Malware Analysis Report

2025-06-16 07:09

Sample ID 240602-bdm6zsdh63
Target Driver para joystick Dynacom.exe
SHA256 22fcd1135d289183f47075179d795c790b1bc87aa812828fa78c3436c6a31b3a
Tags
discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

22fcd1135d289183f47075179d795c790b1bc87aa812828fa78c3436c6a31b3a

Threat Level: Shows suspicious behavior

The file Driver para joystick Dynacom.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence

Executes dropped EXE

Loads dropped DLL

Registers COM server for autorun

Checks computer location settings

Checks installed software on the system

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Modifies registry class

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:01

Reported

2024-06-02 01:04

Platform

win7-20231129-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
N/A N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDDB.tmp\temp.000 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906 C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKeE4B.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDDB.tmp\IGdi.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\__tmp_rar_sfx_access_check_259394250 C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDA9.tmp\temp.000 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKeE4B.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2888 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2888 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2888 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2888 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2888 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2888 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2888 wrote to memory of 2144 N/A C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2144 wrote to memory of 2604 N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2144 wrote to memory of 2604 N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2144 wrote to memory of 2604 N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2144 wrote to memory of 2604 N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2144 wrote to memory of 2604 N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2144 wrote to memory of 2604 N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe
PID 2144 wrote to memory of 2604 N/A C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe

"C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe"

C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe

"C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe"

C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe

-deleter

Network

N/A

Files

\Program Files (x86)\USB Vibration\7906\setup\setup.exe

MD5 d92301094eedaab094578d63397c8b50
SHA1 a4991b322310eaaa857f1a826a9120c37daba1fe
SHA256 a807f2a847619f728590ab27c8ddfd15d406d08f1a0fb27e1d5ca92e3c247357
SHA512 193369846b4fdfb99b80ad35345eea2df331959e68171eae6a7ad8c12cb9616a8e2d4191797eae82349d6890e45d729ad7160763d973898f2646d3563635e8b8

memory/2888-25-0x0000000000400000-0x0000000000421000-memory.dmp

C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab

MD5 feebebfdb673bba2beca3f83263faaa3
SHA1 6cf32a42b95b3497f2731f2b22136dea9ba69489
SHA256 7a81f54a1f3f087fc2a3d7c25898744a59f189572c979bb8a811a1eb09eec00d
SHA512 f0fc304ad3e69ff013f8a1c8f249a5d6190fc76ea257d4ec7512ef490ce572ca16b2005665361aff59f9968e09c96edc143cf862cb6c194c40b39d528f68b707

C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab

MD5 c7c8eaa4f694cb30b6cd4fb6917f8380
SHA1 2810ab477fec2b957d9c7448173da0cdf3bb2cb4
SHA256 fab2395277f6bc0b93f372e4462d2eb9c663aa2d8806b59bfea001ed86d951d2
SHA512 476252c65d80df962d8febd84d4922e4ba0f1a1519e63d19ef12e8c0690485d5d23d09867eae3f10d625576b60cff8f36ace3c03f99cdf1a62db4e9a48b90802

C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot

MD5 b957e3c1f4781fb85d25e56dcad80d21
SHA1 71a116100ce724ddea6e81bf278b664bace6f14f
SHA256 fd4199c6c2156c6bcef909d3f62b23868d7499498311d32ff02302f6aaed9aa7
SHA512 f5ea6a11ad27a68913f22a775df8493e0f75cbfd3ed5020ed3c00b73d5c504e17182ed283793ccc8381d4bc72f1f9cb6448ee1b6b2411945b42ce9a49a47a8ad

\Users\Admin\AppData\Local\Temp\ispD0B.tmp\Setup.dll

MD5 7f0e7fc1dc4b20bab20497d670761c6e
SHA1 16f2795a58ffb8481e1258d6e4e026bff56c9d90
SHA256 5a45fb7bba2bc79cbc66e657ce56b110538d5537b59ecf320baa053beea6d1e6
SHA512 c07d887dd73d24fae0c40ff511e3ffeeb2622d074e3224bad30416837e149ba96e49252436ea27612da7697d491b3af8b7e323da08b453ca708461c0722eafe3

