hxxps://mega[.]nz/file/qYJCXLKR#BPmKDx1lrbWEFRsGxuikwigQ2p56PlBTIzkyTZOK420

Analysis

max time kernel
187s
max time network
191s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/08/2024, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/qYJCXLKR#BPmKDx1lrbWEFRsGxuikwigQ2p56PlBTIzkyTZOK420

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 17 IoCs

pid	Process
3564	JudgeSim.exe
2436	UE4PrereqSetup_x64.exe
4760	UE4PrereqSetup_x64.exe
3212	vcredist_x86.exe
4588	vcredist_x86.exe
4888	vcredist_x64.exe
1816	vcredist_x64.exe
1780	DXSetup.exe
5452	infinst.exe
112	infinst.exe
5232	infinst.exe
5652	infinst.exe
5740	infinst.exe
5900	infinst.exe
5136	infinst.exe
5588	infinst.exe
5908	JudgeSim-Win64-Shipping.exe

Loads dropped DLL 37 IoCs

pid	Process
4760	UE4PrereqSetup_x64.exe
4588	vcredist_x86.exe
1816	vcredist_x64.exe
3824	MsiExec.exe
1280	rundll32.exe
1280	rundll32.exe
1280	rundll32.exe
1780	DXSetup.exe
1780	DXSetup.exe
1780	DXSetup.exe
1780	DXSetup.exe
1780	DXSetup.exe
5632	regsvr32.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{0d995f46-317b-4b5f-bf3e-9f98bae9d339} = "\"C:\\ProgramData\\Package Cache\\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\\UE4PrereqSetup_x64.exe\" /burn.log.append \"C:\\Users\\Admin\\AppData\\Local\\Temp\\UE4_Prerequisites_(x64)_20240806192144.log\" /burn.runonce"	UE4PrereqSetup_x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe

Drops file in System32 directory 58 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\D3DX9_43.dll	infinst.exe
File created	C:\Windows\SysWOW64\SET15CF.tmp	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\SET168D.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\XAudio2_7.dll	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET130C.tmp	DXSetup.exe
File created	C:\Windows\system32\SET134B.tmp	infinst.exe
File created	C:\Windows\system32\SET16D5.tmp	infinst.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\system32\SET14D1.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\D3DX9_43.dll	DXSetup.exe
File opened for modification	C:\Windows\system32\d3dcsx_43.dll	infinst.exe
File opened for modification	C:\Windows\system32\X3DAudio1_7.dll	infinst.exe
File created	C:\Windows\SysWOW64\SET1502.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET15FF.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\D3DCompiler_43.dll	infinst.exe
File opened for modification	C:\Windows\SysWOW64\XAudio2_7.dll	DXSetup.exe
File opened for modification	C:\Windows\system32\d3dx10_43.dll	infinst.exe
File created	C:\Windows\system32\SET15AC.tmp	infinst.exe
File created	C:\Windows\system32\SET15EB.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET171B.tmp	DXSetup.exe
File created	C:\Windows\system32\SET1753.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET1580.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET1580.tmp	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\XAPOFX1_5.dll	DXSetup.exe
File opened for modification	C:\Windows\system32\xinput1_3.dll	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET1494.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\d3dx11_43.dll	infinst.exe
File opened for modification	C:\Windows\SysWOW64\d3dcsx_43.dll	DXSetup.exe
File created	C:\Windows\system32\SET1752.tmp	infinst.exe
File created	C:\Windows\SysWOW64\SET1494.tmp	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\SET15FF.tmp	DXSetup.exe
File created	C:\Windows\system32\SET155E.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET15AC.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET15EB.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET14D1.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\SET15CF.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\SET1658.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET16D5.tmp	infinst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File opened for modification	C:\Windows\SysWOW64\SET1502.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET168D.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET171A.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\vcomp110.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\X3DAudio1_7.dll	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\d3dx10_43.dll	DXSetup.exe
File opened for modification	C:\Windows\SysWOW64\d3dx11_43.dll	DXSetup.exe
File created	C:\Windows\system32\SET1658.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\D3DCompiler_43.dll	DXSetup.exe
File created	C:\Windows\SysWOW64\SET171B.tmp	DXSetup.exe
File created	C:\Windows\SysWOW64\SET130C.tmp	DXSetup.exe
File opened for modification	C:\Windows\system32\SET155E.tmp	infinst.exe
File opened for modification	C:\Windows\system32\SET1752.tmp	infinst.exe
File opened for modification	C:\Windows\system32\XAPOFX1_5.dll	infinst.exe
File opened for modification	C:\Windows\system32\SET1753.tmp	infinst.exe
File opened for modification	C:\Windows\SysWOW64\xinput1_3.dll	DXSetup.exe
File opened for modification	C:\Windows\system32\SET134B.tmp	infinst.exe
File opened for modification	C:\Windows\system32\vcomp100.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\SET171A.tmp	DXSetup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\dxdllreg_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\CustomAction.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\dsetup32.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\DXSETUP.exe	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSetup.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_D3DCompiler_43_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_d3dx11_43_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_XAudio_x64.cab	rundll32.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\e5a0b1d.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_d3dx10_43_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File created	C:\Windows\SystemTemp\~DF5AAB2006FBF69E34.TMP	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Feb2010_X3DAudio_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_d3dx11_43_x86.cab	rundll32.exe
File created	C:\Windows\SystemTemp\~DF1811D1AA2340A2F2.TMP	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_vccorlib110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_vccorlib120_x86.194841A2_D0F2_3B96_9F71_05BA91BEA0FA	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr110_x64.4006A2C6_1BD5_3759_9C0C_17A8FFBF6E3C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_XAudio_x86.cab	rundll32.exe
File created	C:\Windows\Installer\SourceHash{D7B591D8-1091-4A00-A0B3-5301C45E5D51}	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_vccorlib120_x64.05F0B5F5_44A8_3793_976B_A4F17AECF92C	msiexec.exe
File created	C:\Windows\Installer\e5a0b21.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_d3dcsx_43_x64.cab	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr100_x64.1C11561A_11CB_36A7_8A47_D7A042055FA7	msiexec.exe
File created	C:\Windows\Installer\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}\Setup.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\APR2007_xinput_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_d3dx10_43_x86.cab	rundll32.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcp110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}\Setup.ico	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\CustomAction.config	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIF16.tmp-\Jun2010_d3dcsx_43_x86.cab	rundll32.exe
File opened for modification	C:\Windows\Logs\DirectX.log	infinst.exe
File opened for modification	C:\Windows\Installer\MSID40.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8D195B7D190100A40A3B35104CE5D515\1.0.14	msiexec.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UE4PrereqSetup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UE4PrereqSetup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vcredist_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DXSetup.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5908	JudgeSim-Win64-Shipping.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004fbc8ede2bb95e8f0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004fbc8ede0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004fbc8ede000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4fbc8ede000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004fbc8ede00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 53 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674455629845570"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DXSetup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "5"	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DXSetup.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSetup.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DXSetup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DXSetup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\06160A3C31624122A971135BA0D60E46	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32	DXSetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}\Dependents\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}	UE4PrereqSetup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\Dependents\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\06160A3C31624122A971135BA0D60E46\8D195B7D190100A40A3B35104CE5D515	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\DisplayName = "UE4 Prerequisites (x64)"	UE4PrereqSetup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\DeploymentFlags = "3"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8D195B7D190100A40A3B35104CE5D515\VCRedist	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\PackageCode = "58B2C1A7070C8C44ABD5ABFD86427F57"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\ = "{0d995f46-317b-4b5f-bf3e-9f98bae9d339}"	UE4PrereqSetup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb"	DXSetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\ProductName = "UE4 Prerequisites (x64)"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}	UE4PrereqSetup_x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}	DXSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\ProductIcon = "C:\\Windows\\Installer\\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}\\Setup.ico"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\SourceList\PackageName = "UE4PrereqSetup_x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\Version = "16777230"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both"	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8D195B7D190100A40A3B35104CE5D515	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}\Version = "1.0.14.0"	UE4PrereqSetup_x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}v1.0.14.0\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both"	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\Dependents	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}\DisplayName = "UE4 Prerequisites (x64)"	UE4PrereqSetup_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8D195B7D190100A40A3B35104CE5D515\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}v1.0.14.0\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\Version = "1.0.14.0"	UE4PrereqSetup_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32	DXSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\system32\\XAudio2_7.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	UE4PrereqSetup_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	UE4PrereqSetup_x64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	UE4PrereqSetup_x64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\JudgeSim.v1.4.2.rar:Zone.Identifier	chrome.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
5088	NOTEPAD.EXE
572	NOTEPAD.EXE
1704	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3316	chrome.exe
3316	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
4860	chrome.exe
3856	msiexec.exe
3856	msiexec.exe
5908	JudgeSim-Win64-Shipping.exe
5908	JudgeSim-Win64-Shipping.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5908	JudgeSim-Win64-Shipping.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3316	chrome.exe
3316	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: 33	468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	468	AUDIODG.EXE
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe
Token: SeShutdownPrivilege	3316	chrome.exe
Token: SeCreatePagefilePrivilege	3316	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3824	7zG.exe
4760	UE4PrereqSetup_x64.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe
3316	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1424	OpenWith.exe
5908	JudgeSim-Win64-Shipping.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 3396	3316	chrome.exe	81
PID 3316 wrote to memory of 3396	3316	chrome.exe	81
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 2784	3316	chrome.exe	82
PID 3316 wrote to memory of 4128	3316	chrome.exe	83
PID 3316 wrote to memory of 4128	3316	chrome.exe	83
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84
PID 3316 wrote to memory of 948	3316	chrome.exe	84

