Malware Analysis Report

2024-12-01 01:19

Sample ID 241110-bwqptswhjg
Target http://files.flatredball.com/content/XnaInstall/XnaForVS2019.zip
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://files.flatredball.com/content/XnaInstall/XnaForVS2019.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Modifies registry class

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-10 01:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-10 01:29

Reported

2024-11-10 01:32

Platform

win10v2004-20241007-en

Max time kernel

140s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://files.flatredball.com/content/XnaInstall/XnaForVS2019.zip

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\SET193B.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\xactengine3_6.dll C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET19C8.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\XAudio2_6.dll C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET19D8.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET189F.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET189F.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\D3DX9_41.dll C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET19D8.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET197A.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET1776.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET193B.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\X3DAudio1_7.dll C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET197A.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET1776.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\d3dx9_33.dll C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET1812.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\XAPOFX1_4.dll C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File created C:\Windows\SysWOW64\SET1812.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\xinput1_3.dll C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File opened for modification C:\Windows\SysWOW64\SET19C8.tmp C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\PipelineSegments.store C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.1.10527.100\runtimehost.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\Contracts\Microsoft.Xna.GameStudio.PlatformExtensibility.Contracts.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddInViews\Microsoft.Xna.GameStudio.PlatformExtensibility.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaPack\XnaPack.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddIns\AddIns.store C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddIns\AddIns.store C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\HostSideAdapters\Microsoft.Xna.GameStudio.PlatformExtensibility.HostSideAdapters.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransZ.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\mscorlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\runtimehost.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\system.xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\Microsoft.Xna.RemoteServices.dll.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.0\Microsoft.Xna.Framework.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.1\system.core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddInSideAdapters\Microsoft.Xna.PlatformTools.ContentPipeline.Adapters.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.0\Microsoft.Xna.Framework.Game.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_X3DAudio_x86.cab C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\APR2007_xinput_x86.cab C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.0.11010.0\Microsoft.Xna.Framework.Game.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.0.11010.0\system.xml.linq.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\system.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddIns\v4.0\Microsoft.Xna.PlatformTools.ContentPipeline.AddIns.v4.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\PipelineSegments.store C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddIns\AddIns.store C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddIns\XboxZune\XnaPEVerifier.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.1.10527.100\mscoree3_5.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.1.10527.100\mscorlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\mscoree3_5.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\system.sr.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.0\system.xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.1\Microsoft.Xna.Framework.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.0.11010.0\mscoree3_5.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.0.11010.0\system.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.1.10527.100\system.core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.1\Microsoft.Xna.Framework.Game.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dxupdate.cab C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\PipelineSegments.store C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\PipelineSegments.store C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.0.11010.0\mscorlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.0.11010.0\runtimehost.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.1.10527.100\system.xml.linq.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\Microsoft.Xna.Framework.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\HostSideAdapters\Microsoft.Xna.PlatformTools.ContentPipeline.Adapters.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\x86\XnaTransZ.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DSETUP.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\v4.0\EULA.en-US.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Mar2009_d3dx9_41_x86.cab C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_XAudio_x86.cab C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.0.11010.0\system.xml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\Contracts\Microsoft.Xna.PlatformTools.ContentPipeline.Contracts.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddIns\XboxZune\Microsoft.Xna.Framework.Tools.Packaging.Validator.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.0\system.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.1\mscorlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Device Center\XnaDeviceCenter.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\XnaVisualizerPS.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune\3.1.10527.100\Microsoft.Xna.Framework.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddIns\v3.0\Microsoft.Xna.PlatformTools.ContentPipeline.AddIns.v3.0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\ValidatorRuntimes\Zune\Zune.v3.1\system.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddInSideAdapters\Microsoft.Xna.GameStudio.PlatformExtensibility.AddInSideAdapters.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe.config C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dsetup32.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\DeployableRuntimes\Zune4\3.1.10527.100\system.core.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\EDE8C96D5CBBB634E8E05C6A3D11FCF4\4.0.30901\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\EDE8C96D5CBBB634E8E05C6A3D11FCF4\4.0.30901\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9844.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\M0XSQQID\Microsoft.Xna.GameStudio.PlatformTools.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{89690B51-2E21-4E93-914E-F9CAC5B24A84}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\0WYNQA5N\Microsoft.Xna.Framework.Storage.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\5ETYZZQ1\Microsoft.Xna.GameStudio.DeviceManagement.UI.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\S63AEO6M\Microsoft.Xna.Framework.Xact.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\EDE8C96D5CBBB634E8E05C6A3D11FCF4\4.0.30901\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5725.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\SJOBIIRX\Microsoft.Xna.Framework.Input.Touch.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
File created C:\Windows\Installer\SourceHash{89690B51-2E21-4E93-914E-F9CAC5B24A84} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\GKGJEP2O\Microsoft.Xna.GameStudio.DeviceManagement.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\CD0E4MOA\Microsoft.Xna.RemoteServices.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{89690B51-2E21-4E93-914E-F9CAC5B24A84}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e589614.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4A81.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\BZEXJVC1\Microsoft.Xna.Framework.GamerServices.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\F8DCZ9S4\Microsoft.Xna.Framework.Net.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e589611.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e589611.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Logs\DirectX.log C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