C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini

MD5 6c08a7927a5eea663151d9f10ed91150
SHA1 037b5f53c22f21eeeb872e1ef962609a5fa267f3
SHA256 77f2b866810ba3d6e1161587b84b74c9d84fb2a574a0b244489ba69433275d9b
SHA512 f079961786eba59eddde954adcff92dd94cdc5fc14bcb0d61d1bac7976eb6427dd3fc824e8c5bc6c616b03bf60f32153adf7941a00d68f396cbfc28fd058da0d

C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr

MD5 020b00fd3e241dd9d6031cba5cfe1f28
SHA1 76e1167fdb86059fc7cdede944ec26135721d78d
SHA256 7946c7dd11cb411e22d31deac4530f88700315c464c19694e55009666bcfa440
SHA512 bd9d3a2b2a00621220eb7f7f51459c194efe2a007ff960ce5f46533c130e5cce5bb0704b1d85ba254a63bb578f800dc7395b8c784e974bf976114ec182e1560a

C:\Users\Admin\AppData\Local\Temp\setDBA.tmp

MD5 323bff0939ec825e28d947af65a5eda1
SHA1 19c8d64eab423beda776febdffb4fe07036757ff
SHA256 cece9a446492277c62f3eddf049bc57504c5ab77554b7e25377d8e43c7f2c856
SHA512 c62c2e6cc34abe5c618fc3ebea27566d6a7396ccaa753f07e7f2adb3ca404649a167f8a3f1108dfeb1fccf653c186bba0bc6b6e88ff59c1bc350a4e66c1cde18

\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ispDDB.tmp\IGdi.dll

MD5 98098911f534ffb8b4b70101dc4ccf86
SHA1 22e40b9f75ad1e1b7340a86d8dc7ccb299e4212a
SHA256 e7b19016e5a2b337728a31998c1a0b3f7a724a323025751c5fcaad6b52e3b31a
SHA512 b35becbf4d9735b87fc67dbfeb316f4c9f0946fabf6341f950aa60a1766b3a102613e7fffde607f7ff5fd5fb6de56dacba52ac65be14e3c79be65d5a991f95b3

\Users\Admin\AppData\Local\Temp\ispDDA.tmp\_Setup.dll

MD5 028076a4fbf8fa58f18a60e3a5240e0a
SHA1 e88dbf4140ea02b812794158defd9518cbaae76b
SHA256 594820df4a61a930bcbbea6681361b173334ff925e4bcad138d48aaa36bc3b8d
SHA512 698178f9eb18ba9ae7d72168dbf3f803231aff16b2ac3d857105a55439e5ed5ed9190c384a3d5b430a00a87ab7a2ad31120bb9b39569ac6587f46137a0c23d7f

\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKeE4B.tmp

MD5 734bfdc5269c9f5d3cb5c70c3b1fb7cd
SHA1 8430a0e5dc8d4b85ff107d176e8c8c9b3ac05dc7
SHA256 cf45dc216ad13041c81911c9c1f5367e17a63e10bdf8065e6e2341cd5e114028
SHA512 625014078f8924aed95d36f3e2276d6568c7d51b5b70865f5a85dc53d12bfc89547550e325cfddec909a678bcf41c79baeb4f12b090e5b2ac81d86918a3b5403

C:\Users\Admin\AppData\Local\Temp\_isdelet.ini

MD5 b059897b995acf946a3b4199f5f1d2f7
SHA1 1b08a954602acce8b93b8269e930d009b0bf9fd5
SHA256 a216f7b418f1a73e2e99bf9102fabb62e7b151246d0251159e2b6aee250add2c
SHA512 7e0d645cbd668b44463e18276d8a0fe92b4125a234479a1d71807a8012457e56252cb7b22cae5349e23394c2d6aaabeac6b7678e720bf917b3d5d139c19b7ae1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:01

