Analysis

  • max time kernel
    7s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-06-2024 13:48

General

  • Target

    c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe

  • Size

    2.4MB

  • MD5

    c1779426d93c21f8a8225ae0771a41c0

  • SHA1

    3f6db29296d972691a377d1ca600dad1934a6ffb

  • SHA256

    5b6ddc64b4f2d59e0d119fc8790852b47dc0b7c2f17da35ac540a512a70f529c

  • SHA512

    b22ee5dd946bb6317cbbade882ea2d78ef5d9a7300707fcb2aa6ffd1f2e389f32e7dbf0b3de6e984f9b2cddafb11bd1635538cc31d21f8a045b778db2af058e8

  • SSDEEP

    49152:UHyjtk2MYC5GDNHyjtk2MYC5GDJHyjtk2MYC5GDHnanWn9:Umtk2asmtk2aImtk2aInanWn9

Malware Config

Signatures

  • Detect Neshta payload 64 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

  • Checks computer location settings 2 TTPs 13 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 6 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 23 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious use of AdjustPrivilegeToken 31 IoCs
  • Suspicious use of WriteProcessMemory 62 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe
    "C:\Users\Admin\AppData\Local\Temp\c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Users\Admin\AppData\Local\Temp\3582-490\c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:632
      • C:\Users\Admin\AppData\Local\Temp\._cache_c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1508
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE"
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of WriteProcessMemory
          PID:2324
          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:408
            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE"
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Drops file in Windows directory
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:540
              • C:\Windows\svchost.com
                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE"
                7⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of WriteProcessMemory
                PID:240
                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                  8⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:2296
                  • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                    "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE"
                    9⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Modifies registry class
                    • Suspicious use of WriteProcessMemory
                    PID:4916
                    • C:\Windows\svchost.com
                      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE"
                      10⤵
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of WriteProcessMemory
                      PID:4184
                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                        11⤵
                        • Executes dropped EXE
                        PID:4660
      • C:\ProgramData\Synaptics\Synaptics.exe
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3276
        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2276
          • C:\Windows\svchost.com
            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of WriteProcessMemory
            PID:3036
            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Adds Run key to start application
              • Modifies registry class
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3760
              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                7⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Drops file in Windows directory
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:5004
                • C:\Windows\svchost.com
                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                  8⤵
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of WriteProcessMemory
                  PID:2084
                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                    9⤵
                    • Checks computer location settings
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Adds Run key to start application
                    • Modifies registry class
                    • Suspicious use of WriteProcessMemory
                    PID:5056
                    • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                      "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                      10⤵
                      • Executes dropped EXE
                      • Modifies system executable filetype association
                      • Drops file in Windows directory
                      • Modifies registry class
                      PID:4712
                    • C:\ProgramData\Synaptics\Synaptics.exe
                      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:3196
                      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                        11⤵
                          PID:4952
                          • C:\Windows\svchost.com
                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                            12⤵
                              PID:1420
                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                13⤵
                                  PID:2812
                                  • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                    "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                    14⤵
                                      PID:2232
                                      • C:\Windows\svchost.com
                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                        15⤵
                                          PID:3084
                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                            16⤵
                                              PID:2140
                                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                17⤵
                                                  PID:2228
                                                  • C:\Windows\svchost.com
                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                    18⤵
                                                      PID:3736
                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                        19⤵
                                                          PID:3592
                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                            20⤵
                                                              PID:1540
                                                              • C:\Windows\svchost.com
                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                21⤵
                                                                  PID:1080
                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                    22⤵
                                                                      PID:688
                                                                • C:\ProgramData\Synaptics\Synaptics.exe
                                                                  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                  20⤵
                                                                    PID:3056
                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                      21⤵
                                                                        PID:240
                                                                        • C:\Windows\svchost.com
                                                                          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                          22⤵
                                                                            PID:1552
                                                                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                              23⤵
                                                                                PID:3632
                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                  24⤵
                                                                                    PID:428
                                                                                    • C:\Windows\svchost.com
                                                                                      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                      25⤵
                                                                                        PID:3520
                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                          C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                          26⤵
                                                                                            PID:5116
                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                              27⤵
                                                                                                PID:652
                                                                                                • C:\Windows\svchost.com
                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                  28⤵
                                                                                                    PID:2344
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                      29⤵
                                                                                                        PID:3312
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                          30⤵
                                                                                                            PID:3656
                                                                                                            • C:\Windows\svchost.com
                                                                                                              "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                              31⤵
                                                                                                                PID:3632
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                  32⤵
                                                                                                                    PID:4316
                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                30⤵
                                                                                                                  PID:4324
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                    31⤵
                                                                                                                      PID:1332
                                                                                                                      • C:\Windows\svchost.com
                                                                                                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                        32⤵
                                                                                                                          PID:1360
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                            33⤵
                                                                                                                              PID:2300
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                34⤵
                                                                                                                                  PID:2112
                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                    35⤵
                                                                                                                                      PID:164
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                        36⤵
                                                                                                                                          PID:4284
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                            37⤵
                                                                                                                                              PID:3228
                                                                                                                                            • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                              "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                              37⤵
                                                                                                                                                PID:2320
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                  38⤵
                                                                                                                                                    PID:4716
                                                                                                                                                    • C:\Windows\svchost.com
                                                                                                                                                      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                      39⤵
                                                                                                                                                        PID:960
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                          40⤵
                                                                                                                                                            PID:2096
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                              41⤵
                                                                                                                                                                PID:744
                                                                                                                                                                • C:\Windows\svchost.com
                                                                                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                                                  42⤵
                                                                                                                                                                    PID:4540
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                                                      43⤵
                                                                                                                                                                        PID:664
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                                                          44⤵
                                                                                                                                                                            PID:4284
                                                                                                                                                                            • C:\Windows\svchost.com
                                                                                                                                                                              "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                                                                                              45⤵
                                                                                                                                                                                PID:4336
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                                                                                                  46⤵
                                                                                                                                                                                    PID:3632
                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                                                                                                      47⤵
                                                                                                                                                                                        PID:1688
                                                                                                                                                                                        • C:\Windows\svchost.com
                                                                                                                                                                                          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                                                                                                          48⤵
                                                                                                                                                                                            PID:1368
                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                                                                                              49⤵
                                                                                                                                                                                                PID:4416
                                                                                                                                                                                          • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                            "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                            47⤵
                                                                                                                                                                                              PID:3800
                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                48⤵
                                                                                                                                                                                                  PID:3692
                                                                                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                                                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                    49⤵
                                                                                                                                                                                                      PID:4724
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                        50⤵
                                                                                                                                                                                                          PID:540
                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                            51⤵
                                                                                                                                                                                                              PID:1100
                                                                                                                                                                                                              • C:\Windows\svchost.com
                                                                                                                                                                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                52⤵
                                                                                                                                                                                                                  PID:3896
                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                                                                                                    53⤵
                                                                                                                                                                                                                      PID:4220
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                        54⤵
                                                                                                                                                                                                                          PID:4916
                                                                                                                                                                                                                          • C:\Windows\svchost.com
                                                                                                                                                                                                                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                            55⤵
                                                                                                                                                                                                                              PID:3004
                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                                                                                                                                                56⤵
                                                                                                                                                                                                                                  PID:4120
