ab5d85d552e5cb1c5dae5a05da0a292b20966d1939e5ff90fda7adda2c5f2b4f

Analysis

max time kernel
41s
max time network
38s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-10-2024 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
Size

4.0MB
MD5

0cded5aac4df0591c6d46646fe5871a9
SHA1

8de20cdaa14652187778096f1379c2f299fc3444
SHA256

ab5d85d552e5cb1c5dae5a05da0a292b20966d1939e5ff90fda7adda2c5f2b4f
SHA512

e958cf89143bdbf044f298a2a4278b8ad1581ed818647ec592b2eaa14c64cf6987dc7e94f7f9cf261b26e71089a0e3f21561c0115aed5245a0b1dce8854a1e3b
SSDEEP

98304:PyAOZqRn3fmR8hPK9AKaVVXgOsicL1ib4XWk9otXGjylW:PVCqR3fmR8hJZb+ibcWgNmlW

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
2900	DXSETUP.exe
2836	DXSETUP.exe
2556	Installer.exe
2120	Installer.exe
900	DXSETUP.exe
2312	Installer.exe

Loads dropped DLL 64 IoCs

pid	Process
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2900	DXSETUP.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2836	DXSETUP.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe
2556	Installer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 15 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SETA999.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\D3DX9_43.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETAA46.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\XAPOFX1_5.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETA999.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\xinput1_3.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETAA26.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETA93A.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETAA26.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETAA46.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\SETAA47.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETAA47.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SETA93A.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\XAudio2_7.dll	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\D3DCompiler_43.dll	DXSETUP.exe

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DXError.log	DXSETUP.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	DXSETUP.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	DXSETUP.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	DXSETUP.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dw20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DXSETUP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dw20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dw20.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DXSETUP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DXSETUP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installer.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe

Modifies registry class 45 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\ = "AudioReverb"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\ = "XAudio2"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a508685-a254-4fba-9b82-9a24b00306af}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\ = "AudioVolumeMeter"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{cac1105f-619b-4d04-831a-44e1cbf12d57}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6a93130e-1d53-41d1-a9cf-e758800bb179}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_7.dll"	DXSETUP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	2636	vssvc.exe
Token: SeRestorePrivilege	2636	vssvc.exe
Token: SeAuditPrivilege	2636	vssvc.exe
Token: SeRestorePrivilege	1944	DrvInst.exe
Token: SeRestorePrivilege	1944	DrvInst.exe
Token: SeRestorePrivilege	1944	DrvInst.exe
Token: SeRestorePrivilege	1944	DrvInst.exe
Token: SeRestorePrivilege	1944	DrvInst.exe
Token: SeRestorePrivilege	1944	DrvInst.exe
Token: SeRestorePrivilege	1944	DrvInst.exe
Token: SeLoadDriverPrivilege	1944	DrvInst.exe
Token: SeLoadDriverPrivilege	1944	DrvInst.exe
Token: SeLoadDriverPrivilege	1944	DrvInst.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe
Token: SeRestorePrivilege	2900	DXSETUP.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe

Suspicious use of WriteProcessMemory 63 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	29
PID 2904 wrote to memory of 2900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	29
PID 2904 wrote to memory of 2900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	29
PID 2904 wrote to memory of 2900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	29
PID 2904 wrote to memory of 2900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	29
PID 2904 wrote to memory of 2900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	29
PID 2904 wrote to memory of 2900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	29
PID 2904 wrote to memory of 2836	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	34
PID 2904 wrote to memory of 2836	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	34
PID 2904 wrote to memory of 2836	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	34
PID 2904 wrote to memory of 2836	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	34
PID 2904 wrote to memory of 2836	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	34
PID 2904 wrote to memory of 2836	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	34
PID 2904 wrote to memory of 2836	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	34
PID 2904 wrote to memory of 2556	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	36
PID 2904 wrote to memory of 2556	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	36
PID 2904 wrote to memory of 2556	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	36
PID 2904 wrote to memory of 2556	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	36
PID 2904 wrote to memory of 2556	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	36
PID 2904 wrote to memory of 2556	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	36
PID 2904 wrote to memory of 2556	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	36
PID 2556 wrote to memory of 2220	2556	Installer.exe	37
PID 2556 wrote to memory of 2220	2556	Installer.exe	37
PID 2556 wrote to memory of 2220	2556	Installer.exe	37
PID 2556 wrote to memory of 2220	2556	Installer.exe	37
PID 2556 wrote to memory of 2220	2556	Installer.exe	37
PID 2556 wrote to memory of 2220	2556	Installer.exe	37
PID 2556 wrote to memory of 2220	2556	Installer.exe	37
PID 2904 wrote to memory of 2120	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	38
PID 2904 wrote to memory of 2120	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	38
PID 2904 wrote to memory of 2120	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	38
PID 2904 wrote to memory of 2120	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	38
PID 2904 wrote to memory of 2120	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	38
PID 2904 wrote to memory of 2120	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	38
PID 2904 wrote to memory of 2120	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	38
PID 2120 wrote to memory of 1712	2120	Installer.exe	39
PID 2120 wrote to memory of 1712	2120	Installer.exe	39
PID 2120 wrote to memory of 1712	2120	Installer.exe	39
PID 2120 wrote to memory of 1712	2120	Installer.exe	39
PID 2120 wrote to memory of 1712	2120	Installer.exe	39
PID 2120 wrote to memory of 1712	2120	Installer.exe	39
PID 2120 wrote to memory of 1712	2120	Installer.exe	39
PID 2904 wrote to memory of 900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	40
PID 2904 wrote to memory of 900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	40
PID 2904 wrote to memory of 900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	40
PID 2904 wrote to memory of 900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	40
PID 2904 wrote to memory of 900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	40
PID 2904 wrote to memory of 900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	40
PID 2904 wrote to memory of 900	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	40
PID 2904 wrote to memory of 2312	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	43
PID 2904 wrote to memory of 2312	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	43
PID 2904 wrote to memory of 2312	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	43
PID 2904 wrote to memory of 2312	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	43
PID 2904 wrote to memory of 2312	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	43
PID 2904 wrote to memory of 2312	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	43
PID 2904 wrote to memory of 2312	2904	2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe	43
PID 2312 wrote to memory of 2524	2312	Installer.exe	44
PID 2312 wrote to memory of 2524	2312	Installer.exe	44
PID 2312 wrote to memory of 2524	2312	Installer.exe	44
PID 2312 wrote to memory of 2524	2312	Installer.exe	44
PID 2312 wrote to memory of 2524	2312	Installer.exe	44
PID 2312 wrote to memory of 2524	2312	Installer.exe	44
PID 2312 wrote to memory of 2524	2312	Installer.exe	44

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-10_0cded5aac4df0591c6d46646fe5871a9_icedid.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DXSETUP.exe
  C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DXSETUP.exe /silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:2900
- C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DXSETUP.exe
  C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DXSETUP.exe /silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2836
- C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Installer.exe
  C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Installer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 1716
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2220
- C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Installer.exe
  C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Installer.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 1684
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1712
- C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DXSETUP.exe
  C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DXSETUP.exe /silent
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:900
- C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Installer.exe
  C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Installer.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
    dw20.exe -x -s 1664
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2524

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2636

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005B8" "0000000000000548"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1944

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000003AC" "00000000000005B8"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2952

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "0000000000000000" "0000000000000548" "00000000000003AC"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9f346eae14b02754ea3f4ae7a3c9f0f

SHA1
a047904919d6e9f540183ade360a00645a695f1a

SHA256
ab41279855a345dbcecf7f8097571b75a711cd70b087ca510c9cd24b445e453e

SHA512
f565319248e79022489fa79410f21ec9a00e31f206dc9aa8f58b47058ee88ee05da6aa17b754c173ca204e8ee5045072d3c1f6c98c444ea55428345e0e22c28f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBDF3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX657.tmp\D3DCompiler_43_x86.inf

Filesize
801B

MD5
90785e792edcfa7d43de9df2d1ac884d

SHA1
ea5d8bbbf131343dd0ddb2073dcbb7634e6bcecc

SHA256
8f68ccdd8ce1acfaa5c4afac6b2e96e23b7b532fbcbe9375709326083a134e85

SHA512
a2d15df6148b811ad5658d9692a737924a3ce3ae1007cd86b6ad994922d95d839258dd18d785425609970efa8a39ca79fa61512f7908891cf51cd0eeb6ad2b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX657.tmp\d3dx9_43_x86.inf

