Analysis Overview
SHA256
7e44f8395e0130ad5e1e7247367d975e34f9a8ebd44a17368776c3e131a4b21b
Threat Level: Known bad
The file 07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe was found to be: Known bad.
Malicious Activity Summary
Detect Neshta payload
Neshta family
Neshta
Executes dropped EXE
Reads user/profile data of web browsers
Modifies system executable filetype association
Checks computer location settings
Loads dropped DLL
Adds Run key to start application
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-16 20:55
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Neshta family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 20:55
Reported
2024-06-16 20:57
Platform
win7-20240508-en
Max time kernel
3s
Max time network
121s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE"
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C1267~1.EXE"
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
C:\Users\Admin\AppData\Local\Temp\3582-490\_C1267~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C1267~1.EXE
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6820~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C6820~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C6621~1.EXE InjUpdate
Network
Files
memory/1976-0-0x0000000000220000-0x0000000000221000-memory.dmp
\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
| MD5 | 03e5b12d360aca02a451afbe64800f66 |
| SHA1 | 27bb810fa8691d87ae71c81c4e2c0b6b2dd19c4a |
| SHA256 | 63eb4140e7e2b0d7caa5647d56f0ef15c18ca2d807acf8aeca223fd277d2e5c9 |
| SHA512 | 147b3253d1b98391bbec1ca76e55adab462be4644b9d454af654c95d6ede9fc2cd4a557f9cb24cdb565bfcd7a258a6c68dca209d1a415ef66f739055827b4a70 |
C:\ProgramData\Synaptics\Synaptics.exe
| MD5 | 07bfb0840eaa1abf424dbf172d53b920 |
| SHA1 | a88141a3f6d07b3299b739d89f6898d735f8c01e |
| SHA256 | 7e44f8395e0130ad5e1e7247367d975e34f9a8ebd44a17368776c3e131a4b21b |
| SHA512 | a3101275ffc7a7b91632f2073c390873a98229d3c2d9d3be1942e26af0bac9c6495c87f2ad08583c066ff58582b6b2425b5017e0b8780e02939bc39e6955a994 |
\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
| MD5 | 009514914aeafde39d041ba6f8ec76ab |
| SHA1 | 311aa322431b4da03bdcc4e3496f775b99d7b8a2 |
| SHA256 | b020477590a2e5af8dfb33766f0726f6905cc6a29c6450d1751432c917689100 |
| SHA512 | 974fc9721374fa5e5b71e13c6b2939db76355483edd5a82a79d419ba1fd3ef13ef6d33035924c55b8c06aa756dd21f8d429c7571a1e1d572cc9bd23e08222836 |
memory/1976-43-0x0000000000400000-0x0000000000A65000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
| MD5 | dcb552f012312fb79d58d4886c2821bb |
| SHA1 | c8ea66077a9ae508de6ea1cd61ee9d92dd71b2b1 |
| SHA256 | b4366e7a0662d8db52d6af1e7dff1cab66494c20333d4ba33d9a219f5cd4c714 |
| SHA512 | c3317aa1240e16c00b8ca34d62acec3ad25d531228458d1533fb1d17ebb5854b8fef984ae5c8afcff5ccf675cb8b10ff4b2c5116ec06dfe74c39a0007a162da5 |
memory/316-79-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\svchost.com
| MD5 | 795dec5bafd15c555abfede51795b91b |
| SHA1 | f16953ae5c96220776d37b971ba00a191c4b083c |
| SHA256 | d0e01f71c109b1c9ab478d5da4e1dd393d524aabfb4bfabedcc8940d70a41e2a |
| SHA512 | 37484352af113d6a874f0a32ada106589e789b0784400004c973915601abe5d0fb3f42a52711bd4259d03468f2ffa89c3a849d89575464d3aef079f656c4e6d8 |
C:\MSOCache\ALLUSE~1\{90140~1\dwtrig20.exe
| MD5 | cf6c595d3e5e9667667af096762fd9c4 |
| SHA1 | 9bb44da8d7f6457099cb56e4f7d1026963dce7ce |
| SHA256 | 593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d |
| SHA512 | ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80 |
C:\MSOCache\ALLUSE~1\{90140~1\DW20.EXE
| MD5 | 02ee6a3424782531461fb2f10713d3c1 |
| SHA1 | b581a2c365d93ebb629e8363fd9f69afc673123f |
| SHA256 | ead58c483cb20bcd57464f8a4929079539d634f469b213054bf737d227c026dc |
| SHA512 | 6c9272cb1b6bde3ee887e1463ab30ea76568cb1a285d11393337b78c4ad1c3b7e6ce47646a92ab6d70bff4b02ab9d699b84af9437b720e52dcd35579fe2693ec |
C:\MSOCache\ALLUSE~1\{9A861~1\setup.exe
| MD5 | 566ed4f62fdc96f175afedd811fa0370 |
| SHA1 | d4b47adc40e0d5a9391d3f6f2942d1889dd2a451 |
| SHA256 | e17cd94c08fc0e001a49f43a0801cea4625fb9aee211b6dfebebec446c21f460 |
| SHA512 | cdf8f508d396a1a0d2e0fc25f2ae46398b25039a0dafa0919737cc44e3e926ebae4c3aa26f1a3441511430f1a36241f8e61c515a5d9bd98ad4740d4d0f7b8db7 |
C:\MSOCache\ALLUSE~1\{9A861~1\ose.exe
| MD5 | 58b58875a50a0d8b5e7be7d6ac685164 |
| SHA1 | 1e0b89c1b2585c76e758e9141b846ed4477b0662 |
| SHA256 | 2a0aa0763fdef9c38c5dd4d50703f0c7e27f4903c139804ec75e55f8388139ae |
| SHA512 | d67214077162a105d01b11a8e207fab08b45b08fbfba0615a2ea146e1dd99eea35e4f02958a1754d3192292c00caf777f186f0a362e4b8b0da51fabbdb76375b |
C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
| MD5 | 66e094115b03ab697d41dac7b816d81c |
| SHA1 | a9d18da3e4ce2b34b062a6848be6f8bc5e670c0c |
| SHA256 | 7437f192065031f59ac4dce5614a6b1be237959560e3c9b33679dd4adb09e6aa |
| SHA512 | 6b4429c811e0aa0f3b50f3951a17d5272f09ea797ada8ade46ddbff9e2c1fc446386035741114c3f9049ddbc2f6eaefcc6a87874bf2f360190a89f856bd45a9b |