                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                    57⤵
                                                                                                                                                                                                                                      PID:3532
                                                                                                                                                                                                                                      • C:\Windows\svchost.com
                                                                                                                                                                                                                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                                                                                                                                                        58⤵
                                                                                                                                                                                                                                          PID:1540
                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                                                                                                                                            59⤵
                                                                                                                                                                                                                                              PID:2232
                                                                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                44⤵
                                                                                                                                                                                                                  PID:1988
                                                                                                                                                                                                          • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                            "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                            41⤵
                                                                                                                                                                                                              PID:2280
                                                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                34⤵
                                                                                                                                                                                                  PID:1100
                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                    35⤵
                                                                                                                                                                                                      PID:3752
                                                                                                                                                                                                      • C:\Windows\svchost.com
                                                                                                                                                                                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                        36⤵
                                                                                                                                                                                                          PID:3512
                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                            37⤵
                                                                                                                                                                                                              PID:4872
                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                38⤵
                                                                                                                                                                                                                  PID:1864
                                                                                                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                                                                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                    39⤵
                                                                                                                                                                                                                      PID:1192
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                                                                                                        40⤵
                                                                                                                                                                                                                          PID:2980
                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                            41⤵
                                                                                                                                                                                                                              PID:5052
                                                                                                                                                                                                                              • C:\Windows\svchost.com
                                                                                                                                                                                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                42⤵
                                                                                                                                                                                                                                  PID:2012
                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                                                                                                                                                    43⤵
                                                                                                                                                                                                                                      PID:3648
                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                        44⤵
                                                                                                                                                                                                                                          PID:4176
                                                                                                                                                                                                                                          • C:\Windows\svchost.com
                                                                                                                                                                                                                                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                                                                                                                                                            45⤵
                                                                                                                                                                                                                                              PID:3196
                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                                                                                                                                                46⤵
                                                                                                                                                                                                                                                  PID:1784
                                                                                                                                                                                                                                            • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                              "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                              44⤵
                                                                                                                                                                                                                                                PID:3760
                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                  45⤵
                                                                                                                                                                                                                                                    PID:3200
                                                                                                                                                                                                                                                    • C:\Windows\svchost.com
                                                                                                                                                                                                                                                      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                      46⤵
                                                                                                                                                                                                                                                        PID:4844
                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                          47⤵
                                                                                                                                                                                                                                                            PID:1868
                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                              48⤵
                                                                                                                                                                                                                                                                PID:1288
                                                                                                                                                                                                                                                                • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                                  49⤵
                                                                                                                                                                                                                                                                    PID:5052
                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                                                                                                                                                      50⤵
                                                                                                                                                                                                                                                                        PID:4480
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                                          51⤵
                                                                                                                                                                                                                                                                            PID:4052
                                                                                                                                                                                                                                                                            • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                              "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                              52⤵
                                                                                                                                                                                                                                                                                PID:1860
                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                                                                                                                                                                                                  53⤵
                                                                                                                                                                                                                                                                                    PID:4528
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                                      54⤵
                                                                                                                                                                                                                                                                                        PID:4516
                                                                                                                                                                                                                                                                                        • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                                                                                                                                                                                                          55⤵
                                                                                                                                                                                                                                                                                            PID:3824
                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                                                                                                                                                                                              56⤵
                                                                                                                                                                                                                                                                                                PID:4288
                                                                                                                                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                48⤵
                                                                                                                                                                                                                                                                                  PID:704
                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                    49⤵
                                                                                                                                                                                                                                                                                      PID:3716
                                                                                                                                                                                                                                                                                      • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                        50⤵
                                                                                                                                                                                                                                                                                          PID:2392
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                            51⤵
                                                                                                                                                                                                                                                                                              PID:3216
                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                52⤵
                                                                                                                                                                                                                                                                                                  PID:4176
                                                                                                                                                                                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                    53⤵
                                                                                                                                                                                                                                                                                                      PID:2328
                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                                                                                                                                                                                        54⤵
                                                                                                                                                                                                                                                                                                          PID:4812
                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                            55⤵
                                                                                                                                                                                                                                                                                                              PID:244
                                                                                                                                                                                                                                                                                                              • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                56⤵
                                                                                                                                                                                                                                                                                                                  PID:1508
                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                    57⤵
                                                                                                                                                                                                                                                                                                                      PID:1544
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                        58⤵
                                                                                                                                                                                                                                                                                                                          PID:4632
                                                                                                                                                                                                                                                                                                                          • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                            59⤵
                                                                                                                                                                                                                                                                                                                              PID:2456
                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                                60⤵
                                                                                                                                                                                                                                                                                                                                  PID:3484
                                                                                                                                                                                                                                                                                          • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                            "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                            41⤵