File created C:\Windows\Installer\e589616.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e589614.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\A5R7GYYZ\Microsoft.Xna.Framework.Game.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\EDE8C96D5CBBB634E8E05C6A3D11FCF4 C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\$PatchCache$\Managed\EDE8C96D5CBBB634E8E05C6A3D11FCF4\4.0.30901 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\$PatchCache$\Managed\EDE8C96D5CBBB634E8E05C6A3D11FCF4\4.0.30901\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\GACLock.dat C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\EDAYITEI\Microsoft.Xna.PlatformTools.ContentPipeline.Views.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\RVMH11DB\Microsoft.Xna.Framework.Graphics.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\L2EKREFN\Microsoft.Xna.Framework.Avatar.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI96FB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA325.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\YHZ45N8X\Microsoft.Xna.Framework.Video.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9FE7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA1CC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e589613.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\assembly\tmp\DN57KS0U\Microsoft.Xna.Framework.dll C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000e6cf55ff94a5976e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000e6cf55ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900e6cf55ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1de6cf55ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000e6cf55ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust" C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption" C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "5" C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\15B0969812E239E419E49FAC5C2BA448\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll" C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Video,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 5f006b0079007b006d00580043007200610039002c0027007b005a005e002700600040006000410058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e00550048004a0055006e0053003d0052005d00380048004d005d00250038005d00400059006900750000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\XnaForVS2019\\XnaForVS2019\\2. XNA Framework 4.0 Redistribution\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D} C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XnaClubPackageFile.2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\15B0969812E239E419E49FAC5C2BA448\PackageCode = "B71D6C58ECEB1EB468B70CE2EBF100A5" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Graphics,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 5f006b0079007b006d00580043007200610039002c0027007b005a005e002700600040006000410058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0055006a0064003f003d002e00310076002400390053007e005a00340068007b0055006f007a00690000000000 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Xact,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 5f006b0079007b006d00580043007200610039002c0027007b005a005e002700600040006000410058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0058003600520051006200610026006500470040005b002d003200630041007600560064007300740000000000 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\OutputTypes = 6175647300001000800000aa00389b710100000000001000800000aa00389b71 C:\Windows\syswow64\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32 C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ThreadingModel = "Both" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6DAAB30E3CF846047AB29B2E7CD2D3E2\15B0969812E239E419E49FAC5C2BA448 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Avatar,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 5f006b0079007b006d00580043007200610039002c0027007b005a005e002700600040006000410058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e006000490066005200610038006c007d006e00400064003100700042005b00330060002c003900350000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ccgame\ = "XnaClubPackageFile.2" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.ccgame\OpenWithProgIds\XnaClubPackageFile.2 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\15B0969812E239E419E49FAC5C2BA448\DeviceManagement C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32 C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32 C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\Version = "67139765" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32 C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\PackageCode = "02E5359D2EEEF614C80C345380F8B4D6" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\ = "XnaVisualizerDmo" C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XnaClubPackageFile.2\shell\ = "Open" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.GameStudio.DeviceManagement,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="6D5C3888EF60E27D",processorArchitecture="MSIL" = 780045007500310054005900410059003900410078006d00240038006a00700057002800540052004400650076006900630065004d0061006e006100670065006d0065006e0074003e003d007e002d00480065005f006600400056003d006b005f002d0026006f003f0045003f003300460000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both" C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\XnaClubPackageFile.2\shell\open\command\ = "\"C:\\PROGRA~2\\COMMON~1\\MICROS~1\\XNA\\XnaPack\\ccgame.exe\" unpack \"%L\" /showui" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\ProductIcon = "C:\\Windows\\Installer\\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}\\ProductIcon" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32 C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\15B0969812E239E419E49FAC5C2BA448\PlatformToolsRegistration C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 5f006b0079007b006d00580043007200610039002c0027007b005a005e002700600040006000410058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0065006a0036002d0051005b002d0065003900400060004a003d006e0079005e005b005d002a00710000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\XnaClubPackageFile.2\DefaultIcon C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\ = "XACT Engine" C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\ProductName = "Microsoft XNA Framework Redistributable 4.0 Refresh" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\500BB8FAD5F3D2A4D9EFC01E0702D939\EDE8C96D5CBBB634E8E05C6A3D11FCF4 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32 C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de} C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb C:\Windows\syswow64\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\XNA\\Framework\\Shared\\xnavisualizer.dll" C:\Windows\syswow64\MsiExec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.PlatformTools.ContentPipeline.Views,fileVersion="4.0.30901.0",version="3.1.0.00000",culture="neutral",publicKeyToken="6D5C3888EF60E27D",processorArchitecture="MSIL" = 780045007500310054005900410059003900410078006d00240038006a007000570028005400520050006c006100740066006f0072006d004d0061006e006100670065006d0065006e0074003e002d007d006c0047006c00310063006f0063003f00460036004a006a00740056006b007b005400470000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\15B0969812E239E419E49FAC5C2BA448\CCGamePackaging C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\15B0969812E239E419E49FAC5C2BA448\ProductName = "Microsoft XNA Game Studio Platform Tools" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\6DAAB30E3CF846047AB29B2E7CD2D3E2 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\XnaClubPackageFile.2\shell\open C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\15B0969812E239E419E49FAC5C2BA448\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\15B0969812E239E419E49FAC5C2BA448\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\15B0969812E239E419E49FAC5C2BA448\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Game,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 5f006b0079007b006d00580043007200610039002c0027007b005a005e002700600040006000410058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0048006100380066004c0049004f0071007b003f00380032003100310034002e002400740052006c0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\EDE8C96D5CBBB634E8E05C6A3D11FCF4 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.GamerServices,fileVersion="4.0.30901.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 5f006b0079007b006d00580043007200610039002c0027007b005a005e002700600040006000410058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e007a00770076007100640077006800410066003d007a0027006500360077004900760034006700560000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\EDE8C96D5CBBB634E8E05C6A3D11FCF4\SourceList\PackageName = "XNA Framework 4.0 Redist.msi" C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4908 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 1504 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 5100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://files.flatredball.com/content/XnaInstall/XnaForVS2019.zip