\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
| MD5 | 14da3e52c30478a45712c9524691ec67 |
| SHA1 | b4775170cd28864e5fa29725d154fea0f67b45ec |
| SHA256 | fe1c908e81a72881334fa9a6b773534af98eab3d59aabf84bb6ff51d3f0ab313 |
| SHA512 | 3eb12d84ec0023fc84dc4446134d56f049cc32a51c753fdc847fc277adef15381aa6a6368b4071dd07322d6c30f2cc0e4b8c2738e648af89d04bb23046afc113 |
memory/2668-91-0x0000000000400000-0x000000000099E000-memory.dmp
memory/1008-101-0x0000000000400000-0x00000000008D8000-memory.dmp
C:\Windows\directx.sys
| MD5 | 8e4bd9619c227ef2bc20a2cb2aa55e7b |
| SHA1 | a6214b7678b83c4db74b210625b4812300df3a74 |
| SHA256 | 84ba3f2b07e112efaff6ee034b84db960521db9e504a4ac77a5e8e5e988d86d9 |
| SHA512 | 12a6a559b89441983e9aab70f0ea17dc790bc48c7938dd573c888e33811db8fb210539ebebaa6c8f5c04971d72d037be6603de15ea3a1ffc0f5ea3dd5132b4bf |
\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
| MD5 | d5988d18465457c77d48a7af88f3ec35 |
| SHA1 | 12917596900f3fa1f9d43aa8fab71960d9b0bacc |
| SHA256 | 0ae87dbd516ba9e64640cfd9df31183b2f5b1ecf31f455d2bbc37d02e4b818fd |
| SHA512 | 4020b5c484af1b0c6faf1de083bba05957b371aeb08932924cafc7e663884c8ed544699af123cda675826b8f9ec2022c689c93dcda402ece4bc42aab007a166d |
memory/2808-134-0x0000000000400000-0x000000000041B000-memory.dmp
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1840-143-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1900-173-0x0000000000400000-0x0000000000A65000-memory.dmp
C:\Windows\directx.sys
| MD5 | f9d50095200245f4da0ddb25d68b981a |
| SHA1 | ab4aea8f393579322ff923ba6a0b7a6de224005c |
| SHA256 | 4bfbff29fe4d64d0a4162850264ba0adc5bff90905201a1937162d64c92958f3 |
| SHA512 | b5f92b54f2920bef0045e97e9f8a7fccfa29f5d19d7b063b28eb1dce248cb0a6adfe2adb7f1084a70caaba39ebbe850987383fcdd93f2db2eaf03d4cd63b0198 |
memory/3060-181-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1792-185-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2288-192-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/2868-182-0x0000000000400000-0x000000000099E000-memory.dmp
C:\Windows\directx.sys
| MD5 | 043c42847e0ef63834b6a11438ffbe47 |
| SHA1 | e9c3668f9f3120846d734ecc267eb1506c1bfad6 |
| SHA256 | b05c3f4f45330685414a7c36e192ff16060e4bdccdadf09ed1eccc3ab249a0b8 |
| SHA512 | e9e572a557eb3b97941c3090af8c093afa9ef89afb342454c64e675f8094278d8f0f9872504127e5cb6782567a8d63cd5ecbbc309e9e29574011d9c894d85fae |
memory/1256-175-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3024-159-0x0000000000400000-0x000000000041B000-memory.dmp
memory/396-158-0x0000000000400000-0x0000000000811000-memory.dmp
memory/2636-171-0x0000000000400000-0x0000000000A65000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
| MD5 | 2b3061ff0f09da8dd9bd28301752a7cc |
| SHA1 | 2f59b4d9ade4f8a863bc34a27d39925fb53bd817 |
| SHA256 | a765f151b06562265e78e6adc792df4cf340cfd28ba59003726e45ee27b0a9fe |
| SHA512 | 9d098abac29252fdacb5896cbd0cc9a3af99c6e1d0d96adbdf317fb2161b6ea69e2a5089b7f33051f87c36fe0848315baf2dd6473339ec94396cff4a0220a751 |
memory/288-131-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1940-202-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2008-218-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1672-219-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2132-209-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/1656-230-0x000000005FFF0000-0x0000000060000000-memory.dmp
memory/3040-237-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/2348-242-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2468-240-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1544-267-0x0000000000400000-0x000000000099E000-memory.dmp
memory/1740-284-0x0000000000400000-0x0000000000811000-memory.dmp
memory/1744-287-0x0000000000400000-0x000000000041B000-memory.dmp
memory/396-305-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2668-314-0x0000000000400000-0x000000000099E000-memory.dmp
memory/1688-322-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2640-323-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/3064-330-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2976-320-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1888-303-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/2380-351-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2888-364-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2024-385-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/1684-404-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2472-402-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/2272-406-0x0000000000400000-0x000000000099E000-memory.dmp
memory/948-401-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/3012-400-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1840-394-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1584-384-0x0000000000400000-0x0000000000811000-memory.dmp
memory/2592-387-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1612-383-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1544-376-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2108-382-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2720-374-0x0000000000400000-0x000000000099E000-memory.dmp