Filesize
779B

MD5
9141fa8db790807373411ee033a9129e

SHA1
9dc55e8c8f65f136d930b10f09247789b6719bf7

SHA256
d125f988976274cbbe55a4c5933dd78346654d91066dd97eced75aa4be53a85e

SHA512
9f2b2603e8e9eac8f5479c005367981c8728ee715c376ebdef7e535d39a1ef830218465234294e588f81e608c2cfc85304e6c4cafb11c8472bc09b9be6e88618

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX657.tmp\xinput1_3_x86.inf

Filesize
783B

MD5
e16c94edc4b577b7abe7b06e31376884

SHA1
e86cf530fe00c0fa2a107684a198b37e97b9ce76

SHA256
ba212aa1514df6509474a46c7b2fa07c210d249b524bf7d47d058461009a75c1

SHA512
5405f6936e05e1260a3778d86d76145d2853a345afa156ba6e0a7cf4bc9267cd4cbb5cd32878adda3c6130721218fb899fc896bf823cd63c32c7086b18cfe9db

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\D3DCompiler_43.dll

Filesize
2.0MB

MD5
1c9b45e87528b8bb8cfa884ea0099a85

SHA1
98be17e1d324790a5b206e1ea1cc4e64fbe21240

SHA256
2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c

SHA512
b76d780810e8617b80331b4ad56e9c753652af2e55b66795f7a7d67d6afcec5ef00d120d9b2c64126309076d8169239a721ae8b34784b639b3a3e2bf50d6ee34

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\JUN2010_D3DCompiler_43_x86.inf

Filesize
1KB

MD5
1a86443fc4e07e0945904da7efe2149d

SHA1
37a6627dbf3b43aca104eb55f9f37e14947838ce

SHA256
5dd568919e1b3cbcb23ab21d0f2d6c1a065070848aba5d2a896da39e55c6cbbf

SHA512
c9faa6bb9485b1a0f8356df42c1efe1711a77efa566eee3eb0c8031ece10ffa045d35adb63e5e8b2f79f26bf3596c54c0bd23fea1642faae11baf2e97b73cf5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\JUN2010_XAudio_x86.inf

Filesize
1KB

MD5
31d8732ac2f0a5c053b279adc025619f

SHA1
c8d6d2e88b13581b6638002e6f7f0c3a165fff3c

SHA256
d786d06a709d5dc26067132b9735fc317763fcf8064442d6f77f65012ba179da

SHA512
abc37922307f081a1ffdc956ce59598c19ad1939ecfb6ea3280aa6aa7a99c3eba5462731586ca262f7d7257d7d2a74ff57a45abf6b93521eb6f1c9f22f8eb244

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\JUN2010_d3dx9_43_x86.inf

Filesize
1KB

MD5
a11deb327119b65bacce49735edc4605

SHA1
0be2d7fa6254b138aa53d9146cda8fedbba93764

SHA256
6b33d32da02f664092d44b05237990f825b4062c105a063badcf978648b5e95b

SHA512
b0134a3d6f2d576e5fafb601014ab66fef91d661013acc8a7a9129940369a1d9ed5c0f228bb1666a4e891f09b4b18e83f0cb2080047aa84fa45ab663e5739a31

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\XAPOFX1_5.dll

Filesize
72KB

MD5
8a4cebf34370d689e198e6673c1f2c40

SHA1
b7e3d60f62d8655a68e2faf26c0c04394c214f20

SHA256
becfdcd6b16523573cb52df87aa7d993f1b345ba903d0618c3b36535c3800197

SHA512
d612e2d8a164408ab2d6b962f1b6d3531aed8a0b1aba73291fa5155a6022d078b353512fb3f6fff97ee369918b1802a6103b31316b03db4fa3010b1bf31f35fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\XAudio2_7.dll

