb8acbfbec8c635aea32655dddcb6a9d8e006339e1e8857f

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_3.dll

MD5 8ba296419af3417d1e9806b83166e472
SHA1 a2a8a64aedcbda68149a2726b094f1710cba71d1
SHA256 ef052bc9b7fde596fff3ea2d9c8fc994f3282953dead1b7f5477e7154af67245
SHA512 877e89553cbfb6afc6dfb22a590a468f035dccffecf842cb26010d5e62e33fe10e477d5cb157d321de3ecc59112ba616b80e767028eedeb4e70a591f1b81b902

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_3.dll

MD5 47ed15dc87ae334c13c4dacd1be2cced
SHA1 54f94839c4e4d798a1f4f1fb6ee240957a738cb0
SHA256 04dec9d7c68962e01efec0aac0ef7a3499bc4c16e8a41bd61fe6641da48d7dcc
SHA512 da0707a153172c48036d885404035829ea251b7df5a9246fc05dd164ceae9604cb0cc931b85d77151bc613cd5e7e4d0430a4fd92697c8bbc8faf5fcfd1c140c4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAPOFX1_2.dll

MD5 295e47a75f278580f9441041eaaea3d2
SHA1 0716ca729ca3d84e9dfb4bd97c1e12466cc68625
SHA256 d1a55061bcb42f69b7cf35e2985d48e30c7a90f0bc668e90390f465b36bd0161
SHA512 a3cee1d45759fe3323fe8c3c49600856a86b61b3174c4d9c71e58a95db4848683c71605f5bd8c04bec591da02d96b79c68c1135410930ca63d17f7a929f2dc4c

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 44442b56a318475a3e7acb055ca79d29
SHA1 9ffe16ecdacd79269344643ca160d940e88e7292
SHA256 4c8befaece0c58eb75c38e2347db04557c1bd2a4a269282c3769d6bcccf50395
SHA512 d64ab17f7e1baaeb5aafa4e7eb100257d7a29b1f5caed394b2d3b656c4c9ae56a0f9b952f60573e3ebffa090740f95b0f173eaf2642d6245eb8c2bc6c619b096

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_40.dll

MD5 eea5e428ce63804f9b12d21c97b5968f
SHA1 77a7f48f4bdb7e66ed5e524bb8879e3da0d6cd1d
SHA256 16fd909aeb68d0d1aca8529dc7f78880b97d6649d70ce8d03a2c858bc28e216b
SHA512 545518dabd82441ddfc17fe1c1cbd7d14603bb58130de1307a31f73b93ca42afdf25dfcf481f0383c4e039edfe4a88ae7b84b06a2850c29bbc3550114e499c73

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_40.dll

MD5 91b4aad4412bb223b466f3dfb43e86da
SHA1 850aeb2b3ca15158be00faa5c161312cf4a876f0
SHA256 c05787cbf3aa4527baae96a425ceac910090ef48809990a450c33f3cda0e4767
SHA512 413f68d1ad36aa51389da62eb2fe89969e4460ab166ce44943e382fd2d1cad0953979eebb20af58dd51def3fefa1100ea9fe95c05714c36d5322e281cea1a1a2

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\D3DCompiler_40.dll

MD5 3384134eeb8f223178c2eb8323003ec0
SHA1 c8eaef8cbc91f4386e42904dee70abb6ab7304f2
SHA256 f0a6f156d13150de6ebb094233e5ff78581fbdb77bd0ff8d083698c42bc8e13b
SHA512 dafcf4c116d994c17d47d36b1dbc2ba8ca61cadeefa5d770adc391713d2c13ed2b6eb8d2464f4811cb472c8e1eef384ba21d7ad8203ba4e9ef07f33781feaaf9

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\X3DAudio1_6.dll

MD5 e763798cad2a90b6ab61854f50cd47dd
SHA1 419f2c98d2a3f419db1b1e9b5f4f7c3b9b636c1d
SHA256 574d14ab9a641c6cbadd78f2cd6c088b64b59c3646057952e63cad7d2778e1c3
SHA512 b455b0078786b7ff8362f7404095037a5332603383707a6dd493f381eae3e28135696fb4863e1915ea01c0f12ce10d021a18ab91cbab06b4d20142e0b38833fd