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5e5b46f8,0x7ffd5e5b4708,0x7ffd5e5b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\3. XNA Game Studio 4.0 Platform Tools\XNA Game Studio Platform Tools.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 6A59CB9CA45DEF29453B5971355FC933

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F06557C8513B0B126191112C3CCEDAFA E Global\MSI0000

C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe

"C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe" -PipelineRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\." -Rebuild

C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe

"C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe" -PipelineRoot:"C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\." -Rebuild

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe

"C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\1. DirectX\DXSETUP.exe"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\2. XNA Framework 4.0 Redistribution\XNA Framework 4.0 Redist.msi"

C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe

"C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe" /silent

C:\Windows\syswow64\MsiExec.exe

"C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\XnaForVS2019\XnaForVS2019\2. XNA Framework 4.0 Redistribution\XNA Framework 4.0 Redist.msi"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16964506202324270923,966726645132244364,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 files.flatredball.com udp
US 208.97.144.61:80 files.flatredball.com tcp
US 208.97.144.61:80 files.flatredball.com tcp
US 208.97.144.61:443 files.flatredball.com tcp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 61.144.97.208.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 246.197.219.23.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

\??\pipe\LOCAL\crashpad_4908_IFDDFWOMRLGJNIXQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 044010feb9fa2cc04ce49e0c7e22f7a2
SHA1 75e9b315786a68aad3166d47713f1f28d3968818
SHA256 9e7d61ea3c2684ce4a04907e6d11105a200f45bc71fb2a3fd64471f3b0bb92af
SHA512 f448738451059e92890733da8fb2bfd2e89009988b31a846941ca7da771e2810d8b2b1b7e0929decd8a0fd50aa015cd972ac4fa7125e0713ca83219644891a98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5fbdb82445e68b89286d2fe12bc4b262
SHA1 863e60b22e79569bda4c0dcca3397b27cfc4b447
SHA256 8bb2979fd6cb9df47b50a4ef3585fa12c12714b4fb8a1d8d1a54003900a74ce4
SHA512 51c9cc103954f79de1ff1abc9ed464840dbb7bbc4713f6fd6117ae6ff2b98e3dece272c3824c7b49b8f661ddf0969cf11f23ccd3f974963572c040e6ea2e8f57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54880e2b397d73a3f8e257096cd2c5af
SHA1 1ceb421793fc47cf62391fe8a9636ba0d8485657
SHA256 5fda0c41ca11eeeea92735da35b608ce59f8c9f80769c7fbe00ddbec0fc10ad4
SHA512 25f35c66ab8b0bd7064048ec95a9554558eed21b33cd40fe5394de43f38eb4e3a66f8b9f81c85968aa38cd1f8ff4b4eea81ec6763964a3c8b58abe70b7e11269

C:\Users\Admin\Downloads\Unconfirmed 667877.crdownload

MD5 935b2a1d7356358708cae4e023750e50
SHA1 ceb0fdc790400d3a6415d17436ab9774ad9cc935
SHA256 5163347c8553f5b6f164451cb133bbbb0348cf06a322bc870bc8e50da898a0ea
SHA512 674e453ac08a6a36adbd5134c764269898efe115fe420ee39b2e2d5a9867d543d98db903449c0f69126824198831739451da81c58a7f191dc7fd917d143b6af3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 74a86fb9022f60468ee9bbaabb1a1b3e
SHA1 a3ecccb25d810c28715792a216158df237f57a78
SHA256 8fa6a6c2ed8066ba5dc7585698582bc08755e5615d57fe3f6a1e778c7046e7be
SHA512 35915018253521d2a1543e42864cefb254b2844e8c1e5629f313098e5c6de094a23ad5a778f7f20c937f068454460d73cde9e091cd083502d792c853e182b714

memory/5344-93-0x000002E452120000-0x000002E452188000-memory.dmp

C:\Windows\Installer\MSI96FB.tmp

MD5 f620ecc400d06c433c1ce18bafeffef5
SHA1 318faf42d53e313180da89e6c3cd5c5b10039172
SHA256 b9019a08ea0e058d999fbee32241366dfe874ce101358c6e61c7e36cecc59e49
SHA512 535e82f575fca4857cceb2034f7c49b14dc523ca665737fafb043e494adf65c29b80218b36578c931b60061feee6f1cb54ed4ade0f62ede89aceabf32c73341e

\??\Volume{ff55cfe6-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{aa1786ce-31e0-47c8-bdf9-bb43a7ce19fa}_OnDiskSnapshotProp

MD5 d1f733fdc33fe5cb237b2e1962691aa5
SHA1 ab29c0a9c9b8e20085478f0e0cf9647cef6f4bc8
SHA256 e32b4286d7ddc4ed58994ffbd3a96edba9bcbbb6154bc88140c153324b14e735
SHA512 75a6a081eb7267d8aa9bf5ee24557c1ab8e0a741aff1e238933e4ab91c1a1050710c8d151352fb3575ad3b814a471ecd547d22252183027c3fbce13bee194de4

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 59298339e4c368f925ab11e11ad66d3c
SHA1 25502a665bc2624db0d7797bf78dc8fc4361c19b
SHA256 d4224d529227ff314e5a4c7eecc16cdb1ba17772e8c993c1ae79d003bb202120
SHA512 ca187e51b9d13eafbab906fcd48c31f15e84f5ee4b970bee4384ff59ff0078ef4b90defb67a24c91e403f52fcfdefb785b483efc5de91f6e7238309ae4792ceb

memory/5468-149-0x000001A9098A0000-0x000001A9098A8000-memory.dmp

memory/5468-152-0x000001A9098B0000-0x000001A9098BA000-memory.dmp

memory/5468-155-0x000001A909900000-0x000001A909932000-memory.dmp

memory/5468-161-0x000001A909940000-0x000001A909968000-memory.dmp

memory/5468-184-0x000001A9098C0000-0x000001A9098CA000-memory.dmp

C:\Windows\Installer\MSI9FE7.tmp

MD5 33908aa43ac0aaabc06a58d51b1c2cca
SHA1 0a0d1ce3435abe2eed635481bac69e1999031291
SHA256 4447faacefaba8f040822101e2a4103031660de9139e70ecff9aa3a89455a783
SHA512 d5216a53df9cfbe1a78629c103286eb17042f639149c46b6a1cd76498531ae82afd265462fbe0ba9baaff275fc95c66504804f107c449f3fc5833b1ed9c3da46

memory/5408-203-0x000000001BAD0000-0x000000001BAFC000-memory.dmp

memory/5408-204-0x000000001BAB0000-0x000000001BABE000-memory.dmp

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\HostSideAdapters\Microsoft.Xna.PlatformTools.ContentPipeline.Adapters.dll

MD5 bbd786d2b7a74bb7cfd709c72f83fca3
SHA1 1bf295e7f490f197882d36a9aab2dc607175c237
SHA256 8a2c41417b13c4e5b1d93f89fefbf883a9ca089c09fcdbc8ebb280b96db8987c
SHA512 f2313a3249a055004dc6a02b2757e5790f14abb2a4862b4a220579ab33a17c93d2c684922f47487093626e794fb5b632e0e3e7a58bb695a7a1ea8d66522d510a

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\Contracts\Microsoft.Xna.PlatformTools.ContentPipeline.Contracts.dll

MD5 053faed393220875b46fe0b8949ea279
SHA1 4d3c263b11d8fa43ca0679e3ee9b5e0e855b3b53
SHA256 a3b8aa6f68f46a8ad54d03a42e1fcc3ac33f0bc68864f5526fb7531f630b1875
SHA512 082bedd9dc9b47b5371155677c3f2fca4e379a2f421862a4586eb59d0a571e371bae76c0e54560e47a03ec33e01b09479f567c38b39add2227fa2e2e6f823d5e

memory/5408-207-0x000000001BB30000-0x000000001BB38000-memory.dmp

memory/5408-209-0x000000001BB30000-0x000000001BB3A000-memory.dmp

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddInViews\Microsoft.Xna.PlatformTools.ContentPipeline.Views.dll