memory/2784-368-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2684-366-0x0000000000400000-0x0000000000811000-memory.dmp
memory/880-365-0x0000000000400000-0x000000000041B000-memory.dmp
memory/376-363-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/2716-362-0x0000000000400000-0x000000000041B000-memory.dmp
memory/112-349-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2256-342-0x0000000000400000-0x000000000041B000-memory.dmp
memory/900-340-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/1532-283-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | 9f91cbea47871be23615cee737160624 |
| SHA1 | e7d5c669da9310bfacdfa87b63d51a0a02761a30 |
| SHA256 | 70763d9ab84384db1a675be4690127023daf705a12085e61aaf427085fd6da43 |
| SHA512 | efb179d8b1d40df3ad822974ba2f459eb8e4cfe0a8fd538fc6c8adf07e79065f6fdedb90de035e8d8b19bd68f919ec1a5e197c81e26a3073651014345e700078 |
memory/1476-272-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1132-271-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1884-194-0x0000000000400000-0x000000000041B000-memory.dmp
memory/236-117-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | b42f2603883dadf133cee3ae5d767bb2 |
| SHA1 | dc4161551044405353e870b029afff27c8030e22 |
| SHA256 | 998e1546bc98d29ffccb70e81ed00a01f3dbd3015e947d1aabca4cb01775ce28 |
| SHA512 | a4c33c9b87f84b4aba84ecf8b0b2d8a90703ef8523f1d057824196e584451072ab5bbc96e0c95a319baaffd16ba7a26f940fec2e28e9228e1275c87fb061c02d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 20:55
Reported
2024-06-16 20:58
Platform
win10v2004-20240508-en
Max time kernel
44s
Max time network
140s
Command Line
Signatures
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Neshta
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
Drops file in Program Files directory
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\directx.sys | C:\Windows\svchost.com | N/A |
| File opened for modification | C:\Windows\svchost.com | C:\Windows\svchost.com | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*" | C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe"
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe eeae7a449edae00ec87bb073eb46c464 MDhxRKmrfkmLKW0r9xHYMQ.0.1.0.0.0
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE" InjUpdate
C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE
C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_SYNAPT~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache_SYNAPT~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C578E~1.EXE InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C3612~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C3612~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C3612~1.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__C578E~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE
C:\PROGRA~3\SYNAPT~1\SYNAPT~1.EXE InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache_SYNAPT~1.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache_SYNAPT~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
"C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_SYNAPT~1.EXE" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\SYNAPT~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\SYNAPT~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\SYNAPT~1.EXE InjUpdate
C:\ProgramData\Synaptics\._cache_SYNAPT~1.EXE
"C:\ProgramData\Synaptics\._cache_SYNAPT~1.EXE" InjUpdate
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_C3612~1.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_C3612~1.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_C3612~1.EXE InjUpdate
C:\ProgramData\Synaptics\._cache_Synaptics.exe
"C:\ProgramData\Synaptics\._cache_Synaptics.exe" InjUpdate
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | freedns.afraid.org | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
Files
memory/432-0-0x0000000000D20000-0x0000000000D21000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
| MD5 | 03e5b12d360aca02a451afbe64800f66 |
| SHA1 | 27bb810fa8691d87ae71c81c4e2c0b6b2dd19c4a |
| SHA256 | 63eb4140e7e2b0d7caa5647d56f0ef15c18ca2d807acf8aeca223fd277d2e5c9 |
| SHA512 | 147b3253d1b98391bbec1ca76e55adab462be4644b9d454af654c95d6ede9fc2cd4a557f9cb24cdb565bfcd7a258a6c68dca209d1a415ef66f739055827b4a70 |
C:\ProgramData\Synaptics\Synaptics.exe
| MD5 | 07bfb0840eaa1abf424dbf172d53b920 |
| SHA1 | a88141a3f6d07b3299b739d89f6898d735f8c01e |
| SHA256 | 7e44f8395e0130ad5e1e7247367d975e34f9a8ebd44a17368776c3e131a4b21b |
| SHA512 | a3101275ffc7a7b91632f2073c390873a98229d3c2d9d3be1942e26af0bac9c6495c87f2ad08583c066ff58582b6b2425b5017e0b8780e02939bc39e6955a994 |
C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
| MD5 | 009514914aeafde39d041ba6f8ec76ab |
| SHA1 | 311aa322431b4da03bdcc4e3496f775b99d7b8a2 |
| SHA256 | b020477590a2e5af8dfb33766f0726f6905cc6a29c6450d1751432c917689100 |