Filesize
514KB

MD5
81dfddfb401d663ba7e6ad1c80364216

SHA1
c32d682767df128cd8e819cb5571ed89ab734961

SHA256
d1690b602cb317f7f1e1e13e3fc5819ad8b5b38a92d812078afb1b408ccc4b69

SHA512
7267db764f23ad67e9f171cf07ff919c70681f3bf365331ae29d979164392c6bc6723441b04b98ab99c7724274b270557e75b814fb12c421188fb164b8ca837c

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\apr2007_xinput_x86.inf

Filesize
1KB

MD5
e188f534500688cec2e894d3533997b4

SHA1
f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

SHA256
1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

SHA512
332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\d3dx9_43.dll

Filesize
1.9MB

MD5
86e39e9161c3d930d93822f1563c280d

SHA1
f5944df4142983714a6d9955e6e393d9876c1e11

SHA256
0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

SHA512
0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\dxupdate.inf

Filesize
12KB

MD5
e6a74342f328afa559d5b0544e113571

SHA1
a08b053dfd061391942d359c70f9dd406a968b7d

SHA256
93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca

SHA512
1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXA776.tmp\xinput1_3.dll

Filesize
79KB

MD5
77f595dee5ffacea72b135b1fce1312e

SHA1
d2a710b332de3ef7a576e0aed27b0ae66892b7e9

SHA256
8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

SHA512
a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXBDE3.tmp\XAudio2_7_x86.inf

Filesize
882B

MD5
43c696383f239970837409719508c896

SHA1
e822e14e4700025acaca0ce6aacf486eb0a9c4ae

SHA256
1ebd56e5bc5d6442f01ac9faf333cb513ebc6397945e7f577a5970778cc636ee

SHA512
e77eed171399f58d59a586593904d2451e884a49fd9bbfde10ee1a09f1bd54c5396aff5e58625e0fe1c4f2a87c69366644190518826596d6547860106e8a4c95

Download Submit
C:\Users\Admin\AppData\Local\Temp\DXBDE3.tmp\dxdllreg_x86.inf

Filesize
724B

MD5
8272579b6d88f2ee435aeea19ec7603d

SHA1
6d141721b4b3a50612b4068670d9d10c1a08b4ac

SHA256
54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40

SHA512
9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC61E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DSETUP32.DLL

Filesize
1.7MB

MD5
0f58ccd58a29827b5d406874360e4c08

SHA1
ba804292580be6186774e7f92e6dfb104e46bf25

SHA256
642d9e7db6d4fc15129f011dce2ea087bf7f7fb015aececf82bf84ff6634a6fb

SHA512
3e3d4f2de5dc5addc86765a2f888487ea0c9ee0208fac60187ddaa9a2bfd73cfd7734836d32805fa43222470c8f6cb9a10e2a099aef72c67ad7c789096e57ce4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\dsetup.dll

Filesize
87KB

MD5
9e0711bed229b60a853bcc5d10deaafc

SHA1
2bea53988bd35c5df5c9edcef0bc234c37289477

SHA256
def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0

SHA512
c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\ICSharpCode.SharpZipLib.dll

Filesize
197KB

MD5
c0f949d99c5f4eb25c2f70a7f1e7c9d1

SHA1
87400242cd5e57404b4c76f725165c55dc9f4a25

SHA256
d6645d9c348dd5cd24bba8ac82b55ef2f9f1ee583f3a100510e95a2d59a8ad4a

SHA512
dd78734143bf9deebe4f664ddae1ccca0837c2a410cb858b739dd8f7141d346cacb544d801333600b95fffe41088d34913f03f0c5ead618767a1083705326a95

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Installer.exe

Filesize
355KB

MD5
7826681e8a5f99526fb6cfcfc8caf401

SHA1
06cea72789ce112b741ea6958c076e2e858996ad

SHA256
966d971d4b3afd0ee627a3987b3e035402ba164fd0f73f7f816b5c8a598ff8cf

SHA512
a69f9453ebc091511d44fc6d10475c35f44b203b98767fb8790b2b93398cbbf374cc31442880442dd3ec876e9cb6cb389a6fbd227674836d7750004be8cf9035

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Interop.IWshRuntimeLibrary.dll