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/qYJCXLKR#BPmKDx1lrbWEFRsGxuikwigQ2p56PlBTIzkyTZOK420
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb5b3cc40,0x7ffbb5b3cc4c,0x7ffbb5b3cc58
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4856,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  - NTFS ADS
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4972,i,598652822316529046,10520108262392042414,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4860

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:488

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1712

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2080

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap24582:88:7zEvent32263
1⤵
- Suspicious use of FindShellTrayWindow
PID:3824

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\JudgeSim.v1.4.2\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1704

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\JudgeSim.v1.4.2\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5088

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\JudgeSim.v1.4.2\_INSTALL TUTORIAL.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:572

C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\JudgeSim.exe
"C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\JudgeSim.exe"
1⤵
- Executes dropped EXE
PID:3564
- C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
  "C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Modifies system certificate store
  PID:2436
- - C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe
    "C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe" -burn.unelevated BurnPipe.{800106D5-4C50-43CC-967C-95B9D92E21F1} {0B6F11C5-DFBB-4781-B135-CD6A9ACB9060} 2436
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:4760
- - C:\ProgramData\Package Cache\AFA5BADCE64EE67290ADD24E0DC3D8210954AC6C\vcredist_x86.exe
    "C:\ProgramData\Package Cache\AFA5BADCE64EE67290ADD24E0DC3D8210954AC6C\vcredist_x86.exe" /quiet /norestart -burn.embedded BurnPipe.{6320C716-CB7F-43A6-8F4B-93243EF0D7B4} {213A095A-DA83-496E-8165-2E82130B1D10} 2436
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3212
  - - C:\Windows\Temp\{A776DE17-57AC-4841-AA83-21F09615DDBE}\.cr\vcredist_x86.exe
      "C:\Windows\Temp\{A776DE17-57AC-4841-AA83-21F09615DDBE}\.cr\vcredist_x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\AFA5BADCE64EE67290ADD24E0DC3D8210954AC6C\vcredist_x86.exe" -burn.filehandle.attached=592 -burn.filehandle.self=600 /quiet /norestart -burn.embedded BurnPipe.{6320C716-CB7F-43A6-8F4B-93243EF0D7B4} {213A095A-DA83-496E-8165-2E82130B1D10} 2436
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4588
- - C:\ProgramData\Package Cache\B87C38D093872D7BE7E191F01107B39C87888A5A\vcredist_x64.exe
    "C:\ProgramData\Package Cache\B87C38D093872D7BE7E191F01107B39C87888A5A\vcredist_x64.exe" /quiet /norestart -burn.embedded BurnPipe.{A6E90C5C-9E78-4EA2-B87C-226379A4C9C9} {9E91DA96-AC4B-47C4-980B-F815F1FF5B46} 2436
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4888
  - - C:\Windows\Temp\{7B123FFA-C3A9-469E-BD92-0EB0BAE462C0}\.cr\vcredist_x64.exe
      "C:\Windows\Temp\{7B123FFA-C3A9-469E-BD92-0EB0BAE462C0}\.cr\vcredist_x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\B87C38D093872D7BE7E191F01107B39C87888A5A\vcredist_x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=600 /quiet /norestart -burn.embedded BurnPipe.{A6E90C5C-9E78-4EA2-B87C-226379A4C9C9} {9E91DA96-AC4B-47C4-980B-F815F1FF5B46} 2436
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1816
- C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\JudgeSim\Binaries\Win64\JudgeSim-Win64-Shipping.exe
  "C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\JudgeSim\Binaries\Win64\JudgeSim-Win64-Shipping.exe" JudgeSim
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5908

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:2840

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:4312

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3856
- C:\Windows\System32\MsiExec.exe
  C:\Windows\System32\MsiExec.exe -Embedding 18CD9950131D7C2DCA86A28CD36A64F2 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3824
- - C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSIF16.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240783234 2 CustomAction!CustomAction.CustomActions.InstallDirectX
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    - Modifies data under HKEY_USERS
    PID:1280
  - - C:\Windows\Installer\MSIF16.tmp-\DXSetup.exe
      "C:\Windows\Installer\MSIF16.tmp-\DXSetup.exe" /silent
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies data under HKEY_USERS
      Modifies registry class
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe X3DAudio1_7_x64.inf
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe D3DX9_43_x64.inf
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe d3dx10_43_x64.inf
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe d3dx11_43_x64.inf
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe d3dcsx_43_x64.inf
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe D3DCompiler_43_x64.inf
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe
        
        C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe XAudio2_7_x64.inf
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:5588
    - - C:\Windows\system32\regsvr32.exe
        
        C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:5632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5a0b20.rbs

Filesize
22KB

MD5
b8878d50d0054fa64c04958f4cacb379

SHA1
8cced22071aba68c32bfb6db0650f702c1bcd241

SHA256
72969b1063add3f3e7efd284c73f56d48a97003e547c869666d7259a7d27bc29

SHA512
34783277ff7d0f6cd8d223f1fd8d56b66c2c1e0a6ef20a6998990b08ce5d5a89128351cccf0eb5909ec956d7fd25b10a497491ff0a4caddbe5613d8556064184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

Filesize
834B

MD5
a0af4d81b2b19a99a3d01be89d5f99d9

SHA1
4725c1a810005f860ede9dace7f1e5a20e5230d6

SHA256
de9f05ceb1610cf9964f0def09d525005569602993c82a647743f192e9414d4a

SHA512
eb98d475d51d07b929d92fe5aa00bfa21078f567906f3650eb3bebfff39c616a21918da8f0687853310acebdb160d4f65451204619a7b8085fbbc25491bb0554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_BEF5BD13CF5F13F6FF3D15BBADC93CE5