Reported

2024-06-02 01:04

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D46464FB-0079-0006-A675-AB5A481BAC79}\InProcServer32\ = "C:\\Windows\\USB Vibration\\7906\\FCVAP64.DLL" C:\Windows\USB Vibration\7906\SetReg64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D46464FB-0079-0006-A675-AB5A481BAC79}\InProcServer32\ThreadingModel = "Both" C:\Windows\USB Vibration\7906\SetReg64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D46464FA-0079-0006-A675-AB5A481BAC79}\InProcServer32 C:\Windows\USB Vibration\7906\SetReg64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D46464FA-0079-0006-A675-AB5A481BAC79}\InProcServer32\ = "C:\\Windows\\USB Vibration\\7906\\EZFRD64.DLL" C:\Windows\USB Vibration\7906\SetReg64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D46464FA-0079-0006-A675-AB5A481BAC79}\InProcServer32\ThreadingModel = "Both" C:\Windows\USB Vibration\7906\SetReg64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D46464FB-0079-0006-A675-AB5A481BAC79}\InProcServer32 C:\Windows\USB Vibration\7906\SetReg64.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\isp4604.tmp\temp.000 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\cto4744.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ius4775.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsP4795.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKe46E4.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\iKernel.rgs C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\dataa325.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\data1.cab C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.inx C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\isc4755.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Obj47A6.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\data1.hdr C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.ini C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\isp4604.tmp\Setup.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\layoa325.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\_setup.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906 C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ius4775.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setua345.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\isp4626.tmp\IGdi.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Obj47A6.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\InstallShield Installation Information C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Dot46F5.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\isp4626.tmp\temp.000 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKe46E4.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.boot C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File created C:\Program Files (x86)\USB Vibration\7906\setup\__tmp_rar_sfx_access_check_240600031 C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Dot46F5.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\iKernel.rgs C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setua335.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\isc4755.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsP4795.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\cto4744.tmp C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe N/A
File opened for modification C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\layout.bin C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\USB Vibration\7906\EZFRD64.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Windows\USB Vibration\7906\FCVAP64.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Windows\USB Vibration\7906\SetRa374.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Windows\USB Vibration\7906\EZFRD32.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Windows\USB Vibration\7906\EZFRa354.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Windows\USB Vibration\7906\FCVAa354.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Windows\USB Vibration\7906\FCVAP32.dll C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Windows\USB Vibration\7906\FCVAa364.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File opened for modification C:\Windows\USB Vibration\7906\SetReg64.exe C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
File created C:\Windows\USB Vibration\7906\EZFRa345.rra C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000005b1010511f65dd1c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800005b1010510000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809005b101051000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d5b101051000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000005b10105100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\ = "ISetupShell" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}\ = "ISetupProgress" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}\TypeLib C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}\ = "ISetupShell2" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D}\ = "ISetupSharedFiles2" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4143914-2238-40F8-A74C-67C4B8ACB27A}\TypeLib C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9}\ = "ISetupComponent3" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}\InProcServer32\ = "C:\\Program Files (x86)\\Common Files\\InstallShield\\Professional\\RunTime\\Objectps.dll" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\TypeLib C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}\TypeLib C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}\ = "ISetupTextSubstitution" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}\ = "ISetupWizardUI" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}\TypeLib\Version = "1.0" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}\ = "ISetupTransferEvents" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA} C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D}\ProxyStubClsid32 C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}\TypeLib\ = "{94636247-BC39-4B8B-A728-2D1FBEBFA76A}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{21D98482-146C-4EBF-AF1E-B04395110005}\ = "ISetupProgress3" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}\ = "ISetupOpSequence" C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe

"C:\Users\Admin\AppData\Local\Temp\Driver para joystick Dynacom.exe"

C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe

"C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe"

C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe

-deleter

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\USB Vibration\7906\SetReg64.exe

"C:\Windows\USB Vibration\7906\SetReg64.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

C:\Program Files (x86)\USB Vibration\7906\setup\setup.exe

MD5 d92301094eedaab094578d63397c8b50
SHA1 a4991b322310eaaa857f1a826a9120c37daba1fe
SHA256 a807f2a847619f728590ab27c8ddfd15d406d08f1a0fb27e1d5ca92e3c247357
SHA512 193369846b4fdfb99b80ad35345eea2df331959e68171eae6a7ad8c12cb9616a8e2d4191797eae82349d6890e45d729ad7160763d973898f2646d3563635e8b8

memory/1336-28-0x0000000000400000-0x0000000000421000-memory.dmp

C:\Program Files (x86)\USB Vibration\7906\setup\engine32.cab

MD5 feebebfdb673bba2beca3f83263faaa3
SHA1 6cf32a42b95b3497f2731f2b22136dea9ba69489
SHA256 7a81f54a1f3f087fc2a3d7c25898744a59f189572c979bb8a811a1eb09eec00d
SHA512 f0fc304ad3e69ff013f8a1c8f249a5d6190fc76ea257d4ec7512ef490ce572ca16b2005665361aff59f9968e09c96edc143cf862cb6c194c40b39d528f68b707