MD5 817fcc0131b82fe1bb2bc269213f3e76
SHA1 a857eff3f5e8b53a14aaad83ec4d71e7377bcfd5
SHA256 d9a71c972f067310d8b5d74a85e63df195c6859855b52626ec1fbd553102a5bc
SHA512 88b17aa7faedadc6dda57e45bdcdebf0c4835dd3db1525b8517d890e734478b61069dbeef8e0fc929dcce9cd2a6d7610721c23993f45b693233fbe141feebe94

memory/5408-211-0x000000001BC20000-0x000000001BC28000-memory.dmp

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddIns\v3.0\Microsoft.Xna.PlatformTools.ContentPipeline.AddIns.v3.0.dll

MD5 cdd3705adbb7980ab07131251c7fc60f
SHA1 8f7c356ee98cec0ed120138d7c8cad4218881887
SHA256 7288805ed26e3a4c0a87d936d19774d7b2ce771570d11b6b18edb09a7c2e8a0a
SHA512 eff04c317612462336361112a446665688720e0b10fd0435163ab46b4aebc81f44d42abd920c7b625e3f0e62d0e781ee219fbc48d33b2eb49e05a1cdc35e8598

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddIns\v3.1\Microsoft.Xna.PlatformTools.ContentPipeline.AddIns.v3.1.dll

MD5 dd2cd546a7784ac97a5fb30516b3d7b5
SHA1 dc4f6c27758faac5412d1acae2b5f254f4d89455
SHA256 3ec2921da282a6513d881702bcf854a5f848f98a6c17a22be54dba0e5a7f94d7
SHA512 62f8f35b5344b9d5cc44dc15975f709328e36a7b8ee5d9b0bf94eb1c3cc16d774485791b9d9b500b800a42116d29feaf27a3a24d60dc108dd046273d8bca812d

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PipelineHosting\AddIns\v4.0\Microsoft.Xna.PlatformTools.ContentPipeline.AddIns.v4.0.dll

MD5 04ae281bbe84acf9a52224010930617e
SHA1 84b9483f65094fc931823a4918663dcc0a326f7d
SHA256 1095e4109c0b6ca593f4f6fcab89183aaa065f600fb37ea2db9af3d42cc674cd
SHA512 3f5f04a14e6a0e597bcbfd41b129c719945304b1b90620452664d34a321d27fdd3484f1630751ba551c6937dd81f80f43634f046665cacbd93dc34c8b7b71c85

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\AddInUtil.exe.log

MD5 8950868f1b16f812a2b522919661b684
SHA1 315f284d9e7a59e4c089edc8955b18827e9acab1
SHA256 82c6cf91e60b639405a18db73fecf59d00f3001aa2df8bbddd52c5a99807d454
SHA512 f96b3dd54cd6ded7640d4393c2f5e3e3c6a58df6311d4986fb412786f7f26ee32fbc48f7f5062edba96b0cf948343a9e3f1cd1cabf2ec443feb6f0e863840820

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\HostSideAdapters\Microsoft.Xna.GameStudio.PlatformExtensibility.HostSideAdapters.dll

MD5 6abf496bae52f575a7c6528229fa867e
SHA1 b155c1bfc6b0f0e6b29caf526326feba6fe21547
SHA256 d295df64860d77a5cf8e44674dfbd014de9b8b62351e665fca6e464f1b551400
SHA512 0ee42c38b68bae14b8cc174eb2f2a9718ac9aa2d5a325165ccd00445b7db50d58bc1bdc2ecf738d5623005e20c08f566efcbb89b11420645cc00f018ca65db15

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\Contracts\Microsoft.Xna.GameStudio.PlatformExtensibility.Contracts.dll

MD5 81347ae6b5b48d91ad94bf83a2c295b6
SHA1 30a73f4dccfcb8fc2e742c02aca66f296d86b32e
SHA256 df6132b63379b5253801366a48789ca420e1fa17dfff3e432a682b0c20f2fe36
SHA512 411c536af1ab07de6ac6fd49661134178f49b040d32fa9ea36aee7b8adea19124322626838269a6d540d7fa0c03637d0b05d227602d57a092ce8921cbdba6f20

memory/5620-227-0x0000000000FE0000-0x0000000000FE8000-memory.dmp

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddInSideAdapters\Microsoft.Xna.GameStudio.PlatformExtensibility.AddInSideAdapters.dll

MD5 3b0bb8a6a4287ccc6accea53c35b0544
SHA1 9018d072240c7f91be2ea116cdbffbbfb9ca035b
SHA256 b15eee48a4250eabe2fe1ff7514ec4bf6f9b8745023490963a51cc593ade2d46
SHA512 849a0d91feb9a00a4d046c1816ff49d9d36ecf9e15e3fabfcff15520c0cc4fdd1aed7da5495cbe70e5e84e737d716dce926501110c782a5effa1f4f7312a3b4e

memory/5620-229-0x0000000000FE0000-0x0000000000FEA000-memory.dmp

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddInViews\Microsoft.Xna.GameStudio.PlatformExtensibility.dll

MD5 1cd3e8ac14e88a20151623ed9a1bde56
SHA1 747f52c84b4f37a14ee84962332b30c4cc7eae24
SHA256 6f127d2f8795458c74463f0b2b92e296ff39b7b818523edf0988198675169a10
SHA512 5a1daa66f0ca68aabf36a2a1255320b65c29c132e031a18a239f4aaa85b37e34cb22c70b9a25ac666399e9fa66070cfdc8605df4e1249381f4e1b1ce4002ac1e

memory/5620-231-0x000000001B5D0000-0x000000001B5D8000-memory.dmp

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddIns\Windows\Microsoft.Xna.GameStudio.PlatformExtensibility.Windows.dll

MD5 c870dfa777f838d0a10321a341ea1ff5
SHA1 6f3dff243ab1135e97bd1d1f62dec100f9740517
SHA256 ddf69123ec95fb31b586cc8c25d6fde40ccc5829c823f22220cbeadebd50f56d
SHA512 da33fb8c890f8679603a071d76a23b110f1b08474b0a8ffffaf9e1f0afb374839e38c4d76efa3e1db1ee3e7204ba2448313f9f871b0e31cb5299aa1845a96da3

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddIns\XboxZune\Microsoft.Xna.Framework.Tools.Packaging.Validator.dll

MD5 e50896d34a0a0a9cb5c11aa10f79a703
SHA1 56381258ef264820a8d5b7efa82b6c8ecc3ddee8
SHA256 11e6b70bb607d81579695affada92a01724ada0a8b8c3ec851ba466835474be9
SHA512 820814a0fbae667b5a0e9335e1e3012b99152318a044b5192c831f96e70c47d3eac5b6c21c60b2e4c53d1d962de25337cf50e4a07803ab8c0c621590a81a1dda