                                                                                                                                                                                                                                                                                              PID:1464
                                                                                                                                                                                                                                                                                      • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                        38⤵
                                                                                                                                                                                                                                                                                          PID:2084
                                                                                                                                                                                                                                                                  • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                    "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                    27⤵
                                                                                                                                                                                                                                                                      PID:3580
                                                                                                                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                24⤵
                                                                                                                                                                                                                                                                  PID:2944
                                                                                                                                                                                                                                                                • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                  24⤵
                                                                                                                                                                                                                                                                    PID:4820
                                                                                                                                                                                                                                                    • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                      17⤵
                                                                                                                                                                                                                                                        PID:792
                                                                                                                                                                                                                                                • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                  14⤵
                                                                                                                                                                                                                                                    PID:228
                                                                                                                                                                                                                                    • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                      • Checks computer location settings
                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                                                                      • Suspicious use of WriteProcessMemory
                                                                                                                                                                                                                                      PID:1684
                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                        8⤵
                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                        PID:2244
                                                                                                                                                                                                                                        • C:\Windows\svchost.com
                                                                                                                                                                                                                                          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                          9⤵
                                                                                                                                                                                                                                            PID:1792
                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                PID:3580
                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                  11⤵
                                                                                                                                                                                                                                                    PID:3764
                                                                                                                                                                                                                                                    • C:\Windows\svchost.com
                                                                                                                                                                                                                                                      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                      12⤵
                                                                                                                                                                                                                                                        PID:1800
                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                                                                                                                                          13⤵
                                                                                                                                                                                                                                                            PID:2252
                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                              14⤵
                                                                                                                                                                                                                                                                PID:1988
                                                                                                                                                                                                                                                                • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                  15⤵
                                                                                                                                                                                                                                                                    PID:4268
                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                                                                                                                                                                                      16⤵
                                                                                                                                                                                                                                                                        PID:876
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                          17⤵
                                                                                                                                                                                                                                                                            PID:4584
                                                                                                                                                                                                                                                                            • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                              "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                                                                                                                                                                                              18⤵
                                                                                                                                                                                                                                                                                PID:3944
                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                                                                                                                                                                                  19⤵
                                                                                                                                                                                                                                                                                    PID:5044
                                                                                                                                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                17⤵
                                                                                                                                                                                                                                                                                  PID:2320
                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                    18⤵
                                                                                                                                                                                                                                                                                      PID:1880
                                                                                                                                                                                                                                                                                      • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                        19⤵
                                                                                                                                                                                                                                                                                          PID:2668
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                            20⤵
                                                                                                                                                                                                                                                                                              PID:4264
                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                21⤵
                                                                                                                                                                                                                                                                                                  PID:2812
                                                                                                                                                                                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                    22⤵
                                                                                                                                                                                                                                                                                                      PID:3524
                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE InjUpdate
                                                                                                                                                                                                                                                                                                        23⤵
                                                                                                                                                                                                                                                                                                          PID:4384
                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                            24⤵
                                                                                                                                                                                                                                                                                                              PID:4744
                                                                                                                                                                                                                                                                                                              • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                25⤵
                                                                                                                                                                                                                                                                                                                  PID:1856
                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE
                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~3.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                    26⤵
                                                                                                                                                                                                                                                                                                                      PID:1476
                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE
                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~3.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                        27⤵
                                                                                                                                                                                                                                                                                                                          PID:3600
                                                                                                                                                                                                                                                                                                                          • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                            28⤵
                                                                                                                                                                                                                                                                                                                              PID:3828
                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE
                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~4.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                                29⤵
                                                                                                                                                                                                                                                                                                                                  PID:2320
                                                                                                                                                                                                                                                                                                                            • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                              "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                              27⤵
                                                                                                                                                                                                                                                                                                                                PID:2720
                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                          "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                          24⤵
                                                                                                                                                                                                                                                                                                                            PID:5052
                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                              25⤵
                                                                                                                                                                                                                                                                                                                                PID:632
                                                                                                                                                                                                                                                                                                                                • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                  26⤵
                                                                                                                                                                                                                                                                                                                                    PID:1048
                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                          "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                          21⤵
                                                                                                                                                                                                                                                                                                                            PID:2036
                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                              22⤵
                                                                                                                                                                                                                                                                                                                                PID:1556
                                                                                                                                                                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                14⤵
                                                                                                                                                                                                                                                                                                                  PID:2084
                                                                                                                                                                                                                                                                                                          • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                            "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                            11⤵
                                                                                                                                                                                                                                                                                                              PID:4604