C:\Program Files (x86)\USB Vibration\7906\setup\setup.boot

MD5 b957e3c1f4781fb85d25e56dcad80d21
SHA1 71a116100ce724ddea6e81bf278b664bace6f14f
SHA256 fd4199c6c2156c6bcef909d3f62b23868d7499498311d32ff02302f6aaed9aa7
SHA512 f5ea6a11ad27a68913f22a775df8493e0f75cbfd3ed5020ed3c00b73d5c504e17182ed283793ccc8381d4bc72f1f9cb6448ee1b6b2411945b42ce9a49a47a8ad

C:\Users\Admin\AppData\Local\Temp\isp45C3.tmp\Setup.dll

MD5 7f0e7fc1dc4b20bab20497d670761c6e
SHA1 16f2795a58ffb8481e1258d6e4e026bff56c9d90
SHA256 5a45fb7bba2bc79cbc66e657ce56b110538d5537b59ecf320baa053beea6d1e6
SHA512 c07d887dd73d24fae0c40ff511e3ffeeb2622d074e3224bad30416837e149ba96e49252436ea27612da7697d491b3af8b7e323da08b453ca708461c0722eafe3

C:\Program Files (x86)\USB Vibration\7906\setup\setup.ini

MD5 6c08a7927a5eea663151d9f10ed91150
SHA1 037b5f53c22f21eeeb872e1ef962609a5fa267f3
SHA256 77f2b866810ba3d6e1161587b84b74c9d84fb2a574a0b244489ba69433275d9b
SHA512 f079961786eba59eddde954adcff92dd94cdc5fc14bcb0d61d1bac7976eb6427dd3fc824e8c5bc6c616b03bf60f32153adf7941a00d68f396cbfc28fd058da0d

C:\Program Files (x86)\USB Vibration\7906\setup\data1.hdr

MD5 020b00fd3e241dd9d6031cba5cfe1f28
SHA1 76e1167fdb86059fc7cdede944ec26135721d78d
SHA256 7946c7dd11cb411e22d31deac4530f88700315c464c19694e55009666bcfa440
SHA512 bd9d3a2b2a00621220eb7f7f51459c194efe2a007ff960ce5f46533c130e5cce5bb0704b1d85ba254a63bb578f800dc7395b8c784e974bf976114ec182e1560a

C:\Users\Admin\AppData\Local\Temp\set4605.tmp

MD5 323bff0939ec825e28d947af65a5eda1
SHA1 19c8d64eab423beda776febdffb4fe07036757ff
SHA256 cece9a446492277c62f3eddf049bc57504c5ab77554b7e25377d8e43c7f2c856
SHA512 c62c2e6cc34abe5c618fc3ebea27566d6a7396ccaa753f07e7f2adb3ca404649a167f8a3f1108dfeb1fccf653c186bba0bc6b6e88ff59c1bc350a4e66c1cde18

memory/4800-56-0x0000000003790000-0x00000000037D3000-memory.dmp

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll

MD5 98098911f534ffb8b4b70101dc4ccf86
SHA1 22e40b9f75ad1e1b7340a86d8dc7ccb299e4212a
SHA256 e7b19016e5a2b337728a31998c1a0b3f7a724a323025751c5fcaad6b52e3b31a
SHA512 b35becbf4d9735b87fc67dbfeb316f4c9f0946fabf6341f950aa60a1766b3a102613e7fffde607f7ff5fd5fb6de56dacba52ac65be14e3c79be65d5a991f95b3

C:\Users\Admin\AppData\Local\Temp\isp4625.tmp\_Setup.dll

MD5 028076a4fbf8fa58f18a60e3a5240e0a
SHA1 e88dbf4140ea02b812794158defd9518cbaae76b
SHA256 594820df4a61a930bcbbea6681361b173334ff925e4bcad138d48aaa36bc3b8d
SHA512 698178f9eb18ba9ae7d72168dbf3f803231aff16b2ac3d857105a55439e5ed5ed9190c384a3d5b430a00a87ab7a2ad31120bb9b39569ac6587f46137a0c23d7f