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddIns\XboxZune\Microsoft.Xna.GameStudio.PlatformExtensibility.XboxZune.dll

MD5 6f47b60c0e01b6eefb57ae73a3280e2e
SHA1 c1e9ab4e580498de9370097da15fd51877ff7946
SHA256 8345103643b609e75dcf8f2b57e7debc596553bc8cfffa100b77512fbf483263
SHA512 e17e0186e5ea6c515985a33df4df8140641d9d9e6f1707352514def0674b00edbf3bb0c570cf85deab86d9a7365dc6c949c14b3c75a951e2409bfc30b3a0722d

C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\PlatformExtensions\AddIns\XboxZune\XnaPEVerifier.exe

MD5 76de412aa78742ecee1adbfb0f952265
SHA1 75e21afb1bdaebad1212067c9e41a92f64f07cae
SHA256 fd177faf010c30633bb485b1755976e7a255a74d588914861e6fda68013f2f52
SHA512 41f6b5de7d81ee3a9bafd9c93320395ebb33aa5a7192334b53630d08da7496ab7822fd7e691e2dcd4ca5be6202bacf5abfd054153dbcdc69d1f2e00e1e6f2f2b

C:\Config.Msi\e589612.rbs

MD5 cfae30c62c94d4117bf7d2fbf22edb85
SHA1 8ce74f75bda51b287d9400b5f9136bb9dd2b36bc
SHA256 140dc80e97f7e4223ddb6b75f3fb24f8ad929e8ea9a29ebcedda5fb9d783510d
SHA512 68ad12aa95d5c602d353f70b1ef7943078171d44f653545eb47c3b891b80cb7a5e1638d4c1ed4fe2fff251c8659b235bd98021f2f36fc12db2f3442e2df708eb

C:\Windows\Installer\e589611.msi

MD5 9d3644b9e0ebac8e37e7b048f357a1d0
SHA1 9d30bf90b9cfaa4b77f04037ed714fd61a592567
SHA256 a467c681bbda601139904c83065c16772948514975d01d8046b46865c620ba09
SHA512 ae7eb23086238ab351a0d47ce2b7073a2ca104a6e8eea8a62f4905662c3f65373fa78057ab8b47f337dc01845e8f492ad07704c10ba5398c497b3f9698c2a2c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b3386757ce19eb1c27b62308510ea887
SHA1 9e2bd51db2bccd6f71c71ae612bdd17bb8f0f873
SHA256 e81d489883959a2753227f3decb50311c028de6bdc025d7b6ddf13016cc906cf
SHA512 765a6585e5c2307aa0fd3fb9366ca02c0a8a5155ba96d58243414d4f2403d619b1b2002dfbcaec2a23e81f7bc32b66d7e5c1104309b1767a8d0a18352e7ef83e

C:\Windows\Logs\DirectX.log

MD5 e5da4df915b5975c0cfc85a4d5ca8f13
SHA1 8f25bc3f5cc8c1ae3707161553aa4c22bf3dc1b7
SHA256 e4447d7e9014183a9d9311b320c1dea16c440977670f550fe058a6c18977ce49
SHA512 2782c917232f4548f334dfad14a45ff7dccbff9b816d207f952201113e9136908a5105227d9489cdf2a3bb612bf71fc6635ec83a24f3ba76694d6bbd6981bf51

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\dxupdate.dll

MD5 c4842e139fca422e265c91c44a1341d6
SHA1 299a5ab4644fe7302b515aa10ef0f1715046275c
SHA256 b1f954cd75dc3c9d5bc57f1a4c28720ee3639aa8a4306f3da7b27d3c361ff8f5
SHA512 e85a35164e0feafa73a676dacf67d275b8e8aa5be40d861743662a7d1ac8135625c2d59a73e5c77fe1e3e8bd8523d9c823c89137aa4cb1b32d392cd9a1b59989

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\dxupdate.inf

MD5 8c281fcb5546d1ed3cdaf6e3f7303139
SHA1 de342a17f2df0386f6584e2f55ae43c558ceb6c4
SHA256 7530c6e18dbb522c5f4fbf6714962c185ea318f9eab7aeb833b0cc07cd2fe656
SHA512 344ea0a375c8851fcf413f441a1cac3013b3748d1630a4d677da72e98f41823bf9427d896de7e1fe35bf868279538cf3b8322aa6ef20025bff48a6bb7f8c42d3

C:\Windows\Logs\DirectX.log

MD5 7dab60308275073d30d8c4c71adc87ac
SHA1 12123872d205ed6ae9a0a6057c99d3e6c931b6aa
SHA256 f1c1a38dc32d1e59710f0df7d63c8a2f5e318afff87edec955cd6678449cc07e
SHA512 8efeb468907d3cc5385af2b427ee61ab23d879606f6e3a73154b6df71dc130668690fd0a7066bb51f691338658ccdd4a85aaf0b4211fffacfb388fc9b307dc08

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\apr2007_d3dx9_33_x86.inf

MD5 044cae9c30c88bda73727243f5e5206d
SHA1 de744e349cf4ea458b10657d510966d21ad08d67
SHA256 349a09a2791d697bffffc61410a536cdcf258f0d7c86dda44a297e8aec4bdf00
SHA512 18e501142004afbcd28b41bdd3a9b19e2eebc047d7858ee11a9135f19759cfd8c643ff074a51e937bbcab7162888fd95effc146be21fe63dfc300ef03ed44056

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\apr2007_xinput_x86.inf

MD5 e188f534500688cec2e894d3533997b4
SHA1 f073f8515b94cb23b703ab5cdb3a5cfcc10b3333
SHA256 1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5
SHA512 332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\Mar2009_d3dx9_41_x86.inf

MD5 b37a5ff044eb65521a290c79ba1a3e00
SHA1 ed505464894bd3e52654834487f3821ae117edfe
SHA256 bd29711cc2ecd924990167ffa95f48842e24aeed3acef1023717040240b4bbb6
SHA512 eae4408cfa7f9c39b101489688cc570a184b8a57f3d20d3b0452a581fb80c4f485dc2f512a39669a92a5bde81fbf474e1585f566ff482e87610780c23126c21e

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\FEB2010_X3DAudio_x86.inf

MD5 e84adf38d499ae39090ad60fd76d76e3
SHA1 6af4d58bc04aac2723e8b97649f1b35fb1aca84c
SHA256 d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a
SHA512 6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\FEB2010_XACT_x86.inf