| SHA512 | 974fc9721374fa5e5b71e13c6b2939db76355483edd5a82a79d419ba1fd3ef13ef6d33035924c55b8c06aa756dd21f8d429c7571a1e1d572cc9bd23e08222836 |
C:\ProgramData\Synaptics\Synaptics.exe
| MD5 | 863d2b725d31a978e44adaf8aa31833e |
| SHA1 | 21f3bff038705bee326a622e85c2f262450533c0 |
| SHA256 | a4ad05e7bb8894454e38e5016362dfdcee8bace8e619f0b6f565975c71044b05 |
| SHA512 | 631e7eaec0ac235639568f01efa1bde767848d4c455818dc69614a2e8a5f7399d483eea53f4fac56051aef07b4c23edea432a7884f931c02c5f4f1092702d7f2 |
C:\ProgramData\Synaptics\Synaptics.exe
| MD5 | 5dc9feb3b4cff8180c4e18141bd25bd7 |
| SHA1 | b0300a29088ddc34936372a2401f7a4524e71382 |
| SHA256 | eaeffb55101ae435f8f611b9c3772a65258095c32488739bd0acfde3aeb4fb93 |
| SHA512 | 7b219d638a4b9f2cc94caf1744f6e0d2bf5c22c78d1e6d67f0e191b78ba8ff6f2edee3c030e528d8cc5ff31be3e27f2d16954bf8e1d174f19a9589b127f18440 |
memory/432-115-0x0000000000400000-0x0000000000A65000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
| MD5 | 66e094115b03ab697d41dac7b816d81c |
| SHA1 | a9d18da3e4ce2b34b062a6848be6f8bc5e670c0c |
| SHA256 | 7437f192065031f59ac4dce5614a6b1be237959560e3c9b33679dd4adb09e6aa |
| SHA512 | 6b4429c811e0aa0f3b50f3951a17d5272f09ea797ada8ade46ddbff9e2c1fc446386035741114c3f9049ddbc2f6eaefcc6a87874bf2f360190a89f856bd45a9b |
C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_._cache_07bfb0840eaa1abf424dbf172d53b920_NeikiAnalytics.exe
| MD5 | dcb552f012312fb79d58d4886c2821bb |
| SHA1 | c8ea66077a9ae508de6ea1cd61ee9d92dd71b2b1 |
| SHA256 | b4366e7a0662d8db52d6af1e7dff1cab66494c20333d4ba33d9a219f5cd4c714 |
| SHA512 | c3317aa1240e16c00b8ca34d62acec3ad25d531228458d1533fb1d17ebb5854b8fef984ae5c8afcff5ccf675cb8b10ff4b2c5116ec06dfe74c39a0007a162da5 |
C:\ProgramData\Synaptics\Synaptics.exe
| MD5 | 4344b9f361c4eb552bcfa2011378e572 |
| SHA1 | 9aff0883954514c43ec79d2682529585040bceab |
| SHA256 | ab2ee9e1df757af652f9090f30099fe25645e801266f6ba2e987b711b240c05a |
| SHA512 | fcc5c650cd20beed2447c83361637357b11810fe8d42ba26340a8ffee74bd57b2c2bc7e1b730ca40337dd389c5e5d3097ada4ce8f70dd5ce6584914765ea7e1c |
memory/4344-189-0x0000000000400000-0x000000000099E000-memory.dmp
C:\Windows\svchost.com
| MD5 | 795dec5bafd15c555abfede51795b91b |
| SHA1 | f16953ae5c96220776d37b971ba00a191c4b083c |
| SHA256 | d0e01f71c109b1c9ab478d5da4e1dd393d524aabfb4bfabedcc8940d70a41e2a |
| SHA512 | 37484352af113d6a874f0a32ada106589e789b0784400004c973915601abe5d0fb3f42a52711bd4259d03468f2ffa89c3a849d89575464d3aef079f656c4e6d8 |
C:\Windows\directx.sys
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe
| MD5 | cce8964848413b49f18a44da9cb0a79b |
| SHA1 | 0b7452100d400acebb1c1887542f322a92cbd7ae |
| SHA256 | fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5 |
| SHA512 | bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE
| MD5 | 176436d406fd1aabebae353963b3ebcf |
| SHA1 | 9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a |
| SHA256 | 2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f |
| SHA512 | a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE
| MD5 | 12c29dd57aa69f45ddd2e47620e0a8d9 |
| SHA1 | ba297aa3fe237ca916257bc46370b360a2db2223 |
| SHA256 | 22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880 |
| SHA512 | 255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE
| MD5 | 92dc0a5b61c98ac6ca3c9e09711e0a5d |
| SHA1 | f809f50cfdfbc469561bced921d0bad343a0d7b4 |
| SHA256 | 3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc |
| SHA512 | d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE
| MD5 | 8c753d6448183dea5269445738486e01 |
| SHA1 | ebbbdc0022ca7487cd6294714cd3fbcb70923af9 |
| SHA256 | 473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997 |
| SHA512 | 4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE
| MD5 | 4ddc609ae13a777493f3eeda70a81d40 |
| SHA1 | 8957c390f9b2c136d37190e32bccae3ae671c80a |
| SHA256 | 16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950 |
| SHA512 | 9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5 |
memory/2032-237-0x0000000000400000-0x000000000041B000-memory.dmp
C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe
| MD5 | 5791075058b526842f4601c46abd59f5 |
| SHA1 | b2748f7542e2eebcd0353c3720d92bbffad8678f |
| SHA256 | 5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394 |
| SHA512 | 83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE
| MD5 | 09acdc5bbec5a47e8ae47f4a348541e2 |
| SHA1 | 658f64967b2a9372c1c0bdd59c6fb2a18301d891 |
| SHA256 | 1b5c715d71384f043843ea1785a6873a9f39d2daae112ccdeffcd88b10a3a403 |
| SHA512 | 3867bf98e1a0e253114a98b78b047b0d8282b5abf4aaf836f31cc0e26224e2a1b802c65df9d90dc7696a6dbcb9a8e4b900f1d1299e1b11e36f095ebaf8a2e5b8 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe
| MD5 | 576410de51e63c3b5442540c8fdacbee |
| SHA1 | 8de673b679e0fee6e460cbf4f21ab728e41e0973 |
| SHA256 | 3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe |
| SHA512 | f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db |