Filesize
1KB

MD5
0bf8dd9bd5cf6267de85d8e45e925301

SHA1
2d35f800dec3887d79ef975735af6838c24102ab

SHA256
96c1d7adc95e2023caa0d3a12b43478f188ae7f58f99b8c2f105423c66aaece3

SHA512
2bbdd10dde71ca0bc9cd37ebebcb66a1c0c1aabe1eb4fca18024cff7e595e38187198535713cae5b7557a2f2fe2bb6c6c67451e0cab9b5eaa65eb3857058360d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

Filesize
180B

MD5
6000860d537ccba1a2acf46dc93034b4

SHA1
d07df441dc474ff35189a789cf2bef0e8dc6d0ec

SHA256
579e8f9bb2818c63432e1556f2a6b36b200491d030243d08dd7a835da50261bb

SHA512
323bd2d5038c42fbf8841a3616800d67aa548e8fdf89ec3ba0fd6da88b63f1f208fafb6789ee7d971a21d8610b54161ebf4bbab5a1e8a5d8ef18b66a06f7b02d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
398B

MD5
eeb697a02ed0650a7b880ed0396edc62

SHA1
b2470dfbb0ab1cbaf7a35e3083e7e9f97e4c8ef3

SHA256
ddefe9e9e777cf3798c5f1e0757989f7e9ece47dfc08adae19cdbfe3f67f7bd2

SHA512
04d5248914a0712af857a847d447814992f0664412bd537108e1a6f01b6394ca17578fc1e64cfed38aa8de1b5bcc8f7068894502b6b183c72c9c969976ad0602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_BEF5BD13CF5F13F6FF3D15BBADC93CE5

Filesize
402B

MD5
0d6c1ad2aa9253f923112185c527adc0

SHA1
2f958ddbee5c101e327bf1b024d4bb84fba6c7e3

SHA256
c48e536fdf791a0801fc3ba11f00f72beb33776141ab3f5d94f97de25102bac5

SHA512
f8a156bb94bdc1b6fc2de716cf560b2f9ca6ed12aa6b25d9e5a18310efbf9b14d7112a8ac3e613fd60b74b69b11fdd6e36d1361c5f551246b2f6fba8b27b5c11

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9dcdf0c28fe233d919b63ba20425a69a

SHA1
15b7209bf4fd5f965da90fe5947dfd07f37a1db7

SHA256
906ab84dee2bf7aafef28c0f9e19536cbe20a461c11b925afb69a65d2b24a290

SHA512
60464288fdb49b873f403f2c73201ab6428721ff1c1573be458b5beb1cfe2040c49558f5497a9f21d86b2b8df588e5a3b865a9365718e5343fdc76f15e3c4710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000

Filesize
1.9MB

MD5
4932df0303e701e6111e5dcaad17d77a

SHA1
a971bb90d8b529bec11bbd0b8ed3b9b4653e9610

SHA256
62121bd73426f68f966a2b746c8b5a61ec2a0ff0afd5a795a0bdf39cc439e868

SHA512
832913adbd61284ddb1ed61a979c9d6d31377b580692b608de4545616a612c4a2b659d560e1d6e232a26e857e07ec3ef57b4cb76800f3728f6d42d9eb2e92725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
60KB

MD5
66c05f0611ca5932e7fc742fb7b9a9db

SHA1
d4860ca657a966e53ea3889a7a761b1e315355f2

SHA256
ae24e8d19f21beaa8e354d9a3b3b503e66de7dcaca467911659be08901f63424

SHA512
98b6290881996e73b71cbf30a05cf3be50e978f17c52565964c769e9b006bbd94c85bbe58c8df6122788387752c7575c6c0d9d72acdfe0b5137035169e8752f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
6f3ae0ae32f34882d588dc7643491841

SHA1
10696f752283357a5a291091eac809d9c175db6c

SHA256
885ee7cc5d6dd18db4ceac81e7b495f492b3182ac4f229e78c2546c2c675f563

SHA512
dd74400b727ac79ef929c655a938439d561c3e507e6963cf5d44925e30f2c7da50e5247aeab310205dc348d03cbd910a9a94697d5be68d60980097cac52f7a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
23c4841d809faad405f3dcf93644cefb

SHA1
658b6a7047ab24dd99d3a97df63b51bebdbde637

SHA256
32839d9a5e861f6e82b762a5fde432366bd176fe99e9727c7bf204acd438af8d

SHA512
0bdb4c180ee018419433f8067b2090ba591f0fc99eb04be02c2bdfbdfa8add0f4a81067e321dc6797da1f60a10356ab630904f5489dfe9205a277ea2863e6ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
38139ac4f55bcefa2055a7b6c5ef8b8c

SHA1
070d0e5827386abc8591d09515df779de7968757

SHA256
6271d4be9c4170e452dee3f0ee1778e2438148f113b658f53bd1ba0c875d239e

SHA512
5fa3b5fde5ec11c571bd66705ddee49de3a86baa4adcf267c9ea1f50b51df1ddafaa8450ad6eb6e17d56583a583119a7c2877769d12426a4ac29099ae4b05832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
7aaccaee54d29753eec68999fdc8e7ab

SHA1
e0158fc69f477c0d6b187e70018e2ca4896dbf1c

SHA256
5461838d256eae79e416f615a26d075f57a3eeb9d44490a3d0ec097e3ee7ab19

SHA512
06c0237bc9af64d5c680dbaef17f20f16ea5f64b866a7f446e8d9542493bec3021487d11b5afa031c67a2ccdd4d0ebfd9ccb23aec4c084328f573abcd7ef90c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
1ca111f53a336f2a87b7b4ab4e2d4390

SHA1
06cd4a0a7443a3bb91d0f6e7595de1c82d635582

SHA256
2ce15ed007a9e571176abafbbf343014c841430b1105e3a546f434848dc2e9f6

SHA512
1f071782f0bb1fab1759e737de9d1bd0e04355c822af05dfccdcbb4cc0318c180ff36da5abfdd23f870928dfe49904846992b603b0f7a0b32ea7ae52124ffa21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
373B

MD5
2aadce3188ac20e08553e043bfac6333

SHA1
1b86d8f57f535b4dabbe7eed872029b1852dce34

SHA256
0adb09554b02b212f005ee3ae62b05ac7bc46862bf499ad4015bb411c6e86df7

SHA512
44cab4f6faf287181b1128182457756fa1e58efe9a6ab932978c0d85112ffeb65fc5421dc22e0d492e8e9d29caacbb849d7de720de2c8cbfa5e47db4a711052b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe57da62.TMP

Filesize
333B

MD5
8372febe73ce43be602c9f044ab6d328

SHA1
e2ab86fb4bd6af4cf39b558d475efa6c5a75e1f5

SHA256
c61ce9019d5224ded66918f50b28a0d83b90b58c4f6fee9bc887ff5620cf17cf

SHA512
12efa262bac2c12e57a786340dbfe73e5d13333d5d576abbf28c178e392c661008d52af45cf2abbde47079a52334f63dfcc047f2b36d64645b0d3df529e9eb73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\09c57ce1-ded9-47f2-b9ff-c88989afe188.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4bbb5c1c5003f248254b351f277f6184

SHA1
2d7af4a8635392a9bce589f2aaf9062373766118

SHA256
22a191bbe161aa1e946aa5c8a805891158489d4eb6a0af53bd8f2c78369f055f

SHA512
86ef699647663acc75af3a7749b297b05c5ca969ad914c6a76237ecfdd6e5509d83c0600546e02798ffa91dbe7ca5c0c0a7b52ca1dadbb04fb258aede6e1e15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
29f38c927a753778ebab5dd596dfc750

SHA1
7ee74d52606a643254ec95a6141ffcb6169412e6

SHA256
778ec7747ce23583b3676bf219abfe2af94b5fe31a580f8b7a80572ddb69f401

SHA512
21eefd3339dbef192313d1c74c5a932bca5167bdc1bb31205fea61263a50d7c90be93349570016bc0ca01707c0c60507059b70a3779f95ceee3e73922705ad97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
508bbb63d0721dac48f8e3d04ad34eab