MD5 82c10b720e33be099f69e4010d44ecd2
SHA1 e95a2eb23db3fd610d71089500aad523f93c9469
SHA256 e850fdb84bcac0f667927e53fee943efd3f43be6c6a0ae1e17f3fff83ddb2635
SHA512 853261c439b26cdc8991ac289b9f9925976452ed613481b0cf09e75444882805ffa15633eba441d8e1a04641f5f6378b68e2270a6a48d3911d7f9c2c0b1235bd

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\FEB2010_XAudio_x86.inf

MD5 e6e942a2cfbb587bfcc4203b5bb34fd4
SHA1 2e0172ea1936911a98e11a6e98990703e24172c0
SHA256 74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca
SHA512 3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\d3dx9_33.dll

MD5 cdb1cd22baff21f48606b3c1a18b000b
SHA1 9315b5db975a34dbebdb4dcae652ba1db01c482c
SHA256 c6b7b2ad7742dde5dd8d1a35fdc1c185e586e551ad9c74d3fb21759cd8ca4da8
SHA512 c5fb24de8f1ee6fc1ed6e74580b5d22599ea4eb6c3589645fff0b15dc8dca051c4917e60fbc00ca86542dd63a8f5e40da92ea77e24826c0c6bdba9b58c36d4db

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\xinput1_3.dll

MD5 77f595dee5ffacea72b135b1fce1312e
SHA1 d2a710b332de3ef7a576e0aed27b0ae66892b7e9
SHA256 8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7
SHA512 a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\d3dx9_41.dll

MD5 3fa06cf5079b84155d18b05c08f7131b
SHA1 fafe52876151a08f39dbb6b4aa137dd85558ba5f
SHA256 6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6
SHA512 24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\X3DAudio1_7.dll

MD5 c811e70c8804cfff719038250a43b464
SHA1 ec48da45888ccea388da1425d5322f5ee9285282
SHA256 288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3
SHA512 09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\xactengine3_6.dll

MD5 f81c4678a55ffee585ac75825faf5582
SHA1 8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc
SHA256 8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f
SHA512 8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\XAudio2_6.dll

MD5 4976243bd70fae3d1d24e49739ab2710
SHA1 6ef27b10bcf4e697fe77c3e964b326be11e4444f
SHA256 61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7
SHA512 af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

C:\Users\Admin\AppData\Local\Temp\DX1488.tmp\XAPOFX1_4.dll

MD5 e4ce2af32f501a7f7dddd908704a0ee6
SHA1 9dc2976efb15b6fba08bebdeb98929b6961063a5
SHA256 0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06
SHA512 ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

memory/5468-1430-0x000001A908F00000-0x000001A908F0C000-memory.dmp

memory/5468-1433-0x0000000000360000-0x000000000040B000-memory.dmp

memory/5468-1436-0x000001A909130000-0x000001A909148000-memory.dmp

memory/5468-1439-0x000001A909150000-0x000001A909168000-memory.dmp

memory/5468-1442-0x0000000000410000-0x000000000047C000-memory.dmp

memory/5468-1445-0x000001A909110000-0x000001A90911C000-memory.dmp

memory/5468-1448-0x000001A9091B0000-0x000001A9091C4000-memory.dmp

memory/5468-1451-0x000001A909120000-0x000001A90912C000-memory.dmp

memory/5468-1454-0x000001A909170000-0x000001A90917A000-memory.dmp

memory/5468-1457-0x0000000000480000-0x0000000000496000-memory.dmp

C:\Windows\Installer\e589616.msi

MD5 f949909f4cfe27a17e6ca047fb8d4a46
SHA1 7a7b99a71d4aca7bf91b8824d34c9e35096caa97
SHA256 e02a21a2abcd32fe64411704fca9b199844f13f22f9d5b60d4b7c912c7c88e15
SHA512 75fd31f535d9a8a8cf1df35ba1c4a1fa071f9289463a98f549ce1450505efd7934d6bd79ee6ead9650be22614ce653cb371cb0a16fca65f54a01df6f44129310

C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe

MD5 11dd6e8ab9759d1ac91ffe0d0e4949cb
SHA1 2a86774d0c87050d5c7aa9738cc3975303a40d0e
SHA256 16953a202265db5655b3dd972b855619728da76545a2f94bcbb6c43262f48d5b
SHA512 06828f51b3866f7c2b29861707bf8552b742e366783115b3062f08a9c0005c96507ecf1fff92ad41dc0318ad715176c39c84ff0424372b080bf7c031e4f307de

C:\Windows\Logs\DirectX.log

MD5 7f60ce7644c9c9da06e31e85ad493b67
SHA1 416e782b7a2c499cf3ec5a50acbffdeaf35e515c
SHA256 97bf842ae5f974a3de2dd2a83079cd49d11eb2b21a1ddbbf285bc99e868fbd8c
SHA512 bb609a541c163ea685cbd71f44bbee80a2b2658a492ee58565665ceb08e7768ef4618a3a2efe8d54bb423160c495eeae88ebc5de1f5f514e2b0242d0100bb88b

C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dsetup.dll

MD5 4d48dbe4d3a06c497435014e5c583f34
SHA1 159cbc37080b7ea3ceae8d25125b99f9f4948341
SHA256 9d47b4fa2dcce6a02a51324cfb97f5e153086c2eb8832b211e175cbe5fb850b3
SHA512 b8029bde36e4d6581916c131ec51d74f4a2b03abf5a238c503e1c7b19980d0946606375f0b4c3bd10b9c514e084368c356be8536b282bee887037d7d7f139732

C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DSETUP32.DLL

MD5 7c7cc9feb1026678c48bbabe84ea57c2
SHA1 4fe9c466fc65cf07af0e1440743b1822ab65849b
SHA256 a5c6df12f9fe2edab2a22fe7abf3cb17eac110a6fd469f2570ba04afc88ad767
SHA512 d9cca6dfd5966d45342b87afb6091bc8ad3beff039f9bc9c523f8118dc6723337c279cd652c19624250ed3934d8f4a2b15670652867c0114b7e785bbab4212e0

C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\dxupdate.cab

MD5 c187448c8104d30087f3f25a9d112014
SHA1 b64ac3e44f2f38a3bf8400f11a40a39039fc9caa
SHA256 54d68f154058433865708ee0dbf3ecf2d609ffbd618e84a1056440379494d9fd
SHA512 9148cece409557444eeaf66dee58e2a6043a64d7b76b91e6c4074a5ba0d066cd1ebb2c60d44e1c7a40ca1dc63d72aa7afcc410202901d5afbf2116e3ba8b0f11