C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE
| MD5 | bcd0f32f28d3c2ba8f53d1052d05252d |
| SHA1 | c29b4591df930dabc1a4bd0fa2c0ad91500eafb2 |
| SHA256 | bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb |
| SHA512 | 79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10 |
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe
| MD5 | 0511abca39ed6d36fff86a8b6f2266cd |
| SHA1 | bfe55ac898d7a570ec535328b6283a1cdfa33b00 |
| SHA256 | 76ae68fc7c6c552c4a98c5df640cd96cf27b62e7e1536b7f7d08eff56fcde8b8 |
| SHA512 | 6608412e3ed0057f387bafcddcb07bfe7da4f207c7300c460e5acc4bd234cec3362191800789eb465eb120ec069e3ed49eabb6bd7db30d9e9245a89bb20e4346 |
C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaws.exe
| MD5 | e9fb27bf62ef26b3288b5fe9ddf2f482 |
| SHA1 | eb4908aa50c11ae43df2fbdb0c80ddd41443624e |
| SHA256 | 9ea04cf00d8c01e4099195e5289c2e8221cdb7217c773222d1a55473b854f1b3 |
| SHA512 | 89fc0a4d2fa078315ca25ddeeaaa911ffb82d10669b0987d9bd67b149e09d73d0c356c656a519be7d65b93da831ea9da4f7617595ec01697390ca8bb00743ffa |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE
| MD5 | 25e165d6a9c6c0c77ee1f94c9e58754b |
| SHA1 | 9b614c1280c75d058508bba2a468f376444b10c1 |
| SHA256 | 8bbe59987228dd9ab297f9ea34143ea1e926bfb19f3d81c2904ab877f31e1217 |
| SHA512 | 7d55c7d86ccabb6e9769ebca44764f4d89e221d5756e5c5d211e52c271e3ce222df90bc9938248e2e210d6695f30f6280d929d19ef41c09d3ea31688ae24d4bf |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE
| MD5 | 5e08d87c074f0f8e3a8e8c76c5bf92ee |
| SHA1 | f52a554a5029fb4749842b2213d4196c95d48561 |
| SHA256 | 5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714 |
| SHA512 | dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe
| MD5 | 6ce350ad38c8f7cbe5dd8fda30d11fa1 |
| SHA1 | 4f232b8cccd031c25378b4770f85e8038e8655d8 |
| SHA256 | 06a3bb0bdd2da870bc8dc2c6b760855cea7821273ce59fc0be158149e52915ba |
| SHA512 | 4c18a112fec391f443a4ae217ac6d1850e0cfdad4b2d2cbe3f61cb01c0a1400ea6bd5c3ffe0a9978ead50e7f6cfab96ae5090bb9a611f988f1a86ccaa5d4cd4f |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe
| MD5 | 5119e350591269f44f732b470024bb7c |
| SHA1 | 4ccd48e4c6ba6e162d1520760ee3063e93e2c014 |
| SHA256 | 2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873 |
| SHA512 | 599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4 |
C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe
| MD5 | 23b1708cd5e7409832fe36f125844e7a |
| SHA1 | 39ec7d4322cf4ccea82ee65343d05459c5eb3f3e |
| SHA256 | 03e0297166fcd0b5a439d974080fbd5efbb48dfe3b019ab11faa89ecc372765f |
| SHA512 | d6291f0a98f1dfedd81589f07d219df23a9e734680975d5e2d91553767927bd2b7ed915e6f5974767277fb813e14f8549caf57f96912ea3cebe28b73ca3ec62e |
C:\PROGRA~2\MOZILL~1\UNINST~1.EXE
| MD5 | 9cc8047a7f7963378556e4de802b0a7d |
| SHA1 | e8b64a0be5eb3d465a259c1211dd8d1d62202dd8 |
| SHA256 | aac915fbd1808bab7670e4a143642ca857a4c4ffe3f9bc0999ffb5b9f566bd65 |
| SHA512 | 260334d4f2967cf52ccf2ad21a346a3ae38d39a07f58188588f55285d58a904afd3b8c1ee7a9d86d1010b90b1fbcfc19f30074f803bf356cb8ee2ebc62fd35c5 |
C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE
| MD5 | 99ac881582035c636c2359fcc7c72b71 |
| SHA1 | 34e222ce94d0fb0cbfe61e7e37d527c01a413e5e |
| SHA256 | 8aa538991767d32b538ad399c1e2af1e536ab9fc04ca70f13c0728347f404753 |
| SHA512 | 44bd12f2e8da0bd02c0348720bc73d00823ab9bb6a5ef7eba1881dacf0817c37d763b0cc3ab201e958822220ecc4d93a871ca693bb0f6ed95c1b26eb7a00d6f2 |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MID1AD~1.EXE
| MD5 | 4f197c71bb5b8880da17b80a5b59dd04 |
| SHA1 | c3d4b54f218768e268c9114aa9cdaf36a48803cd |
| SHA256 | a1a0bf09839e6175e5508271774c6d94f4eb2130c914ea7666c1ecaf1a6fde47 |
| SHA512 | e6104ade74dc18e05be756e2a287b9940cdc98150ddd7c562b61282d57070e1d7272316469f1e1b294d3dfbcf191c2692de0d45a2fae59e73c4c039d80f3e002 |
C:\PROGRA~2\MICROS~1\EDGEUP~1\13147~1.37\MICROS~4.EXE
| MD5 | da18586b25e72ff40c0f24da690a2edc |
| SHA1 | 27a388f3cdcfa7357f971b5c4411ea5aa1b9e5f5 |
| SHA256 | 67f6e8f14bcf0e6d570c1f4ac5a1bb80a4e1470b5bad5a7ee85689c476597d8e |
| SHA512 | 3512820a9d37b61f77a79b2d4d3f6aec9ef53dbf81071bee16f5dcc8173393a1cd1bffe9f7f39467b72f9c9271a78e42078e68598934188d9df0b887f2edc5ab |
C:\PROGRA~3\PACKAG~1\{63880~1\WINDOW~1.EXE
| MD5 | 558fdb0b9f097118b0c928bb6062370a |
| SHA1 | ad971a9a4cac3112a494a167e1b7736dcd6718b3 |
| SHA256 | 90cee4a89cc1401ac464818226b7df69aa930804cefce56758d4e2ea0009d924 |
| SHA512 | 5d08d5428e82fb3dad55c19e2c029de8f16e121faac87575b97f468b0ec312b3e0696225546cba91addaaf8f2451d44ae6386b4e4f7f621ce45055f3be797d7c |
C:\PROGRA~3\PACKAG~1\{EF6B0~1\VCREDI~1.EXE
| MD5 | 07e194ce831b1846111eb6c8b176c86e |
| SHA1 | b9c83ec3b0949cb661878fb1a8b43a073e15baf1 |
| SHA256 | d882f673ddf40a7ea6d89ce25e4ee55d94a5ef0b5403aa8d86656fd960d0e4ac |
| SHA512 | 55f9b6d3199aa60d836b6792ae55731236fb2a99c79ce8522e07e579c64eabb88fa413c02632deb87a361dd8490361aa1424beed2e01ba28be220f8c676a1bb5 |
C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE
| MD5 | 9c10a5ec52c145d340df7eafdb69c478 |