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_4.dll

MD5 686f8d1b4926d48227a06acd4d41cd1e
SHA1 324fd1d21a42f0c30bb071beb2cd5db9abbf3138
SHA256 d3bad7995b998f2c95dbb33020a198ef5a248825321032f051619f353d46182b
SHA512 6ed69ab933492870b7fbf4e178999b835846075fe103e65f9a0f9b1ad8d47c9277f31a7a0fb53f3620b591b103b02bfa8efec530d7372680f585b82e128edcc4

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_4.dll

MD5 e684c5fa18adf9ea14737757413bf727
SHA1 1dd454144e8c0f3aaf24db0b77f03737914d9a72
SHA256 bcde4317debd0052b1436a6fda60e1dcb1e308979498117fa0cb50061f38101c
SHA512 9686f92745a30fd9e442ff6a24dd89410aa483ccd46edbefce0fe378645292255a323e1aae146180e8a4ecd15765a996df959a302d5cdbc6dfa4c5fcb8252e4d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAPOFX1_3.dll

MD5 c4479a4547390e3c5ef28d453abde4f5
SHA1 9b3af3d2ffcf52cc6628cb486372be2870771637
SHA256 c6956ac2ee59f71e86784138b5443de6970a1274ac161945b8a44dc1d535db84
SHA512 94a55bbff8a285d6b91ae72b70664b2c1a067890db175e20265be2d57a4b29deec52f08f0aba8ae07ed30dfcf96889ab835b971d2bf567758d3f7b881a7e5324

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 d001b26aaa9bec255c0b697732e571da
SHA1 adce71afb93cf04a86c1b9d2f80144ca35742d2a
SHA256 1707a6644d66406a9ac149b8fc959d964dce5c028ca3e1d0d5052e70f80515e2
SHA512 af39d48e90cd2cd575a8d039642985e25ead1fa51528a082d91c9bcaf9d1ec97afd0f66c0bebb53043221ef13dda69000ebbdaea87605efbe873f471e16a6f90

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_41.dll

MD5 3fa06cf5079b84155d18b05c08f7131b
SHA1 fafe52876151a08f39dbb6b4aa137dd85558ba5f
SHA256 6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6
SHA512 24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_41.dll

MD5 1aa571774936717ee776dbed51e9edf4
SHA1 98eac7257ab3350504c0a70342b6b24658411f55
SHA256 9f4c15e1f68795727eded4737acc5a1aa85f896cd9e6924fddc9128b48f1bbd6
SHA512 bb47d95d594b249608e323c8ff383c0655a56e9192e1a2f3157e9c18dc7b9baabcf8e6b09d30fef570e0718edf673c56a23df5b5d5c6ec3242ad3d887669127d

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\D3DCompiler_41.dll

MD5 781e8b5b6fdb3c9b4e4a4a9fb019960d
SHA1 292b9f02bc2377c6f89b505554394ace161c68c0
SHA256 69ddadf8f5be24f10382706480b55e2492008d102001779f976608e880c65aab
SHA512 718955c983708f3ce5b6796de28658603bb61270ca6f1b3ee01d73ca9a789db326a7998df38cbd6330e69bfe3d9504b0fd351fb7bb18566be6af03fa36b7573a

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_42.dll

MD5 c6a44fc3cf2f5801561804272217b14d
SHA1 a173e7007e0f522d47eb97068df0ca43563b22bc
SHA256 f8b9cfab7fffbc8f98e41aa439d72921dc180634a1febca2a9d41a0df35d3472
SHA512 2371844bc86cdce2d1933625b921b982c4d1b84a39698b51180b09a2d45732407d721fa01d294ca92a88777607a1bb00283f6bcdd4231137a388216d0b09dd5a