SHA1
300c194ecd5482d3e616cd574ac94bc22b6de688

SHA256
8c857776dea01e7ac5ab3b0c4cb9fe5c676d0e757db69e76d79c85382e500992

SHA512
a39285455dd3e7c2dcaea44b0a53bfc90432c6ab5d757ebac5d4b1462bd88ce5d864758a856417bafa7128676f16e74b80fc105c86b5126d40fe8c8d45ab8156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dac977607c5e464656ad77ba5c754038

SHA1
7a070d85060d6c4ad6567f9d87f3fd0f4e748bb2

SHA256
c65804b758dc0923d48dc2b1548460c2783184f20373ed79ca89ad3bb85ee046

SHA512
57367371f0ad8a3856e9bd03f2568804fc93720ef92e94216b0a6415cf5099c5851f5c1895f77ba20622852fbbe70bfec2a5d713fd9ddd0bcee79699b8465b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e4f9a8c36f515576390b3cee25de566

SHA1
20f1fb3e1019f1f99e24ee9bea318707a2a410bb

SHA256
95bbb1f07790b09579dee3e62f229f3e68511671dd4b63dc20fef4b1daabe207

SHA512
17a4ab7a1e7b7a2788ae7c3219c686870426e90790238bcf085e74a2ca1f996d7cb1765fbaa47c0161b30fb3a0820d742f6e6ee6b40bde92b492532d1bbd0999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15f734920a23cdaf99dce30632fbbc66

SHA1
9b3d95e199f1713ab8cac7ab334d704556ecc008

SHA256
fe020b57055632020b86d07286494c4723817245a03b8d3edb5a8700d0c9bc83

SHA512
2b48da55d1c0534bb6bbc7ec7bbc1fec448532114f36b6dd3cce6d8980fad0adecfc3b82ba290366abba90d6025812f9e1c6a9ba8f51d0aba26ccd0876f796d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dcadd753ff8133113d8cd598ec3ee586

SHA1
b93a71fbea84c885f5f92fd797a7cb225bbb6f77

SHA256
4c5bf658e039053acbd740f253eed21e14d14b17edaec0191e072fbbf511f621

SHA512
4e6a5a379d9097fa80199ed264fff69ba1b9dbbf6dea344601117f6fa14182af88762ac97b049f0befa00c1ed004951db3e061076d6bee68dfec89dd981d21a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62354cdce4535f4bc866fae416b24e98

SHA1
96a2776cafba47402aa3320259ed1477e44acb32

SHA256
c2934646dfe6e67c9ff9bc5f71ae1bafb4b69956a76db4fc7d93c2ba35ca3554

SHA512
f7aaa608689ca053e105e41f99db4a98482c10f9ac5d6c0284e97a987cb021964857aa769566f14e7a709115e5fd83757d5c2d4dec70812c0fbee1a1a04afa15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
80baaf61fddd5b82d2a786de9e317314

SHA1
7f48e3da02b7bf8094992b074155b38d775a5a25

SHA256
9daa730086b862a2bea42c53efff3a31989decdc7f9cd884563857eaaca2736d

SHA512
d6a815c20452374ab19690593fe0bfbb74871c92a40cb82ddcb5315337b72155685233ab95ea6caaa28b09f2ee9d4708759e6004e8555fb7be56ffcaaf55d5fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c058257bf6da656981169141b71849b8

SHA1
24c41095e79561f9e9de2415ad2885b0dcce636b

SHA256
944559d660fc4885151883c17a9832dc3a1bb9e1d57c6b84e7eb242cca526cfb

SHA512
bce704bcfb08b3b2b29f1807aa69e68ff70efb611e7465c7d1c084931a26883057f86b55156307c62e11f79e8738b12f50fd59cc59ce1b550c2c473e84533d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c196a34e2add060d2c2906078e3bb0a

SHA1
e8c1b1b4a290a07904a939376c772280f98bc6c9

SHA256
94a0294817a332f4a09acebead45d901d8d295a6b3390dbd16c7953a5eee2625

SHA512
330b6d2322d31a52cd46628a0afc194b150b1c6258dadddfd24aa1b7778b1015553d75cd205449f7d5612fe1ccc429c797cc831da1596606a3c1e8fddc3248e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bee61dfa13ac3fadd37afdc363283ad0

SHA1
6a6c196b0e7ca84d336dfa73d7bb95fa9984c645

SHA256
32e02983d8d9b458fdac23bf1af448a420f1ea67b28f24b2a87e3c85bf98b676

SHA512
4dfb7c96707af890f9d88b12efb90d4d9428a4df852f6c1cdad0b7ade62fe9da0f27c1302357e95b0c2a34d9c0eb22bb612c54967a173348293835adf811f902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d8259bc269768f914db3b507517e8e8

SHA1
d6a8d5f983903df1134bbbb238995fce9ced3a0e

SHA256
c3169e24302498d9485dbe79ad41d354aa41a1eecfdad64a6552364246c064fa

SHA512
0fa59332ecc655988c5c772d59233d0558c5595daa34d79aefac9e0d94f422e639bdb9471eb774b739c0d296633c99c329b3ca94318af648a1ce674703ff557a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e2ab25ef77b3f8a8d0c5f102ca19e22

SHA1
0c3aa34681756cc983e845f93bd603601ddaa529

SHA256
e94d0b026f751bd4c1943b7a1718ad1625fecce295be49fd7b2e586398568d68

SHA512
8177fdc1a9bb97b8e7733a5dcba71657089912fb0682a53bda3ce593d219d183552f5709fea863c541057f6aa710494a714c846482aff28dab88ed90459b8710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2410f1ecc5111fc717c38b7ed79a6b62

SHA1
06cecdc69ecfb400a21d9378bcb95aef6f73b249

SHA256
bb02d1bd12b6b633ba2deba667bb0250d09890b14e557c95338ebc0f492ab472

SHA512
033e020cc3994838ae1ce47c400fdafd1e2028484cdf7bf803428bde184928ccc1ab815c03bf609ac6b6421889e17e3c3987cd0a4bf2a4b13d40c7df589703f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
dacf5a385df0b1d2cc41157dcada0d91

SHA1
7468b4582c9a3b1dac06baa40ceecf42175f1d9c

SHA256
4dba9d18437147991b23e95d1f491fc722e0449a7f64eeff857b1043f3632c0e

SHA512
241497c811f1941a15b3903ec9c7b2242a8a3c6f9a869b837b4b644dae02809d72f78f964b7ee0ad56ce90c1b5c6e3fdd3e4d96003c2339c1d6a5bfa8f5e86e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f0990845dc401143ca555874b266fa56

SHA1
31b73039887897d220826da52a5506064d7f1be0

SHA256
d4338ce9c04edcf930bfa5cf08041d7fcc349d35bbdc9546338a9be1cef3b30e

SHA512
64e8c16d1e599cd993714182025f3edfed6bf104d0c3098f2336cd64697aea91ddfc03dd7fc36b6185161b4997c59a384821849ae6cea3cce7cb16773b66d4e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
cd1e4e45cebc1c920942d18d87762a4f

SHA1
0ab10977fe11d02b60ca96d87d49148b0209073d

SHA256
eef51759a44a7bca49f0119a9a6d1af03e3bff3768beccb7bc514b68604f5325

SHA512
815e79d660a4ac92e20ede3aaba74a5168df6315850be87bcf6e0728192eae936abd5dd264f31a10208aaa7c15859f75b4a9af9da0e37aebcc05ecbfa4727e2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\D3DCompiler_43.dll

Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\FEB2010_X3DAudio_x64.inf

Filesize
815B

MD5
49460e9297b0faab5a5d73e7aa2caa67

SHA1
a7e211f3d4ae808f67a798924c4d3314183df873

SHA256
68351f03f4ef83e4b8c359e3e130441081690a1866b838a1b35d64674ef3abbf

SHA512
92c4c0751e9123e1eb09da312bc44041d13262e26cefb807dcd1b354c5bd12c0d7197f1d3d457ddef89714b77ffe45db9c717332963c6daa507ae02a6d5fc941

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\FEB2010_X3DAudio_x86.inf

Filesize
1KB

MD5
e84adf38d499ae39090ad60fd76d76e3

SHA1
6af4d58bc04aac2723e8b97649f1b35fb1aca84c

SHA256
d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a

SHA512
6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_D3DCompiler_43_x64.inf

Filesize
830B

MD5
6494a3b568760c8248b42d2b6e4df657

SHA1
700f27ee4c74e9b9914f80b067079e09ec7c6a7f

SHA256
3e779533a273e3395109c7efac13ba1c804c01b3ddb16938406fbdf90d851216

SHA512
2bf68b123d7823ad7182e132d9e55f8de7580229e8e1b3b40030da50bb9bdeaf67bb9727ce2171fa83b7f804c24d9728ffabb44cb5017b16b771bb19e62b1b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_D3DCompiler_43_x86.inf

Filesize
1KB

MD5
1a86443fc4e07e0945904da7efe2149d

SHA1
37a6627dbf3b43aca104eb55f9f37e14947838ce

SHA256
5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf

SHA512
c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_XAudio_x64.inf

Filesize
923B

MD5
dd987135dcbe7f21c973077787b1f4f8

SHA1
ed8c2426c46c4516e37b5f9aac30549916360f7e

SHA256
1a0f1b929724f8b71d5ce922f19b9d539d2d804c89af947d5927b049ef0fd3d8

SHA512
f0469c94219b4df99d7b9b693161a736fa8eec88a3f6c7f2cf92fab2ade048dfe61fcde3a4cf4f7a2aaf841d079a46b17259dea22cfb02831983f55bd7f61899

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_XAudio_x86.inf

Filesize
1KB

MD5
31d8732ac2f0a5c053b279adc025619f

SHA1
c8d6d2e88b13581b6638002e6f7f0c3a165fff3c

SHA256
d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da

SHA512
abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dcsx_43_x64.inf

Filesize
815B

MD5
e1f150f570b3fc5208f3020c815474c8

SHA1
7c75fc0cf3e3c4fd5045a94b624171d4e0d3b25c

SHA256
5289b5ad22146d7cc0c35cdb2c9662742693550de8f013d1ec40e944288d155a

SHA512
a53618ed6ebcd50ef074b320eb3ebd38af4770a82caa808e47cba6a81982ced46cf954a1c5a383f171006e727d8211b4fce54c9faf27b4c14a770a45a09037b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dcsx_43_x86.inf

Filesize
1KB

MD5
cf70b3dd13a8c636db00bd4332996d1a

SHA1
48dd8fc6fa3dae23cb6ca8113bc7ad837b4570d7

SHA256
d5200b332caf4fff25eb3d224527a3944878c5c3849512779a2afcfeae4c3ca1

SHA512
ae31a9e20743a2052deec5d696a555460a03d400720679ed103759241b25d55e2fbc247170da3c0c0891f32b131ab6a6845de56c2d3387ad233aa11db970b313

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dx10_43_x64.inf

Filesize
815B

MD5
13c1907a2cd55e31b7d8fb03f48027ec

SHA1
ca37872b9372543f1dbe09b8aa4e0e211a8e2303

SHA256
a65f370a741d62c2be0ca588758d089dd976092cb910bb6b1b7d008741e18377

SHA512
545aaf268d141e2aae6800e095a1ae4eafe6bfe492d95dfe03789ccb245cc3ef3f50f43b10a41a3b0efdc7f8c63621b437323e133ba881f90a3b940095b80208

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dx10_43_x86.inf

Filesize
1KB

MD5
53a24faee760e18821ef0960c767ab04

SHA1
4548db4234dbacbfb726784b907d08d953496ff9

SHA256
4d4263cbb11858c727824c4a071f992909675719be3076b4a47852bf6affd862

SHA512
8371471624f54db0aca3ea051235937fc28575c0f533b89f7d2204c776814d4cd09ee1a37b41163239885e878fb193133ad397fe3c18232ad3469626af2d2ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dx11_43_x64.inf

Filesize
815B

MD5
590fe1ea1837b4bfb80dc8cb09e7815f

SHA1
792b5b0521c34c6b723a379dd6b3acf82f8afb1f

SHA256
2c4cf75b76203cba6378693668c8c00b564871c8bfd7fbda01e1e841477b2a3b

SHA512
80bee8f1ad5bfaba6b3ac5a39302a1427dbaa5919d76c89b279dc753170ec443924eadf454746ce331a6682ee729ab79bd390a5d3b55db8d08fd6f4869101f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dx11_43_x86.inf

Filesize
1KB

MD5
fb5d27c88b52dcbdbc226f66f0537573

SHA1
2cbf1012fbdcbbd17643f7466f986ecd3ce2688a

SHA256
3925c924eb4ec4f5a643b2d14d2eda603341fbbd22118cdd8ae04aaa96f443c0

SHA512
8aa2200f91eca91d7ee3221bc7c8f2a9c8d913a5d633aa00835d5fb243d9cb8afa60fe34a4c3daa0731a21914bc52266d05d6b80bfc30b2a255d7acdf0d18eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dx9_43_x64.inf

Filesize
812B

MD5
ce097963fc345e9baa1c3b42f4bfa449

SHA1
e7624afc3a7718b02533b44edfe4f90d1afda62a

SHA256
272650a2d9b1cfea17021f4bf941b21f2206791e279070d4e906ce0ce56ac16f

SHA512
f3c4f00eebd9d465bc2415d59c417bca0f5a07c8e13880b28704f770763609a653d4b06f53d98325b66c2c7094895190900c47980f81463215e919f00966ee7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\JUN2010_d3dx9_43_x86.inf

Filesize
1KB

MD5
a11deb327119b65bacce49735edc4605

SHA1
0be2d7fa6254b138aa53d9146cda8fedbba93764

SHA256
6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b

SHA512
b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\X3DAudio1_7.dll

Filesize
21KB

MD5
c811e70c8804cfff719038250a43b464

SHA1
ec48da45888ccea388da1425d5322f5ee9285282

SHA256
288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3

SHA512
09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\XAPOFX1_5.dll

Filesize
72KB

MD5
8a4cebf34370d689e198e6673c1f2c40

SHA1
b7e3d60f62d8655a68e2faf26c0c04394c214f20

SHA256
becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197

SHA512
d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\XAudio2_7.dll

Filesize
514KB

MD5
81dfddfb401d663ba7e6ad1c80364216

SHA1
c32d682767df128cd8e819cb5571ed89ab734961

SHA256
d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69

SHA512
7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\apr2007_xinput_x64.inf

Filesize
860B

MD5
94563a3b9affb41d2bfd41a94b81e08d

SHA1
17cad981ef428e132aa1d571e0c77091e750e0dd

SHA256
0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8

SHA512
53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\apr2007_xinput_x86.inf

Filesize
1KB

MD5
e188f534500688cec2e894d3533997b4

SHA1
f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

SHA256
1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

SHA512
332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\d3dcsx_43.dll

Filesize
1.8MB

MD5
83eba442f07aab8d6375d2eec945c46c

SHA1
c29c20da6bb30be7d9dda40241ca48f069123bd9

SHA256
b46a44b6fce8f141c9e02798645db2ee0da5c69ea71195e29f83a91a355fa2ca

SHA512
288906c8aa8eb4d62440fe84deaa25e7f362dc3644dafc1227e45a71f6d915acf885314531db4757a9bf2e6cb12eaf43b54e9ff0f6a7e3239cabb697b07c25ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\d3dx10_43.dll