| SHA1 | 57f3d99e41d123ad5f185fc21454367a7285db42 |
| SHA256 | ccf37e88447a7afdb0ba4351b8c5606dbb05b984fb133194d71bcc00d7be4e36 |
| SHA512 | 2704cfd1a708bfca6db7c52467d3abf0b09313db0cdd1ea8e5d48504c8240c4bf24e677f17c5df9e3ac1f6a678e0328e73e951dc4481f35027cb03b2966dc38f |
C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE
| MD5 | 97510a7d9bf0811a6ea89fad85a9f3f3 |
| SHA1 | 2ac0c49b66a92789be65580a38ae9798237711db |
| SHA256 | c48abbc29405559e68cc9f8fc6d218aa317a9d0023839c7846ca509c1f563fea |
| SHA512 | 2a93e2a3bd187fdde160f87ef777ccd1d1c398d547b7c869e6b64469b9418ad04d887cdfe94af7407476377bf2d009f576de3935c025b7aefbab26fbcd8f90fb |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
| MD5 | 3b73078a714bf61d1c19ebc3afc0e454 |
| SHA1 | 9abeabd74613a2f533e2244c9ee6f967188e4e7e |
| SHA256 | ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29 |
| SHA512 | 75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
| MD5 | 8ffc3bdf4a1903d9e28b99d1643fc9c7 |
| SHA1 | 919ba8594db0ae245a8abd80f9f3698826fc6fe5 |
| SHA256 | 8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6 |
| SHA512 | 0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
| MD5 | a4709d871fe1adb58883e9aa7d79db30 |
| SHA1 | 7119bc852f2a39133e0a34ccce7e1f8b13076569 |
| SHA256 | c9643b30e7bcb698786621a8d71e8c2f684f47f0147b14f40650d710f4200039 |
| SHA512 | 0a8b682fe14f0c0acec3e49abf6a2bfbeb4f7bec14349cbdf355a41fecb272362f2d9d998f3c49d679440475926c8553ad20b480cc30ac71d0b4907d9040b265 |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE
| MD5 | 39c8a4c2c3984b64b701b85cb724533b |
| SHA1 | c911f4c4070dfe9a35d9adcb7de6e6fb1482ce00 |
| SHA256 | 888a1dd0033e5d758a4e731e3e55357de866e80d03b1b194375f714e1fd4351d |
| SHA512 | f42ca2962fe60cff1a13dea8b81ff0647b317c785ee4f5159c38487c34d33aecba8478757047d31ab2ee893fbdcb91a21655353456ba6a018fc71b2278db4db2 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE
| MD5 | 5c78384d8eb1f6cb8cb23d515cfe7c98 |
| SHA1 | b732ab6c3fbf2ded8a4d6c8962554d119f59082e |
| SHA256 | 9abd7f0aa942ee6b263cdc4b32a4110ddb95e43ad411190f0ea48c0064884564 |
| SHA512 | 99324af5f8fb70a9d01f97d845a4c6999053d6567ba5b80830a843a1634b02eaf3c0c04ced924cf1b1be9b4d1dbbcb95538385f7f85ad84d3eaaa6dcdebcc8a6 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE
| MD5 | 11486d1d22eaacf01580e3e650f1da3f |
| SHA1 | a47a721efec08ade8456a6918c3de413a2f8c7a2 |
| SHA256 | 5e1b1daa9968ca19a58714617b7e691b6b6f34bfacaf0dcf4792c48888b1a5d3 |
| SHA512 | 5bd54e1c1308e04a769e089ab37bd9236ab97343b486b85a018f2c8ad060503c97e8bc51f911a63f9b96dd734eb7d21e0a5c447951246d972b05fafeef4633da |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE
| MD5 | 301d7f5daa3b48c83df5f6b35de99982 |
| SHA1 | 17e68d91f3ec1eabde1451351cc690a1978d2cd4 |
| SHA256 | abe398284d90be5e5e78f98654b88664e2e14478f7eb3f55c5fd1c1bcf1bebee |
| SHA512 | 4a72a24dec461d116fe8324c651913273ccaa50cb036ccdacb3ae300e417cf4a64aa458869b8d2f3b4c298c59977437d11b241d08b391a481c3226954bba22e4 |
C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE
| MD5 | 7c73e01bd682dc67ef2fbb679be99866 |
| SHA1 | ad3834bd9f95f8bf64eb5be0a610427940407117 |
| SHA256 | da333c92fdfd2e8092f5b56686b94f713f8fa27ef8f333e7222259ad1eb08f5d |
| SHA512 | b2f3398e486cde482cb6bea18f4e5312fa2db7382ca25cea17bcba5ab1ff0e891d59328bc567641a9da05caca4d7c61dc102289d46e7135f947ce6155e295711 |
C:\PROGRA~2\Google\Update\DISABL~1.EXE
| MD5 | 3b0e91f9bb6c1f38f7b058c91300e582 |
| SHA1 | 6e2e650941b1a96bb0bb19ff26a5d304bb09df5f |
| SHA256 | 57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d |
| SHA512 | a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f |
C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE
| MD5 | e5589ec1e4edb74cc7facdaac2acabfd |
| SHA1 | 9b12220318e848ed87bb7604d6f6f5df5dbc6b3f |
| SHA256 | 6ce92587a138ec07dac387a294d0bbe8ab629599d1a2868d2afaccea3b245d67 |
| SHA512 | f36ab33894681f51b9cec7ea5a738eb081a56bcd7625bdd2f5ef2c084e4beb7378be8f292af3aeae79d9317ba57cc41df89f00aef52e58987bdb2eac3f48171a |
C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE
| MD5 | 96a14f39834c93363eebf40ae941242c |
| SHA1 | 5a3a676403d4e6ad0a51d0f0e2bbdd636ae5d6fc |
| SHA256 | 8ee4aa23eb92c4aba9a46b18ac249a5fa11c5abb7e2c1ca82cd5196401db790a |
| SHA512 | fbf307a8053e9478a52cfdf8e8bad3d7c6664c893458786ae6ee4fffc6fe93006e99a2a60c97fb62dad1addd5247621517f4edee5d9545717c4587a272cef9a2 |
C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE
| MD5 | 400836f307cf7dbfb469cefd3b0391e7 |
| SHA1 | 7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10 |
| SHA256 | cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a |
| SHA512 | aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8 |
C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe
| MD5 | 6f87ccb8ab73b21c9b8288b812de8efa |
| SHA1 | a709254f843a4cb50eec3bb0a4170ad3e74ea9b3 |
| SHA256 | 14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22 |
| SHA512 | 619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe
| MD5 | e7a27a45efa530c657f58fda9f3b9f4a |