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll

MD5 734bfdc5269c9f5d3cb5c70c3b1fb7cd
SHA1 8430a0e5dc8d4b85ff107d176e8c8c9b3ac05dc7
SHA256 cf45dc216ad13041c81911c9c1f5367e17a63e10bdf8065e6e2341cd5e114028
SHA512 625014078f8924aed95d36f3e2276d6568c7d51b5b70865f5a85dc53d12bfc89547550e325cfddec909a678bcf41c79baeb4f12b090e5b2ac81d86918a3b5403

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe

MD5 ec3a24dd533bb759ca791379febadf5c
SHA1 2e861637d3324dbc7110455db08f2ff2f5e1a173
SHA256 81385bdb4ddb83b628a34bbacbc4f25da766ab92aa2b0114ca39172df82c727e
SHA512 5a67bb5d3ebc854bedb0fbf2a65708ce9567375c0b6ee942fa78fa7f75a7e4d75518212eefe97dce8b8c8e03c56c821378e78782ee8409d2993f4f6f81605a0a

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll

MD5 86f3f2451f2d4a36df07348987a6d6c7
SHA1 0b02b9dcbadeab407bf40a9ebf73c65f18e72d96
SHA256 42a495bd6d881d2c0dc349f4bb5689b5db0aeb4c6a6bb88611b2ce4873a2313c
SHA512 8e22e3e006c79c1ce1de56d2950a43b12ba66bbbd3236cbec7a02c739f70d597b4dbe16b552b94378359b930fc11d32717ecfe3785ba7d813fcfa910f0a6aa45

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll

MD5 7600d18e83e1e41ba6f9ac914fb0e37e
SHA1 9432db98dd322e27bbc696a86d4ffe61ef5505b2
SHA256 1bf555fa6044231196e97fbef29e63a4233f2c4eeceb42528598f596c7c469db
SHA512 9c71dab5cc116cae11f7f6df4c9384bb6824eefc0bec8b1d7c0b75d26cf3ccd07dfd23bfa87bfc3a230ef0fe161d9e79be51a747ff96a7d725b0a8a0de85a56b

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll

MD5 4ee14797231081a3f00878b3579005b0
SHA1 5afaf830563d79d1233aabbb0220d0dac58cfae6
SHA256 3802c0e00e5e9b87f8307be63a9b91809a17bfaeb5d391c5ba410a59f16a3cf9
SHA512 1f33b48ff1aca2a219aea27403b786d1e37ceb810b13c1cf696201c2d2b1ecc7ad976a927be645905d4d0d2bbdd38c5d239179f2b6d7127ea8569fce47db439a

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\IsP4795.tmp

MD5 95a0596179ae7667f15744f4b6eb73b7
SHA1 dd975905b63f32244c64cb62dd14e1bf84cfdc49
SHA256 d3573dcfebf060dbe6c496f6782f99adf69b6bf0d72d2ba864f33ddf73751f52
SHA512 2b0a44cb2a853a1773baf81cb095eb7063350738f1d32e76903ed8d710da07c3d110f3be031bdd152e28b28bc4493fe234678cf034c18fb125083f2b60cc3876

C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

MD5 96331344f45a28c11963044ca7ab44b6
SHA1 8fb596d3d5e290244d7e0c958483c9c0be7cc67f
SHA256 e7d9673cb26e282b9f2cfa0165c54182c3dfa46c5fcaac78c347efbf31e515d2
SHA512 dd90854e43bfbc481afa17dd603a37984ec349a16764824d790642be923ca128b1d2178866c7bcaa23c3de861c420a483f31ebd8034b77c75be7a266797076c1

C:\Program Files (x86)\USB Vibration\7906\setup\setup.inx

MD5 f4cc831f741c910ec5e04c3e537e28be
SHA1 9d0c71644d2862f63107b6263da77a0236246a50
SHA256 8cb285c4ef1617726f5beba1aa5fe63dec96f4159527bf627f9d38aac61a1732
SHA512 b6162e870c2e5079eeb91b6108762c1a691929cf3b33448e98a9b8a6c8726d73ae848279d0c5f8738581bf8297787459d13af7cd0f509faf5c66837b755db485

C:\Program Files (x86)\USB Vibration\7906\setup\data1.cab

MD5 c8e94c912ea341b50c08dd9e1703a15a
SHA1 72bd7ba4ae0b773ea1ab57b8e19ca3bd83a8756a
SHA256 57ca983be9ef2975722c5ac470ca174ffe780584e8d9cdd9c65d515e652e2dda
SHA512 60df0bbe508788c1ed0f3045e31185fcc1fc6ab95a15ba08dfa13f0b983590c83321a674805047514a4581cb89173943d64e25b9370b1763342791c437fca168