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_42.dll

MD5 501ac862517c5445742bee8a2b88414e
SHA1 49f3f2df66d357aa84a5e7a0eb368ea595b7d95a
SHA256 46429c4affe041b08a7acfda0e9162ba42de966acb2cbcaf09ef976232073b51
SHA512 08dc13d5ad0a0d2aaca9d3dbfb53304216111da73bf48810df2982650d580757c10c8b9bf80ae5191e06ebaa44b2bf9c244ae141308748c3e7fb9ef6088900ad

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx11_42.dll

MD5 d09ac80a4b5312239852836c84df3392
SHA1 ba838d90a1e74d6b9a57abfc9729dd3b2e7fb192
SHA256 8c8fa8dce19e2f43e82cecd73a268e831a5ce0a16023845f7fa7fcb597772e85
SHA512 69232a47c80f01433716f3a9202af25e1b9a298a2b7b7d23b959e59d9c4ebf329cbe9a9a5bde41c06e978fda062225447114f9ae736920e7bbce8587a9390613

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 7d8f5afb77c3ada97a83f3fc253d6392
SHA1 e5424d020c6de84ccf72253834c545024161f682
SHA256 3a07c2436d3fd2473e15518a53262d4f0fb7f2a05589437cc5668f929063e782
SHA512 52f4bd961febfe6f691d7dd1e826f689319656393756e0c5c9e3d9729ad47e072071b204f63a3b37b67204fcdffd4539db08cbf190605dd9652ace51627e8845

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dcsx_42.dll

MD5 b337306dfb508a1bcef1974bfbb8d924
SHA1 203c32d73f99e1097bc306c9225307a18c617f4d
SHA256 e462eb3d41db54988ce3be46ced60b0073f8d939a9946cda67fb1df3c8afe0a1
SHA512 5c7a101e403aa2eab57e2972427a67ae6cd1598a35f983af784ca3a7446f7c60ad3cff7e52510f14647645a49c387020a06242663433db89e6454188b93813e0

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\D3DCompiler_42.dll

MD5 b33b21db610116262d906305ce65c354
SHA1 38eef8d8917351ee9bdff2cc4fbfaefaa16b8231
SHA256 6c976311406c23aa71018d274da0ecdef43b6e3a3b0b01e941a5e8e4e974386c
SHA512 7049726ccbba90d06b3a56e1dbde8196935d4681b5548248cd3e6a8e38183c268152ba2b07eb90823bbe327c02ec946c59abe3562b59e29d9bcff8fe90e0adcc

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_5.dll

MD5 db3c93e87452b8dab4f58ed1fd2b1998
SHA1 fbcc3c80c74e98e8554260b8a08e14dd1670075a
SHA256 1d37ab9b90372eaaafb5055401449dc3184428fed559baaf36fbcccd2479611a
SHA512 af693d7d326dd7874e0eba5b4163c21aad86270f8e54058c637f1cd200e45eafb75f79a2d579c477c06082ace44f3318bcef71698089808690ff88443ddf348b

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_5.dll

MD5 8b01fb723f3b30ab3debddbf97cfe577
SHA1 e379c3b7d0a66da06b6a381deea19bc541ee0689
SHA256 c596de2ab8394fb62538fef0b4657317f4ead50a6d798c5d066e25e334576c27
SHA512 ba8c5bf7eb657bce6e2c937e082b97bd6169d1cf3daa5800e5112d62596bdea47e5c1f23146f3f696cd68e8def4df92e3fb24a9aa8b9a08320738b66fa6dfe2e

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAPOFX1_3.dll

MD5 30686ece80545e06d78d156eb9f7d463
SHA1 b257ba4ffad8003fb7d12e9babd3cf4e88bd52f9
SHA256 b05ad9417028b9777f69422caa01ae9fd22c7bfe542bc6e7de2649e28a4ea643
SHA512 ca03bb01d8e2608517462597076bfa96f4b2595c33b2635d80e4348ac3926e17c93e5db30d7e43c30277cf8ac07f982a0c729f83a00df8965993d4f0758eca13