Filesize
459KB

MD5
20c835843fcec4dedfcd7bffa3b91641

SHA1
5dd1d5b42a0b58d708d112694394a9a23691c283

SHA256
56fcd13650fd1f075743154e8c48465dd68a236ab8960667d75373139d2631bf

SHA512
561eb2bb3a7e562bab0de6372e824f65b310d96d840cdaa3c391969018af6afba225665d07139fc938dcff03f4f8dae7f19de61c9a0eae7c658a32800dc9d123

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\d3dx11_43.dll

Filesize
242KB

MD5
8e0bb968ff41d80e5f2c747c04db79ae

SHA1
69b332d78020177a9b3f60cb672ec47578003c0d

SHA256
492e960cb3ccfc8c25fc83f7c464ba77c86a20411347a1a9b3e5d3e8c9180a8d

SHA512
7d71cb5411f239696e77fe57a272c675fe15d32456ce7befb0c2cf3fc567dce5d38a45f4b004577e3dec283904f42ae17a290105d8ab8ef6b70bad4e15c9d506

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\d3dx9_43.dll

Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\dxdllreg_x86.inf

Filesize
724B

MD5
8272579b6d88f2ee435aeea19ec7603d

SHA1
6d141721b4b3a50612b4068670d9d10c1a08b4ac

SHA256
54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40

SHA512
9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\dxupdate.dll

Filesize
168KB

MD5
94202f25810812f72953938552255fb8

SHA1
c1e88f196935d8affc1783ccf8b8954d7f2bfb62

SHA256
6dcad858cc3ff78d58c1dae5e93caf7d8bacb4f2fcf9e71bccb250bf32c7f564

SHA512
65b66d07ef68e0d1e79f236a4800c857e991ee3ff80ece4cfdd0b5f6083ea16f8a52d351c3af721cb05c06394ec91b4b5e3cfa4b0f0879f7549f3e3ed035e79e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\dxupdate.inf

Filesize
12KB

MD5
e6a74342f328afa559d5b0544e113571

SHA1
a08b053dfd061391942d359c70f9dd406a968b7d

SHA256
93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca

SHA512
1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\infinst.exe

Filesize
81KB

MD5
a7ba8b723b327985ded1152113970819

SHA1
50be557a29f3d2d7300b71ab0ed4831669edd848

SHA256
8c62fe8466d9a24a0f1924de37b05d672a826454804086cddc7ed87c020e67ff

SHA512
60702f08fb621bf256b1032e572a842a141cf4219b22f98b27cb1da058b19b44cc37fb8386019463a7469961ca71f48a3347aaf1c74c3636e38d2aea3bca9967

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX109B.tmp\xinput1_3.dll

Filesize
79KB

MD5
77f595dee5ffacea72b135b1fce1312e

SHA1
d2a710b332de3ef7a576e0aed27b0ae66892b7e9

SHA256
8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

SHA512
a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

Download Submit
C:\Users\Admin\AppData\Local\Temp\UE4_Prerequisites_(x64)_20240806192144_2_PrereqSetup.log

Filesize
1KB

MD5
91ae9237a6e57dcf7299a3b2e029e9d0

SHA1
7a41599df8e76a6b945a2f585d6d239f36971d5e

SHA256
9abec8ff043c6d1731d587af5c031c037ada64f8f8f731396baccca6842a6f1b

SHA512
242dc62971c454d13b06af20d47507c1f52f505edfb85ae4be88938d8c3df9c06b83dbe239cc6bf52b3d97c58a1d247382f34b52c3a05feee614ee252929298b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\.ba1\Banner.bmp

Filesize
123KB

MD5
461fa4877514f318a0d5cbc602daf7df

SHA1
5d2ed3abc96bb1fb419828e3de3fc75a6292536a

SHA256
638d5bfc987b45d28a308e8a4d68bd7c0a82d21e615e534fbfaa3cd0ad53889e

SHA512
c4def63dfde38cb2e35d75c7e61428cb9df2429af799e3e0b29c7bc1d9c60e8e32f18cc0e7b55e177d95bdb333a7a0d1f4369b02f5c574b6688047e01e9f98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\.ba1\LogoSide.png

Filesize
43KB

MD5
63c9775d703ec8bdc9703f80d52ffc24

SHA1
1a5f3fa1fc4ee2a7e08506f8178d769cdcd7ec62

SHA256
8f03c6e8ce5f4898cc230e04d485e0e0744eb7ee180a3d8bb154f2fc9c7a93e5

SHA512
b2d9d18a3d6a1df401ede41e35af7167c6f253f54c290d1db64db212b5a2e9a2534e86e031e1e5499b2ce11bb952afc6bcd8f85aca351d49867c77dd4edba458

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\.ba1\wixstdba.dll

Filesize
135KB

MD5
36b53c5299a3b39e5c9cdbbd28a09506

SHA1
9f4c767ef7ea887a88a698bcd66e4ba691e1c17a

SHA256
97f1901e7c928b9231e503cd3a1315f0d8449356b9f25e7eb4c2cebeee72012a

SHA512
af4c7cea8bebe0f125b59eed11fa0053178dd546784f68ad7a642eb128ed0d05dd6ccfe685b912381b61becf9c336dcbbc8c4ce56884a511f3f0a69826d8de83

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\.be\UE4PrereqSetup_x64.exe

Filesize
786KB

MD5
ddf7b1641565da963c4b5fa54da0c6fb

SHA1
06e78b6490aa53b0aadd69689767b900559b1aad

SHA256
62182da08e543edb383be4cccba214e30f1dcd73395f461af3a142a69893f254

SHA512
194490ea8b440841924a2e453c4e660ec781d7959620118504b16ea7ad799107eab26eab765d8378509d6a6f67fed3e5673ad362789245f46a67a8c81b07076a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\PrereqSetup

Filesize
11.7MB

MD5
4cc0e85424b8c7ec50c29554637e5c14

SHA1
5ee1bdf3f72b16a1780cabb6288bb97db7eb4a12

SHA256
6e3f68b3f747899b658a5946b1bdc4cb5a8956c93e54cc1fd7dae454e4fa1d22

SHA512
49768efd40965167fa5e7c87b2c885f73eb4e9808b1fe923ad212d49c8b9c58efb8d2ac7ea9de4a2019b6d548aaac82290127beb1f711fb23cf32d038326ce45

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\VC140_X86

Filesize
13.7MB

MD5
24e8177b25c072f4fb0d37496ccdbb34

SHA1
afa5badce64ee67290add24e0dc3d8210954ac6c

SHA256
e59ae3e886bd4571a811fe31a47959ae5c40d87c583f786816c60440252cd7ec

SHA512
2fda8abc77b6ed9e98a2b120628e4e3b9458f2b18998c836eec1de82642244fe55234c7e52d6036d8b75c4b707a24f12fa639cc92d4234e94ed604a259d651e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}\vc140_X64

Filesize
14.4MB

MD5
be433764fa9bbe0f2f9c654f6512c9e0

SHA1
b87c38d093872d7be7e191f01107b39c87888a5a

SHA256
40ea2955391c9eae3e35619c4c24b5aaf3d17aeaa6d09424ee9672aa9372aeed

SHA512
8a050ebd392654ce5981af3d0bf99107bfa576529bce8325a7ccc46f92917515744026a2d0ea49afb72bbc4e4278638a0677c6596ad96b7019e47c250e438191

Download Submit
C:\Users\Admin\Desktop\JudgeSim.v1.4.2\README.txt

Filesize
338B

MD5
9b5ce4aa12b4ace2514ed3d5061a73ab

SHA1
5573211ca0c545799eb068fde7e42fc26e99fc8a

SHA256
7c28c990a190a0fd7ce7b47be461e73078e5fc5a8e7efeaae9a64cc564fb6e0a

SHA512
434bc446efe432911bbdfef8ded3f017b2b045bbb2da181a2c3fed3c416967d04044f6b387545ec09727b6f4c883df8356c3ccf5c9feee6ec0aa7793d4e9fa1d