                                                                                                                                                                                                                                                                                        Network

                                                                                                                                                                                                                                                                                        MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                                                                                                                                                        Persistence

                                                                                                                                                                                                                                                                                        Event Triggered Execution

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1546

                                                                                                                                                                                                                                                                                        Change Default File Association

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1546.001

                                                                                                                                                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1547

                                                                                                                                                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1547.001

                                                                                                                                                                                                                                                                                        Privilege Escalation

                                                                                                                                                                                                                                                                                        Event Triggered Execution

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1546

                                                                                                                                                                                                                                                                                        Change Default File Association

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1546.001

                                                                                                                                                                                                                                                                                        Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1547

                                                                                                                                                                                                                                                                                        Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1547.001

                                                                                                                                                                                                                                                                                        Defense Evasion

                                                                                                                                                                                                                                                                                        Modify Registry

                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                        T1112

                                                                                                                                                                                                                                                                                        Credential Access

                                                                                                                                                                                                                                                                                        Unsecured Credentials

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1552

                                                                                                                                                                                                                                                                                        Credentials In Files

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1552.001

                                                                                                                                                                                                                                                                                        Discovery

                                                                                                                                                                                                                                                                                        Query Registry

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1012

                                                                                                                                                                                                                                                                                        System Information Discovery

                                                                                                                                                                                                                                                                                        2
                                                                                                                                                                                                                                                                                        T1082

                                                                                                                                                                                                                                                                                        Collection

                                                                                                                                                                                                                                                                                        Data from Local System

                                                                                                                                                                                                                                                                                        1
                                                                                                                                                                                                                                                                                        T1005

                                                                                                                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                                                                                                                        Downloads

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          328KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          39c8a4c2c3984b64b701b85cb724533b

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          c911f4c4070dfe9a35d9adcb7de6e6fb1482ce00

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          888a1dd0033e5d758a4e731e3e55357de866e80d03b1b194375f714e1fd4351d

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          f42ca2962fe60cff1a13dea8b81ff0647b317c785ee4f5159c38487c34d33aecba8478757047d31ab2ee893fbdcb91a21655353456ba6a018fc71b2278db4db2

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          86KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          3b73078a714bf61d1c19ebc3afc0e454

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          9abeabd74613a2f533e2244c9ee6f967188e4e7e

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          ded54d1fcca07b6bff2bc3b9a1131eac29ff1f836e5d7a7c5c325ec5abe96e29

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          75959d4e8a7649c3268b551a2a378e6d27c0bfb03d2422ebeeb67b0a3f78c079473214057518930f2d72773ce79b106fd2d78405e8e3d8883459dcbb49c163c4

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          5.7MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          09acdc5bbec5a47e8ae47f4a348541e2

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          658f64967b2a9372c1c0bdd59c6fb2a18301d891

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          1b5c715d71384f043843ea1785a6873a9f39d2daae112ccdeffcd88b10a3a403

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          3867bf98e1a0e253114a98b78b047b0d8282b5abf4aaf836f31cc0e26224e2a1b802c65df9d90dc7696a6dbcb9a8e4b900f1d1299e1b11e36f095ebaf8a2e5b8

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          175KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          576410de51e63c3b5442540c8fdacbee

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          8de673b679e0fee6e460cbf4f21ab728e41e0973

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          9.4MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          322302633e36360a24252f6291cdfc91

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          238ed62353776c646957efefc0174c545c2afa3d

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          31da9632f5d25806b77b617d48da52a14afc574bbe1653120f97705284ea566c

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          5a1f7c44ce7f5036bffc18ebac39e2bf70e6f35fa252617d665b26448f4c4473adfa115467b7e2d9b7068823e448f74410cdcdfef1ac1c09021e051921787373

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          8ffc3bdf4a1903d9e28b99d1643fc9c7

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          919ba8594db0ae245a8abd80f9f3698826fc6fe5

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          183KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          9dfcdd1ab508b26917bb2461488d8605

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          4ba6342bcf4942ade05fb12db83da89dc8c56a21

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          ecd5e94da88c653e4c34b6ab325e0aca8824247b290336f75c410caa16381bc5

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          1afc1b95f160333f1ff2fa14b3f22a28ae33850699c6b5498915a8b6bec1cfc40f33cb69583240aa9206bc2ea7ab14e05e071275b836502a92aa8c529fc1b137

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          131KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          5791075058b526842f4601c46abd59f5

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          b2748f7542e2eebcd0353c3720d92bbffad8678f

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          5c3ef3ec7594c040146e908014791dd15201ba58b4d70032770bb661b6a0e394

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          83e303971ed64019fde9e4ba6f6e889f8fb105088490dfa7dcf579a12baff20ef491f563d132d60c7b24a4fd3cac29bd9dc974571cd162000fae8fba4e0e54fb

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          254KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          4ddc609ae13a777493f3eeda70a81d40

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          8957c390f9b2c136d37190e32bccae3ae671c80a

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          16d65f2463658a72dba205dcaa18bc3d0bab4453e726233d68bc176e69db0950

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          9d7f90d1529cab20078c2690bf7bffab5a451a41d8993781effe807e619da0e7292f991da2f0c5c131b111d028b3e6084e5648c90816e74dfb664e7f78181bc5