C:\Windows\Temp\OLD5BE3.tmp

MD5 db6c0400a5e2e4f68c7eb75912443296
SHA1 f8c937c62774502960df9321ad1f1d7d0999cddd
SHA256 5f03017d3b51c1dc413952d21bf35ac660693c6f7539e8f8930ddd41d197a495
SHA512 2f950f06ac7806eb1e5e2d0de9b91efe938b0e7cdb85c5838de1bb98ca693be2046c94f7824b084b4bd31e956bd9ba90f891145fcb26cbf47911c925fd07f3db

C:\Windows\System32\XAPOFX1_3.dll

MD5 37b348a79c4c9b8ab925b18ffd241e96
SHA1 a0b030e5652eafca2cc5d741dbbaac203781ed1d
SHA256 787e10d48d90db50dc155fca53fe8c5c1a383ca24d468733d4b8fe3acf2d0a34
SHA512 20ad359ed0a1fbfacbbba2749eaac9be4e9f416e24cb7ac9dda55c6d2d372fd290781607e5f806b4da3a9d01abef58b979153bc144a8cc8c6d7115166178fe85

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_6.dll

MD5 f81c4678a55ffee585ac75825faf5582
SHA1 8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc
SHA256 8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f
SHA512 8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_6.dll

MD5 4976243bd70fae3d1d24e49739ab2710
SHA1 6ef27b10bcf4e697fe77c3e964b326be11e4444f
SHA256 61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7
SHA512 af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAPOFX1_4.dll

MD5 e4ce2af32f501a7f7dddd908704a0ee6
SHA1 9dc2976efb15b6fba08bebdeb98929b6961063a5
SHA256 0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06
SHA512 ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 730e5493910e5693499485e352381c6a
SHA1 2871488c24d069e677868e0a590e7e74f1f19b12
SHA256 d808bb408a4bd695a9793e70b1c61637e008ac11174dbe1373481e2bdb0c9299
SHA512 62fb2a2ddfd62d48ca8a709426c07e1cda0e66df5b977c3bfdc3b191d15c3a139a5c6180ed7a66b2418a5436273d713f2af1cb21f7dc77df78e0743d6a18e176

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx9_43.dll

MD5 86e39e9161c3d930d93822f1563c280d
SHA1 f5944df4142983714a6d9955e6e393d9876c1e11
SHA256 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
SHA512 0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx10_43.dll

MD5 20c835843fcec4dedfcd7bffa3b91641
SHA1 5dd1d5b42a0b58d708d112694394a9a23691c283
SHA256 56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf
SHA512 561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dx11_43.dll

MD5 8e0bb968ff41d80e5f2c747c04db79ae
SHA1 69b332d78020177a9b3f60cb672ec47578003c0d
SHA256 492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d
SHA512 7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\infinst.exe

MD5 a7ba8b723b327985ded1152113970819
SHA1 50be557a29f3d2d7300b71ab0ed4831669edd848
SHA256 8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff
SHA512 60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\d3dcsx_43.dll

MD5 83eba442f07aab8d6375d2eec945c46c
SHA1 c29c20da6bb30be7d9dda40241ca48f069123bd9
SHA256 b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca
SHA512 288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\D3DCompiler_43.dll

MD5 1c9b45e87528b8bb8cfa884ea0099a85
SHA1 98be17e1d324790a5b206e1ea1cc4e64fbe21240
SHA256 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
SHA512 b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\xactengine3_7.dll

MD5 4fd7bcb9d8af6a165e9ba0c2eb702e7c
SHA1 a90863632c2d54dd06e01537744a7b65bb3d0db2
SHA256 d7b1cf58898046c430d49cf8f778e4898280f4709340c3938d3139894166fe8d
SHA512 7fcc435d07c434ec392bb9bfa98aee20b0b1cd2ad6a31f073af80f6f37639336349728c9b0fcd967c4c395fc40c0efad1e36142fe7632512b0f26aca1b1c4bea