Filesize
53KB

MD5
59dff9c35a8fa6a0f2703a803bb09fc8

SHA1
eea29cf6ef0505fe5eb3319e5da586de2bb984d9

SHA256
e86cb5f823e7f8255c1eba609f5fac09e6dd6f05b582455626d16e277b8faee8

SHA512
a350eeab9e0b7bc443cefdec24003790a063f02ce41654f7f33420ad2c7dadae0d34844eed537e886a3bbbd496927e8e0f42d5c11e8f30fabe4f9ffdf99739f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Languages.loc

Filesize
76KB

MD5
a950492cb6d0a878b689619e42ad8695

SHA1
6c87da6bbba0c5f5c25f2511fb2afb012a3d662b

SHA256
0e032c9b506aa022cf348deffa438b703002061d1e8095cd01d6c6f67a4e320b

SHA512
594e088d4c1146f926e5ffc423bd89e51920a018f35eaeda8127f99ee75c8b901d310858027fbe592ddf7a8b6a295930593fe11c6f6a8773a066f6c713610be6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\LauncherMetrics.dll

Filesize
30KB

MD5
23a155256f212314f3d8d27ffa19ae9e

SHA1
b2a81d226cd754a2b39227cc16c7f2eab686277a

SHA256
ebac88884237a70d3b1dfdf4e6c65a71120b59f099ea952e2076ea30dff3adc7

SHA512
881056ed35943561374f86c0296c8bc48529510f869a21b1c5144d29313f5459e87e0eac42b04390cb6d292b2097074fce5ac107b19b67befceca55ba14d7627

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\MiscUtil.dll

Filesize
173KB

MD5
c9830dfc3fca4b7996a751ddde48d68a

SHA1
ad3c0eb6431dc38be3f9003f2a3853858ff7061c

SHA256
310939d4093cf34db506f388c367b5f96e60e18f2bf64c231884f1c015f43392

SHA512
8e796bb0309ffc3a0b16a8986ce1ce692d4404b5040d64f2aa3a342c9e331c5fbfd353223193d22173adedbb7c1cdf4bada831c5155b7b5d9f313ad211acecb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Mono.Nat.dll

Filesize
46KB

MD5
e301977563d1c1e46d34034f706f859b

SHA1
501299b6c5f081114cbcfd56a8b67d01a0bbfceb

SHA256
d2a32038d328a5b805335a0978d7acacd6ea1cb98c05bf02b55411cfb536b13f

SHA512
99f0efba8b766f0a74915471314a5576f7aeea52251402e7954cce6dc227e07e17fa4570b0981724805c3bc48c9c5f1e7ae26b6331c51f8baf6e9c43b99ebab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\MonoTorrent.dll

Filesize
361KB

MD5
9b15eedaab01bdaefb515739d2d3316d

SHA1
80a175ebe3fd5f573c898ae7cace4a23dbd1c4eb

SHA256
67e65402cdb720d2061b1ea19bdcacb17bbc32869fa19c3edee818e5358f91c6

SHA512
88024b32a5a75c68bc90a5be30d7c8e01b8615f0d52f09407f258c5654b34f5b6385cd99a3050f9b33e846088cfb3f52cacc1c03b8786ab54d2125dfa9722d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Ubisoft.Localization.dll

Filesize
14KB

MD5
ff9154ee3b9a580daf535b086167a477

SHA1
5127cf9f5d1972b5bc8718286c510f5e57f40140

SHA256
0dfe0361997a5c29af42067894295a947abe3e3dc0e0f36b44eaee808dae9f07

SHA512
31621b79a5740a64e45bdb08fb34ba6937774774d9c0cdb4a70d2e63064e927ff8ac7c3d3fcf4a71181391482a27a5733eb248872c514ded9416ffc67c56f293

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Ubisoft.Update.dll

Filesize
165KB

MD5
9cc8e67c5675b3a13bf9dd01662b5ec0

SHA1
44f0f8fa9e73e3bfdcf01a4944037f04b9f8f2fd

SHA256
c3dc6e3c8a431df27be9476e59b2a99d23335244ff71129c1f9e092035b2e867

SHA512
8f3d360a436f9b84109cd0c7f5d36b213a9546fed9447c187bec6ef03ed468caeac47c0fb61568b5be04464b4df3ce8c682961d1710117076af2247d9c275ad0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\Ubisoft.Utils.dll