| SHA1 | 6c0d29a8b75574e904ab1c39fc76b39ca8f8e461 |
| SHA256 | d6f11401f57293922fb36cd7542ae811ab567a512449e566f83ce0dcef5ff8e5 |
| SHA512 | 0c37b41f3c075cd89a764d81f751c3a704a19240ad8e4ebab591f399b9b168b920575749e9d24c2a8f0400b9f340ab9fea4db76ff7060d8af00e2b36ac0c4a54 |
C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe
| MD5 | 15f4411f1b14234b5bed948ed78fa86e |
| SHA1 | f9775a3d87efb22702d934322ffcda3511b79c17 |
| SHA256 | cd6c08078343089d299a30f7bf16555ab349e946892dca1c49c6c0336d27ff0e |
| SHA512 | c44d2e96d6d0264075379066fd5d11ba30a675bb6f6b6279c4ac0d12066975c30c33b69b52457cbed4e35852e8b15b3daad9274d6f957ae0681fb7a6c48a33cb |
C:\Windows\directx.sys
| MD5 | 6b3bfceb3942a9508a2148acbee89007 |
| SHA1 | 3622ac7466cc40f50515eb6fcdc15d1f34ad3be3 |
| SHA256 | e0a7bae2a9ac263cff5d725922e40272d8854278d901233a93a5267859c00a3c |
| SHA512 | fa222bfcade636824af32124b45450c92b1abec7a33e6e647a9248eef5371c127d22ccb7cc5a096b4d5d52e2457f3841293a1b34304e8e5523549856ac02f224 |
memory/1252-372-0x0000000000400000-0x000000000041B000-memory.dmp
memory/448-373-0x0000000000400000-0x0000000000A65000-memory.dmp
memory/2384-374-0x0000000000400000-0x0000000000A65000-memory.dmp
C:\ProgramData\Synaptics\RCX6765.tmp
| MD5 | 02897faa98bb7b124155dc43b1504d57 |
| SHA1 | a09167f95ca0327fceaebae3438d244baeaecbe8 |
| SHA256 | 610c75b1ae3062f4896bf0fb822036de8d04402fc4267955aec1d1d04993743d |
| SHA512 | 05f48e90a5eb7c00b78c659a95925a31a534c55bd38f8b62c854c6266390036ee934f6d9f11ac32a7be476875d52a3e7a9562f3f8f3e31fa8bc2addee78a1c0e |
memory/212-456-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2544-455-0x0000000000400000-0x000000000099E000-memory.dmp
C:\Windows\directx.sys
| MD5 | 56abc40d1e45c091d8afddb90a4ce6b4 |
| SHA1 | 08db549484467b32b79958700300cabefc659848 |
| SHA256 | a43fa861957415e3b0f25e2b54d931961cd309ff1d5354a9362852895b90b3e1 |
| SHA512 | 51625c015a7c8fcf6fb51d3396aa08d2068772e3fcacaf32c409e82071af4ba1eb2ee94f36c06a98c32ba59d23bbaa6b540f7bd418a9472303cc225151daa698 |
memory/1220-440-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4924-459-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4908-491-0x0000000000400000-0x000000000099E000-memory.dmp
memory/4684-493-0x0000000000400000-0x000000000099E000-memory.dmp
memory/2848-494-0x0000000000400000-0x000000000099E000-memory.dmp
memory/2808-559-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\._cache__CACHE~1.EXE
| MD5 | d5988d18465457c77d48a7af88f3ec35 |
| SHA1 | 12917596900f3fa1f9d43aa8fab71960d9b0bacc |
| SHA256 | 0ae87dbd516ba9e64640cfd9df31183b2f5b1ecf31f455d2bbc37d02e4b818fd |
| SHA512 | 4020b5c484af1b0c6faf1de083bba05957b371aeb08932924cafc7e663884c8ed544699af123cda675826b8f9ec2022c689c93dcda402ece4bc42aab007a166d |
memory/3092-583-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3644-586-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | b42f2603883dadf133cee3ae5d767bb2 |
| SHA1 | dc4161551044405353e870b029afff27c8030e22 |
| SHA256 | 998e1546bc98d29ffccb70e81ed00a01f3dbd3015e947d1aabca4cb01775ce28 |
| SHA512 | a4c33c9b87f84b4aba84ecf8b0b2d8a90703ef8523f1d057824196e584451072ab5bbc96e0c95a319baaffd16ba7a26f940fec2e28e9228e1275c87fb061c02d |
memory/3136-577-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3008-576-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/4532-620-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/2800-621-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/2832-628-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3582-490\._cache__CACHE~3.EXE
| MD5 | d8f945d31a2649eb667f0ee57097c144 |
| SHA1 | c20500fcab31c57b4d411119cd3fefb3616519cd |
| SHA256 | 71fe4b25dfd8a4ba823e6308f926b56c788948f6d18811f7079867006a37a97a |
| SHA512 | 98ffc4b4c61671803f81a9fdff8d2ae73adb5152dea5c0225db25410c8b93f00574e39d3fac7ab3a5e585aaced0eebd69467b0c082990f2e6ec17b3b6de798eb |
memory/3396-707-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1896-710-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4460-709-0x0000000000400000-0x0000000000811000-memory.dmp
memory/4000-699-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2152-711-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3828-722-0x0000000000400000-0x000000000041B000-memory.dmp
memory/316-723-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | 8e4bd9619c227ef2bc20a2cb2aa55e7b |
| SHA1 | a6214b7678b83c4db74b210625b4812300df3a74 |
| SHA256 | 84ba3f2b07e112efaff6ee034b84db960521db9e504a4ac77a5e8e5e988d86d9 |
| SHA512 | 12a6a559b89441983e9aab70f0ea17dc790bc48c7938dd573c888e33811db8fb210539ebebaa6c8f5c04971d72d037be6603de15ea3a1ffc0f5ea3dd5132b4bf |
memory/1680-737-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1696-740-0x0000000000400000-0x000000000041B000-memory.dmp
memory/412-770-0x0000000000400000-0x0000000000811000-memory.dmp
memory/2024-771-0x0000000000400000-0x0000000000811000-memory.dmp
memory/3124-772-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3144-773-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4088-853-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2444-854-0x0000000000400000-0x000000000099E000-memory.dmp