Download Submit
C:\Users\Admin\Desktop\JudgeSim.v1.4.2\_INSTALL TUTORIAL.txt

Filesize
1KB

MD5
b0e0097e436766fb8bc251832414d24d

SHA1
8b018eb5f5d46c854f9c07784f021cf7302f2a3b

SHA256
ac45f3d5b1e728caffdafb6faeca0f22459f6ec2ff2c7449c3fac44d25f62915

SHA512
ab966f3cd0d348a62168c9768b2e9d39bb44690a94dc15034394c9e7c11fc540ac9aa95e26a0b1de1e82077c0aca4a941e536260bfc49e3650655259d2835299

Download Submit
C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\Engine\Extras\Redist\en-us\UE4PrereqSetup_x64.exe

Filesize
39.1MB

MD5
a688d249c498d4d3b89ed876c8239520

SHA1
25bdaa9b0a339099e10cf9c26e8abdcd67a9e583

SHA256
145f4e4d11e76a2612db5ffbfae8f9ab8e4385ff7660802ffd2f473c9dcb2a0d

SHA512
ca24eee29e9ae1c919b98d1f5e41b96566c86b1e40e30f3f6c7fb5c7e4049f92fb64afa4c87e8e815d3926b9cac17d0347f1f9b69d06e01303ffcb1815efecc1

Download Submit
C:\Users\Admin\Desktop\JudgeSim.v1.4.2\game\JudgeSim.exe

Filesize
204KB

MD5
664c53dc14b204d0a706be9a88559c90

SHA1
d6589c5ccc83607740a9726ae4e22eaa8c315bab

SHA256
645c0682118593c882e82044b46677a6e937eb0c15d834740997971a61cac765

SHA512
f3822fc263f2e61a653f88b4f536288f37a6786bb15992c57d30c10bb1a74b64cbc463f600dc31b5e153ce97f6f90116c459c8a7a4d287074c7c997b8d9d2092

Download Submit
C:\Users\Admin\Downloads\JudgeSim.v1.4.2.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Installer\MSIF16.tmp

Filesize
6.7MB

MD5
0fb911250b32a2ca32f5d8d572b1ec36

SHA1
a0edd2d6d521f6087558b87fb31b20b591fb2995

SHA256
c55442e1b85b59d458707d3473c05c00ec50dc6f1e4d8a5cf644664b1333bd19

SHA512
e35daaed5428a95a47ccf20f640d390e636f8bd7401b0afa65294da42550fca9504bfa72bc55e72f76fbae8c666e4b958e4c5ff1b166092cf8d789f08438c2a7

Download Submit
C:\Windows\Installer\MSIF16.tmp-\CustomAction.dll

Filesize
4KB

MD5
6a9a48dc9f4a240a947b957ff14e7070

SHA1
1568c161a338e8afd6db1d1fdea8d2de72df6334

SHA256
7b64f279feee5e8b350dac6c1e3bddaeb110a16b4839f7167667975abf987be1

SHA512
5bddb9dfcaf36fa4ce1faa20812500ed8995ab3f86ec0b44edab912a185688842f0e0d2ec01e6abf48d863da783fe4db193c3581347810a0bfae15083d3cc148

Download Submit
C:\Windows\Installer\MSIF16.tmp-\DSETUP.dll

Filesize
87KB

MD5
9e0711bed229b60a853bcc5d10deaafc

SHA1
2bea53988bd35c5df5c9edcef0bc234c37289477

SHA256
def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0

SHA512
c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185

Download Submit
C:\Windows\Installer\MSIF16.tmp-\DXSETUP.exe

Filesize
524KB

MD5
ddce338bb173b32024679d61fb4f2ba6

SHA1
50e51f7c8802559dd9787b0aebc85f192b7e2563

SHA256
046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de

SHA512
7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4

Download Submit
C:\Windows\Installer\MSIF16.tmp-\dsetup32.dll

Filesize
1.7MB

MD5
0f58ccd58a29827b5d406874360e4c08

SHA1
ba804292580be6186774e7f92e6dfb104e46bf25

SHA256
642d9e7db6d4fc15129f011dce2ea087bf7f7fb015aececf82bf84ff6634a6fb

SHA512
3e3d4f2de5dc5addc86765a2f888487ea0c9ee0208fac60187ddaa9a2bfd73cfd7734836d32805fa43222470c8f6cb9a10e2a099aef72c67ad7c789096e57ce4

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Apr2007_xinput_x64.cab

Filesize
94KB

MD5
743b333c2db3d4cf190fb39c29f3c346

SHA1
26b3616d7321978bd45656391a75ee231196a4a2

SHA256
e7a09f8235cc587cc63f583e39fbc75008d9677c8bb4dcc11cb8d0178a5153ac

SHA512
77fbdb86c79d7228bca2982a3285a417a365af980488a5ac2d470b532fa59fcc15e0e8dbee6eb1a3a5256fc29e0e3391529cd2ac13e0f72987ee0da136000957

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Apr2007_xinput_x86.cab

Filesize
52KB

MD5
c234df417c9b12e2d31c7fd1e17e4786

SHA1
92f32e74944e5166db72d3bfe8e6401d9f7521dd

SHA256
2acea6c8b9f6f7f89ec51365a1e49fbd0d8c42c53418bd0783dbf3f74a744e6d

SHA512
6cbae19794533ad9401f92b10bd9549638ba20ce38375de4f9d0e20af20d78819e46856151cc6818325af9ac774b8128e18fbebd2da5da4efbd417fc2af51dab

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Feb2010_X3DAudio_x64.cab

Filesize
53KB

MD5
db47136a200e326174ce790359596eb6

SHA1
fabca8c0aa28164ef4fdb7ee4ae8942a275b1713

SHA256
832b6d48e169b4725ae482ea4d1c3360a09631a89b2fac3aba81a50805a50adc

SHA512
f3b04168ca14ad4586493ea985417cce43ee11f37aa1856e714f44e132a31dbb84934943b947cf0b2aa39344e183cba8b6f49431b4471bd0e623926def94cb8f

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Feb2010_X3DAudio_x86.cab

Filesize
20KB

MD5
88dfbb4c1876e80a1864265c61c7a7fd

SHA1
c6ee8cff225019a93308c896146d94b00fd5417e

SHA256
acba5c4d4ac90e1df1c8404be5ff780e24238153cb410af909cd4364d213f2a9

SHA512
35e564aeeb6e462221a36cfa680e7e932333b0b92b0115ce5306ff59784abb13b8f7527fdd686737170425f2719f2d3a6901dc9822af4d537d9b5377b6bf89e4

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dcsx_43_x64.cab

Filesize
735KB

MD5
850aafddfefea671a2e1bbf1b65f2a8e

SHA1
9679e7f294ca9de945b6f4f3d775d739dc2f8cd1

SHA256
cdbec7e3a5a0fef016eb294b036f93c75e45c6ead8d99397f859a32d23fe20cc

SHA512
d87d8d123700e02caa6562c9f22a90e86b2d8277b20089ab9d77a885094aef22bb69d60405b366ebf8cbf74f4b53a17095c3cc93b8bd3766cef7eb02bc47397b

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dcsx_43_x86.cab

Filesize
744KB

MD5
44dba9557f956787b66f285776c3dccb

SHA1
4560c64f8b6bbdeedd85398f2e18404c389e4d8b

SHA256
e2c5a2cbba7f211b6ca72ff8e5f69cba1f83be06357311b19e64f582fd3d14e4

SHA512
25fbc95346bac890fee8d2a0805015af1eda5e0bb17b12d4eef52ca446775d08898fe5c13239e983a0f8c8dd13f8f2a5247a70e8e785e2bae42ff5ab1cca4156