C:\Program Files (x86)\USB Vibration\7906\setup\layout.bin

MD5 9c323fcef80af1dff8a6f19bb2f4f1ca
SHA1 dfbfc6d79cb91659a039632084f9a04e773a383e
SHA256 906e2120f6764c3ebe88aa8f160825b96e66f6470cf2171e47c54f305047dfdd
SHA512 f4db4f9803ad5ca057bf16eb5728c0dafa86597352d30ba0b03306b3d0a35b3165731a531de1b882a0a3ff869cfb877c19d65bc87d618768531f430246b0b2ea

memory/4800-165-0x0000000003810000-0x000000000381E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{F0F53397-25B5-4159-A7EA-BFDEC38B7FDE}\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\isrt.dll

MD5 ea32fb55f2855ab9b60f338dabf9780b
SHA1 38b34c675d083febc3bc68289bda5c0d12507d35
SHA256 13b5f9db5d2e799f9df8651d67a63765964fdf0f1c32fa94e1d5ec9819dc7700
SHA512 349dcce2de6ff3d8cc121bd92ffd83de9b3ddd0603a741ea7e79943e051f4a93a6e1fe4dbad94e8d3a7d304c87ca2cee40c9333e0d09b393b6c427cddf0ec84a

C:\Users\Admin\AppData\Local\Temp\{F0F53397-25B5-4159-A7EA-BFDEC38B7FDE}\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\_IsRes.dll

MD5 552da0bced12d1a9b04af8f08726f574
SHA1 8157d244161293624d0fabc35e3b3c7a97960a0d
SHA256 ac0f969daaf22f422d7412c4db1ade13a01154200d79d2f446c1d68c2e4422f7
SHA512 e6c1e295f07c9750e57db5c9cd8c067be969bfa29c93bf2ae24ca2a2b84a297a81144706b198ec5bdec74b7fd490d117378b83398331e3cc81b480fc84e86b4f

C:\Program Files (x86)\InstallShield Installation Information\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}\setup.ini

MD5 2210b9649ee13625a389691dc54cb60b
SHA1 225bb04fbab6602540463eaf8cc53ce70342f488
SHA256 e233d2fbeaf7043266c69a8e02add74187a55f6cbec489a6f767fae2e337a5cc
SHA512 80104c10f69fbf23e99d30964f93c7383563b3a0da2968c60f7a84c10bf21f5a3957ffd1e6312c38bc8817ce2cd51220a9b2f84b2c8ed4988bf7d78e044ff8be

C:\Program Files (x86)\USB Vibration\7906\setup\data2.cab

MD5 c7c8eaa4f694cb30b6cd4fb6917f8380
SHA1 2810ab477fec2b957d9c7448173da0cdf3bb2cb4
SHA256 fab2395277f6bc0b93f372e4462d2eb9c663aa2d8806b59bfea001ed86d951d2
SHA512 476252c65d80df962d8febd84d4922e4ba0f1a1519e63d19ef12e8c0690485d5d23d09867eae3f10d625576b60cff8f36ace3c03f99cdf1a62db4e9a48b90802

C:\Windows\USB Vibration\7906\SetReg64.exe

MD5 e1031a9253251d22782518dbe3ca321d
SHA1 56144948931806647ade555d36607d530e03f534
SHA256 93178e896623cb7eac196a771e55c7a7a322d4018a6d1aa18b4db69608fcf303
SHA512 07eda8e1687b27cb6172e863b14a0a8ca3e2ca56263dcf2689439dc99522c811b0c543b98eb6bd4bedd5156ab51c7b480247d530223d1a166ce7dbfea1293bc7

C:\Users\Admin\AppData\Local\Temp\_isdelet.ini

MD5 1bd02df1acbf4864f5e0e8ca04b2ee5f
SHA1 3a00faa9cff38e50e0bedbe54e0a365f58abf171
SHA256 b144bcf729e25cea923d321354a7b054841b51de50e8b592842caae179768de7
SHA512 c3b6423b42f321c9d3f0e9517dc8ab67d6d7e7baea75aa0ffe7bdd69e4a1467a67d6d076ab4a494dbbabfc2ffd42880455e10429c43ac164b9642c56921c181b