memory/2884-857-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1360-889-0x0000000000400000-0x000000000099E000-memory.dmp
memory/2348-962-0x0000000000400000-0x00000000008D8000-memory.dmp
C:\Windows\directx.sys
| MD5 | b0bf31abfa7b64da8a3f257366eb0e01 |
| SHA1 | 958444a8449749a409f0dfbfc84f65069fb4f799 |
| SHA256 | b1304d541b965969b360d5f0a4e3441d52dd1202aecb32ec32e68b82f8951f4b |
| SHA512 | baf49da82bf90f84bcdab2e95c5d5bff9ba715c4c502ec5036f22076c65e2dcc1b10bab4b11fb97ae257ef1b4ee68240cac8a8ce8981c5d44074acb63e045f09 |
memory/2800-956-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2384-972-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4852-963-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3436-978-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2972-992-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3988-998-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2840-1013-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1028-1014-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2116-1015-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/3144-1018-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2152-1016-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3124-1017-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1696-1019-0x0000000000400000-0x0000000000811000-memory.dmp
memory/3212-1020-0x0000000000400000-0x0000000000811000-memory.dmp
memory/5100-1030-0x0000000000400000-0x000000000041B000-memory.dmp
memory/3816-1036-0x0000000000400000-0x000000000041B000-memory.dmp
memory/316-1037-0x0000000000400000-0x00000000008D8000-memory.dmp
memory/2592-1104-0x0000000000400000-0x000000000099E000-memory.dmp
memory/4868-1118-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1284-1119-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4384-1134-0x0000000000400000-0x000000000041B000-memory.dmp
memory/4432-1135-0x0000000000400000-0x000000000099E000-memory.dmp
memory/1088-1196-0x0000000000400000-0x000000000041B000-memory.dmp
memory/1348-1208-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2344-1209-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Windows\directx.sys
| MD5 | 67ecce9569384f6b88c396997d34bf58 |
| SHA1 | e395cd82a4cdf07a6372336ac14ea7760c7ad6cb |
| SHA256 | 954cab6390a11422653fa97c44d6fde3942abe9a75264dea59f5f9c1da2f768d |
| SHA512 | f2b07c1629059aa0253b9c3a9a5085d79eb079b82b422c106a645d2c757baf857f3b65891a779275e22756149332a99e2251971259b32b857a9ac442abefdbce |
C:\Windows\directx.sys
| MD5 | 10320b53df6530a542f13adf5f36d39a |
| SHA1 | 386dd879a3e1176b0c91328ce8254174e4220569 |
| SHA256 | 9c4249eb6a5603fcc10a8c8c3c4d8f028a98ebcd9179c0836faacf1d03a48ce7 |
| SHA512 | c8007820db892b374dee1e6917c6caa4981d3f230ffc11d6753951ff46861ee4b0035544b3309b3008a2a769266639ce45ebc023b1748730cf0cf67844a065d6 |
C:\Windows\directx.sys
| MD5 | 50f9540e92cf29209f78b355a43d1b90 |
| SHA1 | 8abcaab03e674ea2809493e7b877510c8d3a26cc |
| SHA256 | a80262da854cfc312ba1ab8e9b563f50c7fff642aa3cb10f4c39f6007d57ba3f |
| SHA512 | b76e8239ab638ab8ca81f4bb065a6113931a53bf0b441513482d3553cc64ba13f84233faa280be6b0212465b94c099feef19a4dd6e294542f7ea88d6c49f3b7f |
C:\Windows\directx.sys
| MD5 | 71af5fa1ff07b79a860f77a2b72962a0 |
| SHA1 | b73c47e8c506813adaaef8d442bc4044295ba85d |
| SHA256 | 33b8203f6282c864c3be20ecd5857e48023c635a9627e69e4188131da512063f |
| SHA512 | 158cb2c58957749ecf84c69f5e20f1e78ead52ac09cb246328d29ad3a24a1ab9387688a72134cfc57d691d0762001ad743328287a6c8d16988ef919a230718e4 |
C:\Windows\directx.sys
| MD5 | 21d4ea9de48032aaf048ee7b6a32199e |
| SHA1 | 6103e4da901ef085be832c783e35b77fed850b00 |
| SHA256 | 5beb53e3fff94531257affda6d616ce3c589cb5c366b4fb1580bff8ce9468b53 |
| SHA512 | 131044994427c79b0d700ba8e63ce4ef954439603d063bda3797015d1a9cd89c4f0a57cca62afee31313a2fbcb5f4bd2e64f6bd7311a39f49508dbaa38d1f198 |
C:\Windows\directx.sys
| MD5 | 9a31216e040a3e8028f763b13990757d |
| SHA1 | 71c237c89d1a05841539b2f2427998141691ec45 |
| SHA256 | aaffb19cd824aedba6655675874f5c4006739ef929c207c95abcd9df9b90f1ae |
| SHA512 | d85a1be049305755a15a0de2ebacb3a71fac6423ec94824ce33e84671c4f1cd6c26f3d3ed7ad6b35d0eacb9eded99b441c844ac02b934f0787beea0adb202e5e |
C:\Windows\directx.sys
| MD5 | 4e125c05c3c52106512082f82aac0717 |
| SHA1 | 8505fb21e0058418415b73921e4d5d872c4485e1 |
| SHA256 | d450a68cb3fc838b7658dc7d0c0ebe239a29285410b1af7b76497779d23f27c2 |
| SHA512 | 3d6caa724b358829dca51623e9cbf6cca72512e19d027b0f72296fa20ffa47f31f24d72b45cb5d5fb767756a5a5469bae66dbca94d97f1e33ca134d1f080323a |
C:\Windows\directx.sys
| MD5 | 2a1a444d984c05c43d524342c33cd31a |
| SHA1 | 4def9ef1520bf1e7bb25c143c371adf850c3443f |
| SHA256 | ca4392062d77da07a8fe68506d18c1225b0e9fecc1b8d82d2047498d8aaf085d |
| SHA512 | 8efe0cf48ac8cc9f0af14986a0918ab9f0bc2e099fc545fcc3b6a945936ca771af3f1ffaeca35617ef07dd762ca2ec1398cc2757c2df4e37301d994588e4241a |