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dx10_43_x64.cab

Filesize
230KB

MD5
2d9586b276a561924ff2335fccaee914

SHA1
3b8114a8820a8df9df2321d6c4da8ea155ce736f

SHA256
efce48d425c07f1faad4a55d7061a01ed6245aac17f43163cf2a23cbc9a3054b

SHA512
d78ad87685eb71d2eb8c68e1e2c7fd5a90250f04059dd0016e4c8ca01bf53c02dea01998fe6de9ae3a3f76b2964d14a61e694546a2e6844bb304c315ae5b80e2

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dx10_43_x86.cab

Filesize
192KB

MD5
a89b98ab89e0d4ff9dae412d49e27c51

SHA1
18803d4bcc83ad39f25ff9f899baf136c89c10f1

SHA256
a8cf71ffb80b683616d0621be96d3795b0ffda3877ed2d80cd958bfa393ddcfc

SHA512
0b96a04663d2fbfb21901af832a5362785fb0270d1be0ef136549f07e2625653f8facd129889a5f3489fc8a1270abe474e4f1626ea630a3185a36812545b4dfd

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dx11_43_x64.cab

Filesize
134KB

MD5
96e7847a914afcb489194940b06a5c23

SHA1
9439907a1000b9dcb8989ffbd828e6294c277fba

SHA256
c1d0d56b83bfb09a5e1a89e1898bb74446a847b30a968f3664ec2d87368eb63e

SHA512
638485084884fab9d8952af17b24c4aef16dd026c75256026859bfe4f24d7f11fd2240cde8c5de0dab8968885a6d344da7335be257570e947bf5da8ac06f61ad

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dx11_43_x86.cab

Filesize
106KB

MD5
758c5a459978cb2c68a300a60da153be

SHA1
66d12509137f2b5e1a668df39e6ccce6402822c3

SHA256
a58cefe822e371d078eaf89319f832693352ba7d62079320074397f0f3425961

SHA512
f33d6fd3354310e6cc4b483eae955a9652e7f71ceef7c444bdef84251ffa6ec0b89886a2344d18e0a1ad5285123ad808904372289e1e1c8d14242483f0426588

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dx9_43_x64.cab

Filesize
915KB

MD5
063fa6f7061324eac1c4de0350c20e80

SHA1
daccf01b4b7493b88f04f9e50fe37c03846335ad

SHA256
9b98a1269af7f3a0007bfdc73206a47a6ee158d34ba8a87009396c18186bb06a

SHA512
3ad31100cbca4da52e46518e577dca94b595f9d47a3e9552cd764905ffc2876f9127b69a97bac44dbd754021e14ddec65480b7628a3768f03e53de8fbb08c547

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\Jun2010_d3dx9_43_x86.cab

Filesize
750KB

MD5
7749862c307e527366b6868326db8198

SHA1
bce9f21cdb1e101c7223c9e62eca61ec22d6bb81

SHA256
fcc6cf0966b4853d6fa3d32ab299cde5a9824feaecb0d4f34ea452fb9fd1c867

SHA512
b65a84535b749ade0f8ea1a8ab6239df8e82ad59cbdb07487fdbfcfcf57a565f493f56378e216859a081d23ddf7c671636f53ef821289d66452f09218080f02b

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\dxdllreg_x86.cab

Filesize
41KB

MD5
a025c67403dc2c2bcd709aa9435faeb1

SHA1
0433ee289e96a0d83a0c66ec35cf906a3e063884

SHA256
8ad77a4d9c76f65cd62337588f847cc1e0ca6ca9735937f3a781f7395e9566a1

SHA512
56bced81de59d413238b01396fafa6442ef6db0afaf237a699966df4753ed1a0b555450fa308f6965689a67f9fb5efb5d377d5f602a8d453ecceddca41072b45

Download Submit
C:\Windows\Installer\MSIF16~1.TMP\dxupdate.cab

Filesize
91KB

MD5
8adf5a3c4bd187052bfa92b34220f4e7

SHA1
b52be74c4489159bd343d3c647f28da1fd13d9b9

SHA256
13393a91201e69e70a9f68d21428453fff3951535dec88f879270269cfe54d6f

SHA512
3e2f2fe4b5742a4cf6ee2f6b8c0ca734fd0b3c5431dff112c907231846dd3eebee7b9b8117f0256119614282cc7a4896474a199563078481d48a1204ca96f92d

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
2KB

MD5
772bb5e76367e618b2cd3f458e900778

SHA1
5233c69a379240d36b5754b79a9fcf97c8070400

SHA256
c8d83995512f8946ae923c8737d273e7fc13f0292cc60591417092234cf6aa8b

SHA512
9f900af4de81567312f4386becfacfb7225a79549151b825d9c8912653baa2aac1b2068216f137a4f61ba3ca7cc4057d880203b50957a244f83190872c787a25

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
3KB

MD5
185cc089b42f2478683d97c3235c1b28

SHA1
cdd2e074e488d95b2c5383f78dc5ed2433a8fa56

SHA256
1aa2e2e12c93cf9a85bb8dbe9c7a36b2508b318b672f85a62f1fa9cc044de390

SHA512
f5a4b853c423a8c0ac9edcf716a78d2d21cce9f0f7990083b3566d5cbd1eb36e30490f5982bf33e5ac759ac31f6a7070ed05e8f35e9c4503fdc2e128a86c4a26

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
4KB

MD5
89cd0f33bd37e08052979e9e6f333e60

SHA1
1ca6f5f33ff8a0551928ee41263f8a45c9cdf35e

SHA256
dba96353e2bbaa11ba5ca289c5cea1299a2f31cacab1952481966fe6be9565f2

SHA512
687039cd590922588f4c19dc872b253e9ddb9cfff4a33c0377e3a4dc906f5255e3ec73cac6cc82c1a31c09ff4f0938df46baaabfc5aa74b7da03b54134ef46af

Download Submit
C:\Windows\Temp\{129CF5E3-CD4C-4EE6-B8D6-19C528C103F7}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{129CF5E3-CD4C-4EE6-B8D6-19C528C103F7}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{7B123FFA-C3A9-469E-BD92-0EB0BAE462C0}\.cr\vcredist_x64.exe

Filesize
632KB

MD5
94970fc3a8ed7b9de44f4117419ce829

SHA1
aa1292f049c4173e2ab60b59b62f267fd884d21a

SHA256
de1acbb1df68a39a5b966303ac1b609dde2688b28ebf3eba8d2adeeb3d90bf5e

SHA512
b17bd215b83bfa46512b73c3d9f430806ca3bea13bebde971e8edd972614e54a7ba3d6fc3439078cdfdaa7eeb1f3f9054bf03ed5c45b622b691b968d4ec0566f

Download Submit
C:\Windows\Temp\{A776DE17-57AC-4841-AA83-21F09615DDBE}\.cr\vcredist_x86.exe

Filesize
632KB

MD5
c9d95472a5627c6c455e74c8b8fef5be

SHA1
34cb7f8f8b8dede7be6fd99e2b4bddaa37e5db82

SHA256
4b1bf90a0e4e3a628613c2fe42ddba589ee6303e37ccc70cf99ddc92dde03b0b

SHA512
989caff542f310972c15364925af542984ca73c1c1eec82fcbd1ea4bf9186487fd8349989afc95db4e761ebcbb8b14ce49482bc61d51b3259d134c571f4fab31

Download Submit
memory/1280-851-0x000001EE99460000-0x000001EE99466000-memory.dmp

Filesize
24KB

Download
memory/1280-847-0x000001EE99480000-0x000001EE994B0000-memory.dmp

Filesize
192KB

Download