C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Apr2007_d3dx9_33_x86.cab

MD5 3676d740157493e80e7b8641289c003c
SHA1 8135aeeab67151dd4e2418d4907077f646e72873
SHA256 219441f975c200352a12dc3d8f82811fc7b53ed28d63761327933afbb660f876
SHA512 abfc5ea36a7368a34193c8f3771ae4e36c0d570ae0a20b11892184cd4e384d6abe6542769e3c890293b4e640faecf6392f84f5733017d8d86c65456caa24c6f7

C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Apr2007_xinput_x86.cab

MD5 f83f54f45ac15a32dc17614c4f6882d4
SHA1 fc8542fcd33bb9e669806409f677edec9bfb64fb
SHA256 5ab7bb15394e4ece850da5453413ab1de2ea97d5c93f86482b75073aaa05da9c
SHA512 e4dcccc3a4299d262b94b24ff4b29394bed71e211b80a8a457acc4ab89325500082e6a9b597bc7b1dbc35746d01a9aa038a9c3a401aa42a426fcc3d15f410c9a

C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Mar2009_d3dx9_41_x86.cab

MD5 0fdd6e4e5dfc5d913261355746402214
SHA1 a80c28755c9d3ca163bd377d1bd951a1c111733c
SHA256 5146e15d4c65590704286bfcfbbcc31e98a6832f8a7cc3bfdcb1e7fa5a647bb1
SHA512 9eb85c4507881fc1004c906ee954273bfbea8979d70b2321f197a3cf82121734225103e4239a9bfb591a980b70400a5d19b93482abc108c46614a20476a81f90

C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_X3DAudio_x86.cab

MD5 ed093ce20bddc7c42ede4daf772ed5aa
SHA1 21beb0ef8130be1c62b8467dfb67bf3f7548cea1
SHA256 7fbf09682fd15d721ff2c5cb110b5ffcf5982cd2dd8d72b708cf3cd0bc4fa250
SHA512 734e397f4ed2554944e1d1f6f799794c4027792a06e9da25bab58e6e4ff58146058d8b45ff0cb9c861f77989cad029164945f22ffcb459432e1d3a2c7172525c

C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_XACT_x86.cab

MD5 5cf3585c99a59319ac10e18cc92f0024
SHA1 c48c25e6b7094eaf337fa986960f9895e5f465ba
SHA256 0ba00c41443639dea9b816fa2608088ccef5dbe850531dff4c1e7993804b0b60
SHA512 26b8213a5105b37912632c8abc1a07381210836e620f8f70d77b3b412a406e2e38df7af037001fe27f2da874e143c59aa7dbff90a9183e7619a8e5af0a23b158

C:\PROGRA~2\MICROS~2\XNAGAM~1\v4.0\Redist\DXREDI~1\Feb2010_XAudio_x86.cab

MD5 5da6e4a80fa53568d2fdde31cbff2979
SHA1 9606fda70427cd9f4eb8e67b625417e2775e6876
SHA256 281bb0e12f617e9ae7fe3301a7d4a08201b377caa0311a886e8cddc2526f734a
SHA512 649fc2578388064267ebe8e55daada29d2e51ae6422b10088b6bfacd229bc0439aafdc4f9af7b3b5e187df179c72b4d85f70839a8c91505d17da06d53a40cf3b

C:\Users\Admin\AppData\Local\Temp\DX4F4F.tmp\d3dx9_33_x86.inf

MD5 e696b56e377e60c847b703f96f742d7c
SHA1 1fc5efabf99176aff95154e09dae9e8be5ac95da
SHA256 a693c2da4a1e4d3bde21e3249b7cb800481125dbcbe2b490e33faf64cab0d8cc
SHA512 f010b02ec744826f58d86e48c7ab5e823abcf09e6800c27756938ccb7ce4db2b7844493877022f38e69cd94058e83e1c61d816d83243e888f660e4d6cdf44b17

C:\Users\Admin\AppData\Local\Temp\DX4F4F.tmp\xinput1_3_x86.inf

MD5 e16c94edc4b577b7abe7b06e31376884
SHA1 e86cf530fe00c0fa2a107684a198b37e97b9ce76
SHA256 ba212aa1514df6509474a46c7b2fa07c210d249b524bf7d47d058461009a75c1
SHA512 5405f6936e05e1260a3778d86d76145d2853a345afa156ba6e0a7cf4bc9267cd4cbb5cd32878adda3c6130721218fb899fc896bf823cd63c32c7086b18cfe9db

C:\Users\Admin\AppData\Local\Temp\DX4F4F.tmp\d3dx9_41_x86.inf

MD5 cbf8cb0064bfef5fe67c2180d7a45f67
SHA1 2fe57bea40601657be26384ac11a03c6cec4baf1
SHA256 c8ae58f1bcf6c9f4160c2e11974d38e5f1dadd615f8de972d743c47c4f68b00e
SHA512 d171e5a127b0b98b039ed15df8dd161ef0518be628b341c8fa360b7659f437514f0ae92ccee2a375c792670564c29b31cd7b31a4ec87dfa07c09e45a60090ede

C:\Users\Admin\AppData\Local\Temp\DX4F4F.tmp\X3DAudio1_7_x86.inf

MD5 3d0b9186400510833f9b90e3d38f0a4d
SHA1 a210c6c765911bdc3929db2d14c0de01542976d3
SHA256 87759c44c5487e479d7bd072d3b541ebcf718c35d8e9edbc1b15e793dc3beb21
SHA512 54f100ad064781bca7c8d813b0ae554473c8ff0eadd4c30d85459c9a273416bdb6080bce3072c3eba555863455ceffaf25357e0180d287557251e9bbde6591a5

C:\Users\Admin\AppData\Local\Temp\DX4F4F.tmp\XACT3_6_x86.inf

MD5 f4accbe16484e94f2bdfca0bc70a11cf
SHA1 ae220ebc7b6c32772ff5c796f7d4837be50532a1
SHA256 da4b77f9e2cee68c8ff767e851b9abdb1d73a30704e6a2e0d3874f8cc559665f
SHA512 33a1e7ada5a29ee8d77e35f9fa96f1af14d8d39e2785e55b1903bc636c1e8ff254f464e24c17c7bdd4c63b8a62b78bc1a1d28d88faf7552fff4f9dfedc9f45c1