Filesize
101KB

MD5
b449cac85be3b14a90d11dbe5765b7d2

SHA1
c5dc43ce008d508494da031e54ee80d2d47e5053

SHA256
507698c9ce5f3a37a30166c9b0ca423f502a83b70f56d36d761a810b6b2dbd49

SHA512
f6a6f7ea0b369612a291837bd47ac01ded7e7f1c1aa0aee87bc3cc1637754492e65cdc372c8d751a119cedb6bf2e1469b243861a00b5ff9dde2bbe6ff0e2f329

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\UpdateContracts.dll

Filesize
19KB

MD5
bcc474be10a59e66a7a6d64217f21800

SHA1
955470abee31fc8234d5bcea1d03bee9f4725a1f

SHA256
c401f22e7b609eb92bae8e1bbf178b553ca2e9cb4fdf5334ccc49c1ef328cca1

SHA512
81655613f957356acf47960b2926d24c55419ce188d86e7c443a28d54a06debd7f33381f0184c7d1d8e158ca855f2c664a5a3e152ff53cbea593c69e070453ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\InstallLauncher\config.ini

Filesize
268B

MD5
c711848b6c1fa9bb299880f67fdd6e1d

SHA1
e5ac85e8a70b759e3de9ca8779d00cd862176ac4

SHA256
144d346caabee5608517d1177a1a56e5fbaff535ee3026bbc4e83a6071cf9896

SHA512
2e043511602107ccecc13f43496de15cf8dcd96e0c20c7d45b4a0c0b5bef0414e1a591db8375850f5db61df53edae4670641bcb5a65358759983f68ae25d2ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E7057~1\DXRedist\Apr2007_xinput_x86.cab

Filesize
52KB

MD5
c234df417c9b12e2d31c7fd1e17e4786

SHA1
92f32e74944e5166db72d3bfe8e6401d9f7521dd

SHA256
2acea6c8b9f6f7f89ec51365a1e49fbd0d8c42c53418bd0783dbf3f74a744e6d

SHA512
6cbae19794533ad9401f92b10bd9549638ba20ce38375de4f9d0e20af20d78819e46856151cc6818325af9ac774b8128e18fbebd2da5da4efbd417fc2af51dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E7057~1\DXRedist\Jun2010_D3DCompiler_43_x86.cab

Filesize
909KB

MD5
f7f554aa613eccf065575b8c69717ef7

SHA1
8417886d47c19cf6892f4080ddd5aaa1a49db3e9

SHA256
417eebd5b19f45c67c94c2d2ba8b774c0fc6d958b896d7b1ac12cf5a0ea06e0e

SHA512
618f6dbb5bd9d44a8f10d119f5ef644f168fe3d8db986994e8cce31d1f11ff9ac872b389d1f218a82ff8b397bface587f97ca21e8f77433dbadb2ac475e9e6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E7057~1\DXRedist\Jun2010_XAudio_x86.cab

Filesize
271KB

MD5
9d2da3b1055120af7c2995896f5d51ed

SHA1
2df40d48c69d7cfb4e0c19f07a019f5f123303fa

SHA256
7b4332207563beba1103744b6db5399ad150e9e6838f9d5a71497e7eb3645ebf

SHA512
deb76247b3003fc59c0a95cc2a47d6dd56e2d75aec81c3ab6ca6c0c513fb054e8025c871e97b7d7f2c823df54a2fe8202f4c0caf677251070b8bce40d2db70f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E7057~1\DXRedist\Jun2010_d3dx9_43_x86.cab

Filesize
750KB

MD5
7749862c307e527366b6868326db8198

SHA1
bce9f21cdb1e101c7223c9e62eca61ec22d6bb81

SHA256
fcc6cf0966b4853d6fa3d32ab299cde5a9824feaecb0d4f34ea452fb9fd1c867

SHA512
b65a84535b749ade0f8ea1a8ab6239df8e82ad59cbdb07487fdbfcfcf57a565f493f56378e216859a081d23ddf7c671636f53ef821289d66452f09218080f02b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E7057~1\DXRedist\dxdllreg_x86.cab