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          386KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          8c753d6448183dea5269445738486e01

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          ebbbdc0022ca7487cd6294714cd3fbcb70923af9

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          473eb551101caeaf2d18f811342e21de323c8dd19ed21011997716871defe997

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          4f6fddefc42455540448eac0b693a4847e21b68467486376a4186776bfe137337733d3075b7b87ed7dac532478dc9afc63883607ec8205df3f155fee64c7a9be

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          92KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          176436d406fd1aabebae353963b3ebcf

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          9ffdfdb8cc832a0c6501c4c0e85b23a0f7eff57a

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          2f947e3ca624ce7373080b4a3934e21644fb070a53feeaae442b15b849c2954f

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          a2d1a714e0c1e5463260c64048ba8fd5064cfa06d4a43d02fc04a30748102ff5ba86d20a08e611e200dc778e2b7b3ae808da48132a05a61aa09ac424a182a06a

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          125KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          cce8964848413b49f18a44da9cb0a79b

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          0b7452100d400acebb1c1887542f322a92cbd7ae

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          fe44ca8d5050932851aa54c23133277e66db939501af58e5aeb7b67ec1dde7b5

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          bf8fc270229d46a083ced30da6637f3ca510b0ce44624a9b21ec6aacac81666dffd41855053a936aa9e8ea6e745a09b820b506ec7bf1173b6f1837828a35103d

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          142KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          92dc0a5b61c98ac6ca3c9e09711e0a5d

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          f809f50cfdfbc469561bced921d0bad343a0d7b4

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          3e9da97a7106122245e77f13f3f3cc96c055d732ab841eb848d03ac25401c1bc

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          d9eefb19f82e0786d9be0dbe5e339d25473fb3a09682f40c6d190d4c320cca5556abb72b5d97c6b0da4f8faefdc6d39ac9d0415fdf94ebcc90ecdf2e513c6a31

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          278KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          12c29dd57aa69f45ddd2e47620e0a8d9

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          ba297aa3fe237ca916257bc46370b360a2db2223

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          22a585c183e27b3c732028ff193733c2f9d03700a0e95e65c556b0592c43d880

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          255176cd1a88dfa2af3838769cc20dc7ad9d969344801f07b9ebb372c12cee3f47f2dba3559f391deab10650875cad245d9724acfa23a42b336bfa96559a5488

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          773KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          e7a27a45efa530c657f58fda9f3b9f4a

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          6c0d29a8b75574e904ab1c39fc76b39ca8f8e461

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          d6f11401f57293922fb36cd7542ae811ab567a512449e566f83ce0dcef5ff8e5

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          0c37b41f3c075cd89a764d81f751c3a704a19240ad8e4ebab591f399b9b168b920575749e9d24c2a8f0400b9f340ab9fea4db76ff7060d8af00e2b36ac0c4a54

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          121KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          cbd96ba6abe7564cb5980502eec0b5f6

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          74e1fe1429cec3e91f55364e5cb8385a64bb0006

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          405b8bd647fa703e233b8b609a18999abe465a8458168f1daf23197bd2ea36aa

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          a551001853f6b93dfbc6cf6a681820af31330a19d5411076ff3dbce90937b3d92173085a15f29ebf56f2ef12a4e86860ac6723ebc89c98ea31ea7a6c7e3d7cdc

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          325KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          0511abca39ed6d36fff86a8b6f2266cd

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          bfe55ac898d7a570ec535328b6283a1cdfa33b00

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          76ae68fc7c6c552c4a98c5df640cd96cf27b62e7e1536b7f7d08eff56fcde8b8

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          6608412e3ed0057f387bafcddcb07bfe7da4f207c7300c460e5acc4bd234cec3362191800789eb465eb120ec069e3ed49eabb6bd7db30d9e9245a89bb20e4346

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaw.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          325KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          6f87ccb8ab73b21c9b8288b812de8efa

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          a709254f843a4cb50eec3bb0a4170ad3e74ea9b3

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          14e7a1f2f930380903ae3c912b4a70fd0a59916315c46874805020fe41215c22

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          619b45b9728880691a88fbfc396c9d34b41d5e349e04d2eb2d18c535fffc079395835af2af7ca69319954a98852d2f9b7891eff91864d63bf25759c156e192ee

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          155KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          f7c714dbf8e08ca2ed1a2bfb8ca97668

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          cc78bf232157f98b68b8d81327f9f826dabb18ab

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          fc379fda348644fef660a3796861c122aa2dd5498e80279d1279a7ddb259e899

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          28bc04c4df3f632865e68e83d045b3ecd2a263e62853c922b260d0734026e8a1541988fcbf4ddc9cf3aba6863214d6c6eb51f8bbb2586122a7cb01a70f08d16c

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\Google\Update\DISABL~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          207KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          3b0e91f9bb6c1f38f7b058c91300e582

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          6e2e650941b1a96bb0bb19ff26a5d304bb09df5f

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MI391D~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          139KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          49139daa5597eaad0979962066bc0d6b

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          530c87363f416a7dce92316c5941ec535029ca98

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          013c02a79be19f930a74cb081f0ba048dfd54d82c236ee3a524f4d5784f67d77

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          b5b636e313281eb1d398c1aec2f973503f4384ffb169fc691a7b340dc4f6f5bc14ba14bc6c242ac65da4469fd610d4fa52d84ed1fb6db0db22fad55974f908e0