C:\Users\Admin\AppData\Local\Temp\DX4F4F.tmp\XAudio2_6_x86.inf

MD5 e547742e48e3170b9ea1fcffcd22b607
SHA1 c361a5516bbad8a3faddbb8ab9e42682be22fc7b
SHA256 c60c4a6018e5f860a12322a0d77a1f2ad85c2d6d6dd04cc651560790dd66c9ad
SHA512 16079fdc88f1a010958ea44c88bca3287b44c308e97dadede13aab761eabb91d67ba3e7a72cb9c89c844994dcb71eb33559a27c7668b4bab40b67ab58d780bbc

C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Game\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Game.dll

MD5 b62521605852f3a775aa13ddae49a752
SHA1 d1c49863ad29a59c341c45a4427c6a72a9e4ea3b
SHA256 b5dffdd8125abef2a4507ba4e1d2f11062143f0a63d48fe4f298b95ad746a1f0
SHA512 12d7e82ad4fa7abcf4836fde54b0a13dd1eddcda4401a271ecf9911a10c7f78f2d2a04edea1a4a1b4dc86bc8b01255e655cb5328695db549269a8c7f4cf3315e

C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.dll

MD5 d008ca9fc1ba351f60858346202253e0
SHA1 70204dcf4d7bd112ef743634e13dc802d5259fba
SHA256 38e7093f52d7474bbc6256906519781a1210d7da50a1c667b52716fcf49ca130
SHA512 0a240f494dedfb4686d53a32b93ee3e4fe1bbf5ac23fdcb84771b29b9a830f4fbd896f6b0efc46729e0f43d61a14aaefafc85291de09b3fc7048e76aab2a29cd

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.GamerServices\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.GamerServices.dll

MD5 f12807c733076e04ba470e1b881a4ccc
SHA1 5599cb6e52fa19a92e2fce11a0fdee4d1f14548e
SHA256 7c6effed97aa25a95c5e095d9c261f5581e402180cc073271a367b9eef79c8af
SHA512 9293f7b459cfc6b490e075e602a99eff87c3df1f7da2abf643f7f3df31375510c05b4e419da5b1abdf445925cdf241c4ffb6b2c9fd64bfc49a201371eb20812b

C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Graphics\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Graphics.dll

MD5 602e98023ab622414371cd7e60004c36
SHA1 62d8b9bb4591cc037c9a0b0db279bfb9553ef48c
SHA256 560080fc39021c611ca9d076dcebed312faf6d7d1413c2dc523683ea635e9f55
SHA512 a1602f4b9b58c73b25f2156badaefe1ee69c210018b5b3046c8071c795a46ed55e9757bcf96a81b4c95634667ec38d2d8c962a279d62405d8f8f44a85a6ce2f7

C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Xact\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Xact.dll

MD5 4ee6297e631512a9b71d8136f0baf9cf
SHA1 190d1dbdcc80bbe8348c2491bb278abcab30ac9e
SHA256 a14d5364dca7cf49fb90639e87ba04d52b59a700dc9198efa5707ce8eae28f0a
SHA512 82dc4146cb3e4ae25e05e911c26b0d3e5bf2acf51721d9474ba2939e0789aa62ad00248bf3c8eaabdedb489d5c4a1ba4209afe352ab88a0ebc162e14220f0d13

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Net\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Net.dll

MD5 68b2bd5121022a59f2c8ca9640730841
SHA1 51898cc2f06ea3089f183b310674eb38809dd17b
SHA256 39739dbf5f6ba02e1d0b02ed404f6fe0692497848bc1a6a25be132d47ed9c151
SHA512 666ef6f65d7d3d897df385e335ff9562921f1e716bda645991f2b3758eb3c6a46b725467846c512aada808d95731a19ee0012508b8543ab936982f367c4bda45

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Storage\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Storage.dll

MD5 bd76254b3d55aa1a229e908c673ffc76
SHA1 53eca2f33cf0d2784facdba18a374ced9f4cdefa
SHA256 798f678e9ae3d9afc3bed66c30123bc9634fb923b6d200188344b618e608cbb8
SHA512 8cdc5067c987d46bb67dd3c7fc2cf946ad08c26fc603f8d5aaf6a28bd43c214f1b7f590fbcdf29628b95cc4b6eda917cb3e47bc6e15ce6abed2baada72c11b3a

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Input.Touch\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Input.Touch.dll

MD5 882f8bbc99849a9f37ba525b98ad3bb6
SHA1 135445970ceeb7cfefa11a655777497c01f687d7
SHA256 b0585224c18022c3661057ae79544644c10f33f1dc529678364f3d6b25151c25
SHA512 e09ea6fd49b31dbd35f4d08baf8eddce8010368f3654eeb89382a2d595a510f629ec55299122eceb75938db962c2c728800f5cd339fe11809aeae98acb5bbadd

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Video\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Video.dll

MD5 5f9563040fc3faadf824a6f8e2567727
SHA1 f7229b60fa4d9ea51ed1b9aa907530f7c89baed1
SHA256 17538b1ca9d48a993e2cd88c96b436df08e7abb4aec5d4758eb21feb580d6e06
SHA512 01e2276de213e0e7b584b61034e1e8e7653534db3a9add52744bad40253117f229564f42741267052165f5b3e772155299522b9cd526fefc6ea6c00524990a68

C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Avatar\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Avatar.dll

MD5 00030e225535a23984345983dac51afd
SHA1 fd55d0a9c6254dd6935127df69858ea683d5e879
SHA256 b3c70bbe469000b9e11507cc63b88d54a4e0bc5c27afc826d66e0aee51640871
SHA512 448584717a1715c090a048c9b12f00dad01d541a082506739d9c904f4bc1adae9fa882b79b6540fba35f8dbcb8d77b4c5b2a5182d078bb68ec94835124a195bd

C:\Config.Msi\e589615.rbs

MD5 30eea2ba1922e8bf44c94b2b7c90424e
SHA1 690b4926953067227e036b9d6fbc539cfd54c457
SHA256 be5dd19dde84a066e8bc06e85f95e6feaa692b89d222cc3145f5fcb77aac0f46
SHA512 ae869ab79a4e72b13edc9288b22e2fd89f1b0aa42706194af83f112641ef950065bc12e502e3270742501778e5095a87b514d762d20d5b43f1360390e38062f5

C:\Config.Msi\e589617.rbs

MD5 4a37c976994fe43ca8025524af627b97
SHA1 c482da6faf3f17796796239f3bd0100f0a77bfd9
SHA256 cbf4a2cc53f2ef79d3253d1b4877be1a0c0082e88e0c28c2280d94e623a171de
SHA512 7fd63feb187a62645e6031dfd5ec607b29ded39a366cd3827d1f3c43ac6ce7648d03d385fd3f9fa295a062f67c67d5ad3162db03fd4984b31e615d68b2c00de9