Filesize
41KB

MD5
a025c67403dc2c2bcd709aa9435faeb1

SHA1
0433ee289e96a0d83a0c66ec35cf906a3e063884

SHA256
8ad77a4d9c76f65cd62337588f847cc1e0ca6ca9735937f3a781f7395e9566a1

SHA512
56bced81de59d413238b01396fafa6442ef6db0afaf237a699966df4753ed1a0b555450fa308f6965689a67f9fb5efb5d377d5f602a8d453ecceddca41072b45

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E7057~1\DXRedist\dxupdate.cab

Filesize
91KB

MD5
8adf5a3c4bd187052bfa92b34220f4e7

SHA1
b52be74c4489159bd343d3c647f28da1fd13d9b9

SHA256
13393a91201e69e70a9f68d21428453fff3951535dec88f879270269cfe54d6f

SHA512
3e2f2fe4b5742a4cf6ee2f6b8c0ca734fd0b3c5431dff112c907231846dd3eebee7b9b8117f0256119614282cc7a4896474a199563078481d48a1204ca96f92d

Download Submit
C:\Windows\Logs\DXError.log

Filesize
699B

MD5
dd5d6742fa75f999f33950fa607c3605

SHA1
637073ede19e529f0a416ed395201d6c920bf69d

SHA256
41c3b333aa90c1ebea960e4329937351d6755b9f033be0523eafb654226bb599

SHA512
14266a5845f95f9b9c5b01348e3caaf4ed7a8fd32866e4cb0cac339b91888e107e4906141c6cb0fb7ad4794b5668ad03717c149af63a55f237e591a917bcb05e

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
65KB

MD5
4f8bda2ba6f5fc62e869ce6654c98b98

SHA1
b304cb8e9b17ace6ba7140da86d832749eec9d8f

SHA256
17440856daec588c8098fc547b34bcd15c9fbc42256c92b88dabdfd36b71cacd

SHA512
60dba2748a6c8b41d91fd7bd5b0db44e036af0de7900f7c2dfd470ec7e0860b84c8e8c14e8c63012d50966e5d4a80bd53cb889fd57d1d2631b63ff9553004ae1

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
12KB

MD5
cdc47675a2dc4495d169a6ab4de28409

SHA1
0976e16cb91dafd72eb96536a28c7e2275891f31

SHA256
1a6018f509ad429a3dcbec44e50c16409f4ecf0f4adb5eba09dcda620dc63f78

SHA512
0c56851ce1e643d9299a8c86788ccd16a94065c5ebf91aadf5387351cdb97c41d2534b60a3eb7b944f87c0160814bec279206fc4d7bd5f1673bafbe68e1efe5e

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
474B

MD5
d2a307c98e73ddf3342cf7dac228aed9

SHA1
79e4d2bb74d4c0113a31e52836bf47b9f1af245f

SHA256
f55e92792103f8c523d21479640b1a48abdb02301027ba9d3a1d8aad3fe960da

SHA512
d1472b680b995c7ff6a909af5ab52ecd7771eece25ab4cc1cf032b05a723a84aa4b3663cc16dee67762941010f0adb8c0c86e16a0a5458047699932488ed9ef1

Download Submit
\Users\Admin\AppData\Local\Temp\DXA776.tmp\dxupdate.dll

Filesize
168KB

MD5
94202f25810812f72953938552255fb8

SHA1
c1e88f196935d8affc1783ccf8b8954d7f2bfb62

SHA256
6dcad858cc3ff78d58c1dae5e93caf7d8bacb4f2fcf9e71bccb250bf32c7f564

SHA512
65b66d07ef68e0d1e79f236a4800c857e991ee3ff80ece4cfdd0b5f6083ea16f8a52d351c3af721cb05c06394ec91b4b5e3cfa4b0f0879f7549f3e3ed035e79e

Download Submit
\Users\Admin\AppData\Local\Temp\{E705746A-C988-40C2-A49F-EC2A240809A1}\DXRedist\DXSETUP.exe

Filesize
524KB

MD5
ddce338bb173b32024679d61fb4f2ba6

SHA1
50e51f7c8802559dd9787b0aebc85f192b7e2563

SHA256
046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de

SHA512
7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4

Download Submit