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MI9C33~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          139KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          a15016441259c3704235b7c1cb654d06

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          c9277f066c26446758df4fff5045a367f2a799ce

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          d2c00ac573df0c4eb408c4cba1add7e24bd0ce3fb151b943e1a924f88b5d4595

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          f4b1c0c5693a5f1d847d3ef8a6cc45ac5c87a763439605ad5bc5bfbcf05ad5911ef250639585233a1c73bd35a591b4fb7ef9bde841db8d9334998759fd0b8d17

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\EDGEUP~1\13187~1.37\MICROS~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          242KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          64f984b2f82f24ff3afe653fa78ae2c1

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          33ed1c8686a7ee0ef7efeb3628a814873461f54f

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          a4d51e8cbc9a30dc847c6b0913e1d5a6c1643d0b013b4c93cd1a505ce59ffcf9

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          7aa1eb9630ecb63e70de516f16fb8769cce1f4659b206c80ec284fc061d714aafbebc5ed69cdd971831ed1ee2194a1b55002de45386dcd095919c1fc031780ac

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          138KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          5e08d87c074f0f8e3a8e8c76c5bf92ee

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          f52a554a5029fb4749842b2213d4196c95d48561

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          5d548c2cc25d542f2061ed9c8e38bd5ca72bddb37dd17654346cae8a19645714

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          dd98d6fa7d943604914b2e3b27e1f21a95f1fe1feb942dd6956e864da658f4fbd9d1d0cf775e79ceaae6a025aafd4e633763389c37034134bd5245969bec383e

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.6MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          11486d1d22eaacf01580e3e650f1da3f

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          a47a721efec08ade8456a6918c3de413a2f8c7a2

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          5e1b1daa9968ca19a58714617b7e691b6b6f34bfacaf0dcf4792c48888b1a5d3

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          5bd54e1c1308e04a769e089ab37bd9236ab97343b486b85a018f2c8ad060503c97e8bc51f911a63f9b96dd734eb7d21e0a5c447951246d972b05fafeef4633da

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          27543bab17420af611ccc3029db9465a

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          f0f96fd53f9695737a3fa6145bc5a6ce58227966

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          75530dc732f35cc796d19edd11ae6d6f6ef6499ddcf2e57307582b1c5299554c

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          a62c2dd60e1df309ec1bb48ea85184914962ba83766f29d878569549ca20fca68f304f4494702d9e5f09adedc2166e48ee0bc1f4a5d9e245c5490daf15036bea

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          5c78384d8eb1f6cb8cb23d515cfe7c98

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          b732ab6c3fbf2ded8a4d6c8962554d119f59082e

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          9abd7f0aa942ee6b263cdc4b32a4110ddb95e43ad411190f0ea48c0064884564

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          99324af5f8fb70a9d01f97d845a4c6999053d6567ba5b80830a843a1634b02eaf3c0c04ced924cf1b1be9b4d1dbbcb95538385f7f85ad84d3eaaa6dcdebcc8a6

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          3.2MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          5119e350591269f44f732b470024bb7c

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          4ccd48e4c6ba6e162d1520760ee3063e93e2c014

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          2b3aa9642b291932ba7f9f3d85221402a9d27078f56ef0e9c6bca633616e3873

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          599b4ec673169d42a348d1117737b4ad4d7539574153df5a5c7689130c9ac5ff5cd00f3c8ec39adf32ff2b56be074081efcabb6456272c649703c3ea6cdaded4

                                                                                                                                                                                                                                                                                        • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          a5d9eaa7d52bffc494a5f58203c6c1b5

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          97928ba7b61b46a1a77a38445679d040ffca7cc8

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          34b8662d38e7d3d6394fa6c965d943d2c82ea06ba9d7a0af4f8e0571fb5a9c48

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          b6fdc8389bb4d736d608600469be6a4b0452aa3ea082f9a0791022a14c02b8fb7dcd62df133b0518e91283094eaba2be9318316f72d2c4aae6286d3e8686e787

                                                                                                                                                                                                                                                                                        • C:\PROGRA~3\PACKAG~1\{EF5AF~1\WINDOW~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          650KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          72d0addae57f28c993b319bfafa190ac

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          8082ad7a004a399f0edbf447425f6a0f6c772ff3

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          671be498af4e13872784eeae4bae2e462dfac62d51d7057b2b3bebff511b7d18

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          98bcde1133edbff713aa43b944dceb5dae20a9cbdf8009f5b758da20ccfbcdf6d617f609a7094aa52a514373f6695b0fd43c3d601538483816cd08832edd15ab

                                                                                                                                                                                                                                                                                        • C:\ProgramData\Synaptics\RCX7F42.tmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          753KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          02897faa98bb7b124155dc43b1504d57

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          a09167f95ca0327fceaebae3438d244baeaecbe8

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          610c75b1ae3062f4896bf0fb822036de8d04402fc4267955aec1d1d04993743d

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          05f48e90a5eb7c00b78c659a95925a31a534c55bd38f8b62c854c6266390036ee934f6d9f11ac32a7be476875d52a3e7a9562f3f8f3e31fa8bc2addee78a1c0e

                                                                                                                                                                                                                                                                                        • C:\Users\ALLUSE~1\Adobe\Setup\{AC76B~1\setup.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          534KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          8a403bc371b84920c641afa3cf9fef2f

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          d6c9d38f3e571b54132dd7ee31a169c683abfd63