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAudio2_7.dll

MD5 81dfddfb401d663ba7e6ad1c80364216
SHA1 c32d682767df128cd8e819cb5571ed89ab734961
SHA256 d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69
SHA512 7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

C:\Users\Admin\AppData\Local\Temp\DX1BDD.tmp\XAPOFX1_5.dll

MD5 8a4cebf34370d689e198e6673c1f2c40
SHA1 b7e3d60f62d8655a68e2faf26c0c04394c214f20
SHA256 becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197
SHA512 d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

C:\Program Files (x86)\RivaTuner Statistics Server\Profiles\Config

MD5 d324ce1cfd38161142c42ad7913525d9
SHA1 6692e141dc5b9211f7838693754ce08db4297259
SHA256 87f42fcb46b60feeb035c373b54d5a13e7675e4882c79ccd7dfde5cdd3fdd299
SHA512 76bfebb370268fc411c1b2788229b32a95422ebb6189f8f5123159b51caecc5363ec605e725be79e98f5850f247c4d52129f097f13cb33a4065745c3612ca3c3

C:\Program Files (x86)\RivaTuner Statistics Server\Profiles\Config

MD5 04602444f2dd1be4be039acf2671f3c0
SHA1 37340cbf403ddebe9f0917330656951a9da86b3a
SHA256 4df9d4fcc8795105340914ebf73dc30175e72818d92918ba46577b1b53f4a10d
SHA512 04578d8759a45fea877425ce1da2e8d40768c26eac80ba066da86bb0e0e526fa8568c8500cc53b85d0ab4dc50ea728cdac4a9f7cb475e430640e14b721ec5704

C:\Program Files (x86)\RivaTuner Statistics Server\Profiles\Config

MD5 9efd57735a984c542a5b5114e4245968
SHA1 d8e5eafdb2b20ee0b4a5aefcf52b619f060dee2c
SHA256 ac4b4d5094d892ae03d9c090399b535145833473adf9b7b28a05f8f4d2b3e27d
SHA512 cb3b068666ecedf6b0791ea5f4b44e13e62018429208db6d304c1c85e26d30f0339a9db181e324f5efae591a941a8355ab0aa2fbe66f6ea3ffb6681f80112953

C:\Program Files (x86)\RivaTuner Statistics Server\Profiles\Config

MD5 089fc42541ee307781620f02a9f52714
SHA1 c03e9e787ec9e96daaa2a4c4b4d9d81fa0177951
SHA256 da23e08c4f56b2e8b8f6bb48e4fbd8240b77d71af2ee327f73ab29feb2d4fbdc
SHA512 870e5c0df43814635a2de639694c69dec41d7adfacadea34f4ece7816eae5d6669985f009ed50849d166320f50fb4974b54736d6648c7d8886e628564781bffe

C:\Program Files (x86)\RivaTuner Statistics Server\Profiles\Config

MD5 515f58e4ef397474ba823e1b54a961e4
SHA1 044d311df111a03988cda301a0089e4db09b0c8d
SHA256 324c4c7f1b9363d2fd4818c1d7422cb20f883ef07f7c1e3c8f667074aa6f42b3
SHA512 fa3817f1e1a60588052f8386678725bcfef2bf9fc0060d8956b82dc0ef0653adf791057f79cf77062f85768df41855b2589ce8bdd0d13afad30e6df789dc4091

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f27c151119ca75d991cd76357154b67e
SHA1 84502364b9474a4c421f85928b671738f7af56df
SHA256 771ed5df85f182a1a26211834ce0f93493e7145dfa39bd417c1040823f4c5d9b
SHA512 431a98fb30fe52ba2cd49781b470a1e5b624aca6ce951d2f10ab89350ca5195c9816da5385a48024be1b6710f6491bbc0a0f7eb9c3c7df9ddf918726c226935a

memory/6972-27048-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/6972-27486-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/4828-27487-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp

memory/4828-27888-0x00007FF7DD750000-0x00007FF7DE905000-memory.dmp