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          614a701b90739e7dbf66b14fbdb6854394290030cc87bbcb3f47e1c45d1f06c3

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          b376ef1f49b793a8cd8b7af587f538cf87cb2fffa70fc144e1d1b7e2e8e365ba4ad0568321a0b1c04e69b4b8b694d77e812597a66be1c59eda626cbf132e2c72

                                                                                                                                                                                                                                                                                        • C:\Users\ALLUSE~1\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          6.7MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          63dc05e27a0b43bf25f151751b481b8c

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          b20321483dac62bce0aa0cef1d193d247747e189

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          7d607fb69c69a72a5bf4305599279f46318312ce1082b6a34ac9100b8c7762ce

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          374d705704d456cc5f9f79b7f465f6ec7c775dc43001c840e9d6efbbdef20926ed1fa97f8a9b1e73161e17f72520b96c05fa58ac86b3945208b405f9166e7ba3

                                                                                                                                                                                                                                                                                        • C:\Users\ALLUSE~1\PACKAG~1\{33D1F~1\VCREDI~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          485KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          86749cd13537a694795be5d87ef7106d

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          538030845680a8be8219618daee29e368dc1e06c

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          8c35dcc975a5c7c687686a3970306452476d17a89787bc5bd3bf21b9de0d36a5

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          7b6ae20515fb6b13701df422cbb0844d26c8a98087b2758427781f0bf11eb9ec5da029096e42960bf99ddd3d4f817db6e29ac172039110df6ea92547d331db4c

                                                                                                                                                                                                                                                                                        • C:\Users\ALLUSE~1\PACKAG~1\{4D8DC~1\VC_RED~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          674KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          97510a7d9bf0811a6ea89fad85a9f3f3

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          2ac0c49b66a92789be65580a38ae9798237711db

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          c48abbc29405559e68cc9f8fc6d218aa317a9d0023839c7846ca509c1f563fea

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          2a93e2a3bd187fdde160f87ef777ccd1d1c398d547b7c869e6b64469b9418ad04d887cdfe94af7407476377bf2d009f576de3935c025b7aefbab26fbcd8f90fb

                                                                                                                                                                                                                                                                                        • C:\Users\ALLUSE~1\PACKAG~1\{57A73~1\VC_RED~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          674KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          9c10a5ec52c145d340df7eafdb69c478

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          57f3d99e41d123ad5f185fc21454367a7285db42

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          ccf37e88447a7afdb0ba4351b8c5606dbb05b984fb133194d71bcc00d7be4e36

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          2704cfd1a708bfca6db7c52467d3abf0b09313db0cdd1ea8e5d48504c8240c4bf24e677f17c5df9e3ac1f6a678e0328e73e951dc4481f35027cb03b2966dc38f

                                                                                                                                                                                                                                                                                        • C:\Users\ALLUSE~1\PACKAG~1\{61087~1\VCREDI~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          495KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          9597098cfbc45fae685d9480d135ed13

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          84401f03a7942a7e4fcd26e4414b227edd9b0f09

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          45966655baaed42df92cd6d8094b4172c0e7a0320528b59cf63fca7c25d66e9c

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          16afbdffe4b4b2e54b4cc96fe74e49ca367dea50752321ddf334756519812ba8ce147ef5459e421dc42e103bc3456aab1d185588cc86b35fa2315ac86b2a0164

                                                                                                                                                                                                                                                                                        • C:\Users\ALLUSE~1\PACKAG~1\{D87AE~1\WINDOW~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          650KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          2f826daacb184077b67aad3fe30e3413

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          981d415fe70414aaac3a11024e65ae2e949aced8

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          a6180f0aa9c56c32e71fe8dc150131177e4036a5a2111d0f3ec3c341fd813222

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          2a6d9bdf4b7be9b766008e522cbb2c21921ba55d84dfde653ca977f70639e342a9d5548768de29ae2a85031c11dac2ae4b3c76b9136c020a6e7c9a9a5879caeb

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\MICROS~1\OneDrive\181510~1.001\FILESY~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          293KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          f3228c24035b3f54f78bb4fd11c36aeb

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          2fe73d1f64575bc4abf1d47a9dddfe7e2d9c9cbb

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          d2767c9c52835f19f6695c604081bf03cdd772a3731cd2e320d9db5e477d8af7

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          b526c63338d9167060bc40ffa1d13a8c2e871f46680cd4a0efc2333d9f15bf21ae75af45f8932de857678c5bf785011a28862ce7879f4bffdb9753c8bc2c19b5

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          918KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          1f2d31de738d923eb7d41f0c98706b8c

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          d1ea22a446f9a72727c4fbfd8f4efa9ce8d9d9fe

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          297ecec2de8c1a5ceb6c282122b399a71e9afdbd2bbe8a64221016f0537eedc6

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          6e1e79cb9a62f800a789eaabedd089838253c546b72b1caec483160a515637723778a6039847dfb8083d795def49216f7ba9cdd3ddc4abb73938dd0a3ee19929

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache_c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          e55c49f2a991537646875937ca47effb

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          7663b801a90a0458f5340735c4495a2d5ad0bd05

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          d5883da8a53b0072eb6a2b85e8227f6d16639eaca1167cc5e240e616d18bbe00

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          48560369845c5b3315de8e0c5821aee9ce97b3ec8c712c699f37c9294cfabb8a23f2d969a05a3b40a431d187ee836cddb259b367805b297ed7742cb410181ef0

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\._cache__CACHE~1.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          878KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          a8469ddf986bcb4f537fc485c54f978b

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          0702f0ae7439eb364529ecfc20b02bd29d6ceaa9

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          0bfc09be218031d20af69113ae93f523b3c36e5433f17b930ad5855ed8a0bc19

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          e8ba54557042264e86a4bc7523981db7d9bb87a6afadc9a7423f9e1b7180839c0392b3a6fc6da0ed424b4d09bd45654cc5a422598458664dd14f8df4c5835817

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\._cache__CACHE~3.EXE
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          84KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          bb9748e58595512b974386181b330fe0

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          47abc7936f5b02d3c74d17df409d202f1302568b

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          d44ba366ff01efc1f2a288ff461cde52020d1c9549f0c4aa5e9bdd560e902b5e

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          210d734d2638c4cf1d4818f68d1fd0436828279c438c89968a42617424ca980cee742dc3c943a607c02c951920044bdc69a3056f7895723a8fe890214f161b0a

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.6MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          e930adc587d1844dfeba862f8e2400ce

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          8cb7df27da77b1144478333701e2f58460d70e13

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          626978116cd621e2bde6915f8e04883bf2aaa925eeb724ea6587e94d119245df

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          b07ef9c7fa33f587a57b7733bb774d53e986e8e2bd28496f28c89541500e0e24b8e98ccbff7082f0bf1e5bc3d7b8991cacd2269c75057be38cb6002ad0885a97

                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\c1779426d93c21f8a8225ae0771a41c0_NeikiAnalytics.exe
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          2f80797c60331299f3d30144650ed45b

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          707e60c90ea8defb5b52398abd3ce51a6f65cea1

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          3f10b6b47789e3eff7b0f9b6e121fb9aa3e2b93786b891b01e1f23ad60d06f15

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          a9257e4a83270e515c751e59966efea2fbd9de0d2585abf5f375a49512392593b9610e19d409bd29c015eeabb1c7cf687ceff6160ba0c3a984d9b7db5b1910f7

                                                                                                                                                                                                                                                                                        • C:\Windows\directx.sys
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          57B

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          8e4bd9619c227ef2bc20a2cb2aa55e7b

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          a6214b7678b83c4db74b210625b4812300df3a74

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          84ba3f2b07e112efaff6ee034b84db960521db9e504a4ac77a5e8e5e988d86d9

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          12a6a559b89441983e9aab70f0ea17dc790bc48c7938dd573c888e33811db8fb210539ebebaa6c8f5c04971d72d037be6603de15ea3a1ffc0f5ea3dd5132b4bf

                                                                                                                                                                                                                                                                                        • C:\Windows\directx.sys
                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                                                                        • C:\Windows\directx.sys
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          57B

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          b42f2603883dadf133cee3ae5d767bb2

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          dc4161551044405353e870b029afff27c8030e22

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          998e1546bc98d29ffccb70e81ed00a01f3dbd3015e947d1aabca4cb01775ce28

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          a4c33c9b87f84b4aba84ecf8b0b2d8a90703ef8523f1d057824196e584451072ab5bbc96e0c95a319baaffd16ba7a26f940fec2e28e9228e1275c87fb061c02d

                                                                                                                                                                                                                                                                                        • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          40KB

                                                                                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                                                                                          795dec5bafd15c555abfede51795b91b

                                                                                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                                                                                          f16953ae5c96220776d37b971ba00a191c4b083c

                                                                                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                                                                                          d0e01f71c109b1c9ab478d5da4e1dd393d524aabfb4bfabedcc8940d70a41e2a

                                                                                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                                                                                          37484352af113d6a874f0a32ada106589e789b0784400004c973915601abe5d0fb3f42a52711bd4259d03468f2ffa89c3a849d89575464d3aef079f656c4e6d8

                                                                                                                                                                                                                                                                                        • memory/240-846-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/240-379-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/408-272-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/428-955-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/540-375-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/632-120-0x0000000000400000-0x000000000066E000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                                                                                        • memory/632-12-0x00000000023D0000-0x00000000023D1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                                                                                        • memory/652-1040-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/876-815-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/1080-827-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1420-571-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1508-746-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1540-826-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1552-855-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1684-569-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/1792-561-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1800-633-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1856-1033-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1880-843-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/1988-664-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2036-943-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/2084-535-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2084-741-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/2140-749-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/2228-857-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2232-654-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2244-560-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2252-737-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/2276-346-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2296-498-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/2320-854-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/2324-151-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2344-1046-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2468-745-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2668-844-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/2812-670-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/2812-936-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/3036-376-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/3056-853-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/3084-663-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/3196-570-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/3276-433-0x0000000000400000-0x000000000066E000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                                                                                        • memory/3520-1032-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/3524-938-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/3580-642-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/3592-828-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/3632-944-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/3736-742-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/3760-507-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/3764-632-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/3944-744-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/4184-537-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/4264-937-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/4268-728-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/4384-1031-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/4584-743-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/4604-646-0x0000000000400000-0x00000000005A8000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          1.7MB

                                                                                                                                                                                                                                                                                        • memory/4712-856-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/4744-1029-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/4916-536-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/4952-563-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/5004-528-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          108KB

                                                                                                                                                                                                                                                                                        • memory/5052-1038-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/5056-545-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB

                                                                                                                                                                                                                                                                                        • memory/5116-1047-0x0000000000400000-0x00000000004E1000-memory.dmp
                                                                                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                                                                                          900KB